【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
【多选题】
Which two statements about host-based iPS solutions are true?___
A. It uses only signature-based polices
B. It can be deployed at the perimeter.
C. It can be have more restrictive policies than network-based IPS
D. it works with deployed firewall
E. It can generate alerts based on be havior at the de sto
推荐试题
【多选题】
不得在非涉密计算机中处理和储存的有___
A. 涉密的文件
B. 个人隐私文件
C. 涉密的图纸
D. 已解密的图纸
【多选题】
在口令设置中,属于易被破解口令的有___
A. 使用计算机的用户名(账号)作为口令
B. 使用自己或亲友的生日、电话作为口令
C. 使用常用英文单词作为口令
D. 使用数字、英文字母和特殊字符的混合组合
【多选题】
为预防计算机病毒的侵入与破坏,以下做法中有效的有___
A. 使用正版软件
B. 定期备份数据
C. 设置登陆口令
D. 安装防病毒软件
【多选题】
关于涉密计算机的使用,以下行为中错误的有___
A. 根据工作需要,可以安装摄像头
B. 可以安装FTP服务器端,面向系统用户提供涉密文档资料下载和上传
C. 在计算机上安装个人的硬盘,作为备份之用
D. 根据工作需要,可以使用个人U盘
【多选题】
涉密计算机禁止使用具有无线功能的外部设备,下列哪些属于具有无线功能的外部设备___
A. 无线键盘
B. 无线鼠标
C. 普通U盘
D. USB蓝牙适配器
E. USB无线网卡
F. 无线耳机
【多选题】
某单位用于拍摄涉密外场试验的数码相机存储卡,下列做法中正确的有___
A. 可借给个人使用
B. 应当列入台账的管理
C. 应当粘贴标识
D. 可以接入非涉密计算机
【多选题】
不能用来谈论国家秘密和传输涉密信息的工具和方式是___
A. 军线电话
B. 普通电话
C. 利用涉密信息系统建立的VOIP(语音电话)
D. 上网机
【多选题】
未经批准,禁止带入涉密会场中的设备和工具包括___
A. 具有录音功能的设备
B. 具有拍照功能的设备
C. 具有信息存储功能的设备
D. 具有摄像功能的手机
【多选题】
涉密计算机应当粘贴标识,下面符合要求的是___
A. 标识应当粘贴在显示器上的明显位置
B. 标识损毁应当及时更换
C. 标识不得自私修改、涂抹、擦除
D. 标识应注明涉密等级及责任人
【多选题】
涉密办公自动化设备的处理,不符合保密要求的有___
A. 将淘汰的一体式数字复印机转增给希望小学
B. 将淘汰的办公自动化设备处理给本单位人员
C. 将淘汰的办公自动化设备按单位规定履行报废审批程序
D. 将淘汰的办公自动化设备按相关规定销毁
【多选题】
涉密会议保密管理包括的内容有___
A. 会议场所管理
B. 参加会议人员范围控制
C. 会议的载体和设备管理
D. 会议音响设备管理
【多选题】
单位召开涉密会议应注意的是___
A. 应当在具备安全保密条件的场所召开
B. 重要涉密会议应当制定保密方案
C. 会议涉密载体发放、清退、保管和销毁应当制定人员负责,履行相关手续
D. 严格控制与会人员范围,对进入会场人员进行身份登记确认
【多选题】
新闻宣传管理的保密要求是___
A. 涉及武器装备科研生产事项的宣传报道,应当经单位业务主管部门保密审查
B. 需要报上级主管部门审批的,应当履行报批手续
C. 不得接受新闻媒体采访
D. 涉及涉密武器装备科研生产事项的参观、采访,应当按规定履行审批程序,提出保密要求
【多选题】
下列事项需要经过保密审查的是___
A. 军工产品参加展览
B. 涉密人员发表论文、著作或者接受采访
C. 军工单位发布科研生产或重大活动信息
D. 涉密单位内部新闻宣传
【多选题】
外场试验的保密管理事项是___
A. 数据交换和通信管理
B. 国家秘密载体和密品管理
C. 参试人员管理
D. 试验现场管理
【多选题】
分包涉密项目的保密要求是___
A. 应当选择具有相应保密资格的单位
B. 签订的合同中应当有保密条款或者签订保密协议
C. 保密资格单位的涉密信息系统集成等业务,从取得相关涉密资质的单位中选择
D. 监督检查保密条款或者保密协议执行情况
【多选题】
对外交流、合作和谈判等外事活动中保密管理要求是___
A. 应当明确保密事项
B. 应当采取相应的保密措施
C. 应当执行保密提醒制度
D. 应当制定保密方案
【判断题】
国家秘密是指关系国家的安全和利益,依照法定程序确定,在一定时间内只限一定范围的人员知悉的事项
【判断题】
一切国家机关、武装力量、政党、社会团体、企业事业单位和公民都有保守国家秘密的义务
【判断题】
单位可以把知悉国家秘密作为一种行政级别待遇,按照行政级别确定国家秘密知悉范围
【判断题】
国家秘密知悉范围内的机关、单位,其有关工作人员不在知悉范围内,但因工作需要知悉国家秘密的,应当经单位负责人批准
【判断题】
单位对所产生的国家秘密事项,应当按照保密事项范围的规定确定密级,同时确定保密期限和知悉范围
【判断题】
国家秘密变更后,原定密机关 、单位应及时在原国家秘密标志附近重新作出国家秘密标志,并书面通知知悉范围内的机关、单位和人员
【判断题】
涉密岗位是指在日常工作中产生、经营或者经常接触、知悉国家秘密事项的岗位
【判断题】
涉密人员在非涉密出版物上发表文章、著作,不得涉及国家秘密
【判断题】
涉密载体是指以文字、数据、符号、图形、图像、声音等方式记载国家秘密信息的纸介质、光介质、电磁介质等各类物品
【判断题】
制作涉密载体应当在符合保密要求的场所进行
【判断题】
涉密载体复制件应当加盖复制机关、单位戳记,并视同原件管理
【判断题】
绝密级涉密载体一般不得复制、摘录、引用、汇编、确有工作需要的,必须征得原定密机关、单位或者上级机关、单位同意
【判断题】
涉密载体可以通过普通邮政、快递等渠道传递
【判断题】
对涉密科研项目文件资料,包括过程文件、电子文档等涉密载体,要进行全面清理、完整归档,个人应根据工作需要自行妥善保管或者销毁
【判断题】
阅读和使用涉密载体应当在符合保密要求的办公场所进行
【判断题】
保密要害部门、部位办公场所在采取必要的措施后,仍需要对进入的工勤服务人员严格监督管理
【判断题】
专用手机可以随意带入保密要害部门、部位
【判断题】
未经批准,不得将带有录音、录像、拍照、信息存储功能的设备带入保密要害部门、部位
【判断题】
保密审查主要是对拟公开发布的信息是否涉及国家秘密进行审查,不需要对是否涉及工作秘密、商业秘密、个人隐私等进行甄别鉴定
【判断题】
在涉密科研项目结题阶段,要加强成果验收、奖项申报、专利申请等工作的保密管理
【判断题】
经严格审批,涉及敏感项目(如军工技术、军贸等)的驻外机构和企业可以雇佣外籍人员
【判断题】
任何组织和个人不得擅自对外提供国家秘密资料
【判断题】
党的纪律处分条例规定,泄露、扩散或者窃取党组织尚未公开事项或者其他应该保密的内容的 ,情节较重的,给予开除党籍处分
