【单选题】
Which statement about zone-based firewall configuration is true?___
A. You can assign an interface to more than one zone
B. Traffic is implicitly denied by de fault between interfaces in the same zone
C. The zone must be configured before it can be a ssigned
D. Traffic that is destined to or sourced from the Self zone is de nied by default
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit line in this configuration prevents the help Desk user from modifying the interface configuration.___
A. Privilege exec level 10 interface
B. Privilege exec level 9 configure terminal
C. Privilege exec level 7 show start-up
D. Username HelpDesk privilege 6 password help
【单选题】
You have been tasked with blocking user access to websites that violate company policy, but the sites use dynamic IP addresses. What is the best practice for URl filtering to solve the problem?___
A. Enable URL filtering and use URL categorization to block the we bsites that violate company
B. Enable URL filtering and create a blacklist to block the websites that violate company policy
C. Enable URL filtering and create a whitelist to block the websites that violate company policy
D.
E. nable URL filtering and use URL categorization to allow only the websites that company policy allows users to access.
【单选题】
Within an 802. 1x-enabled network with the auth Fail feature configured, when does a switch port get placed into a restricted VLAN?___
A. When a conected client fails to authenticate after a certain number of attempts.
B. if a connected client does not support 802. 1x
C. when AAA new-model is ena bled
D. after a connected client exceeds a specified idle time
E. when 802. 1x is not globally enabled on the Cisco Catalyst switch
【单选题】
Which type of attack does a proxy firewall protect against ?___
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks
【单选题】
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?___
A. It requests the administrator to choose between erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device pin or password before proceeding with the operation
C. It notifies the device user and proceeds with the erase operation
D. It immediately erases all data on the device
【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
推荐试题
【单选题】
在抗击外国侵略的战争中,为国捐躯的爱国官兵有①、关天培②、陈化成③、邓世昌④、林永升⑤、海龄___
A. ①②③④
B. ①②③④⑤
C. ①②④⑤
D. ①②③⑤
【单选题】
从 19 世纪 60 年代到 90 年代,洋务派举办的洋务事业有①、兴办军用企业②、建立新式海军③、创办新式学堂 ④、派遣留学生⑤、兴办民用企业___
A. ①②③④⑤
B. ②③④⑤
C. ①③④⑤
D. ①②③⑤
【单选题】
下列 对太平天国评价正确的是①、是伟大的反帝反封建的农民革命②、代表了中国农民战争的最高水平③、沉重打击了中外反动势力 ④ 、提出了学习西方发展资本主义的方案___
A. ①②③④
B. ①②
C. ①②③
D. ②③④
【单选题】
天京变乱爆发的原因有①、清政府对革命阵营内部的渗透 ②、太平天国军事失势在政治上的反映 ③、领导集团内部矛盾的激化 ④、小生产者的阶级局限性造成的 ⑤、根深蒂固的封建帝王思想的影响___
A. ①③④⑤
B. ①②⑤
C. ①②③⑤
D. ②③④⑤
【单选题】
下列关于延安整风的表述,正确的是①.在思想上清算了“左”的和右的错误 ②.是马克思主义思想教育运动 ③.确立毛泽东思想为全党的指导思想 ④.为新民主主义革命在全国的胜利奠定了思想基础 ⑤.提高了广大党员的思想理论水平,增强了党的凝聚力和战斗力___
A. ①②⑤
B. ①②④⑤
C. ②③④
D. ①②③④⑤
【单选题】
整风运动的主要内容是:①.整顿学风 ②.整顿党风 ③.整顿文风 ④.整顿浮夸风 ⑤ .整顿贪腐风___
A. ①②⑤
B. ①②④⑤
C. ②③④
D. ①②③
【单选题】
毛泽东在 << 论持久战 >> 中认为抗日战争最后胜利一定属于中国的原因是①.中国是大国, 地大物博 ②.日本是小国, 经不起长期战争 ③.中国在国际上得道多助 ④.日本发动的是退步的、野蛮的侵略战争 ⑤ .中国共产党及其领导的抗日根据地和人民军队的存在___
A. ①②⑤
B. ①②④⑤
C. ②③④
D. ①②③④⑤
【单选题】
下列有关皖南事变的表述,正确的是① .它是国民党顽固派破坏抗战的行为 ②.英美支持国民党发动 ③.中国共产党坚决回击顽固派的进攻 ④.抗日民族统一战线由此完全破裂 ⑤ .新四军军部及所属部队损失惨重___
A. ①③⑤
B. ①②④
C. ①②③④⑤
D. ②③④⑤
【单选题】
在对资本主义工商业进行社会主义改造过程中,当个别企业公私合营后,企业的利润实行___
A. 归国家所有
B. 归企业所有
C. 用于工人的工资
D. 四马分肥
【单选题】
1956年1月,中共中央召开关于知识分子问题会议,动员全党和全国人民___
A. “实现教育的现代化”
B. “攀登科学技术高峰”
C. “向科学进军”
D. “实现科学技术的现代化”
【单选题】
毛泽东在《论十大关系》中提出的中国社会主义建设的基本方针是。___
A. 不要四面出击
B. 调整、巩固、充实、提高
C. 积极引导,稳步前进
D. 调动一切积极因素为社会主义事业服务
【单选题】
1975年着手对各方面工作进行整顿的是___
A. 周恩来
B. 叶剑英
C. 邓小平
D. 华国锋
【单选题】
作出《关于恢复邓小平同志职务的决议》的会议是中共十届___
A. 三中全会
B. 四中全会
C. 五中全会
D. 六中全会
【单选题】
江泽民在庆祝中国共产党成立80周年大会上系统阐述了___
A. 邓小平理论的科学体系
B. 加强执政党建设的思想
C. “三个代表”重要思想
D. 中国特色社会主义理论体系
【单选题】
1978年12月中共十一届三中全会以来改革开放新时期的最鲜明的特点是___
A. 改革开放
B. 快速发展
C. 以人为本
D. 与时俱进
【单选题】
资本主义经济的发展突出表现在工业革命的发生上。工业革命首先发生在英国的___
A. 机器制造业
B. 纺织业
C. 冶铁业
D. 采掘业
【单选题】
规定将总理衙门改为外务部并“班列六部之前”的不平等条约是___
A. 《辛丑条约》
B. 《马关条约》
C. 《北京条约》
D. 《南京条约》
【单选题】
提出“师夷长技以制夷”的思想的是___
A. 林则徐
B. 严复
C. 魏源
D. 康有为
【单选题】
太平天国后期,由洪仁玕提出的带有鲜明资本主义色彩的改革与建设方案是___
A. 《原道觉世训》
B. 《原道救世歌》
C. 《天朝田亩制度》
D. 《资政新篇》
【单选题】
19世纪60年代,面对内忧外患,封建统治阶级中的部分成员如奕 、曾国藩、李鸿章、左宗棠、张之洞等,以“自强”、“求富”为目标,主张学习西方的武器装备和科学技术,这些官员被称为___
A. 地主阶级改革派
B. 洋务派
C. 维新派
D. 顽固派
【单选题】
1898年,写《劝学篇》,宣扬“中学为体、西学为用”的思想的洋务派官僚是___
A. 李鸿章
B. 张之洞
C. 左宗棠
D. 刘坤一
【单选题】
1905年11月,孙中山将同盟会纲领概括为民族、民权、民生三大主义的文章是___
A. 《猛回头》
B. 《革命军》
C. 《警世钟》
D. 《民报》发刊词
【单选题】
标志着以慈禧太后为首的清政府已彻底放弃了抵抗外国侵略者的念头,甘为“洋人的朝廷”的不平等条约是___
A. 《南京条约》
B. 《北京条约》
C. 《马关条约》
D. 《辛丑条约》
【单选题】
1912年3月,南京临时参议院颁布了中国历史上第一部具有资产阶级共和国宪法性质的法典。它是___
A. 《中华民国约法》
B. 《中华民国法典》
C. 《中华民国临时约法》
D. 《中华民国暂行约法》
【单选题】
1920年,中国最早的共产党组织建立于___
【单选题】
新三民主义和中共在民主革命时期的纲领___
A. 在基本原则上是一致的
B. 在基本原则上是不一致的
C. 在基本原则上是完全一致的
D. 在基本原则上是完全不一致的
【单选题】
中国共产党从理论上初步说明无产阶级领导权和工农联盟的会议是___
A. 中共二大
B. 西湖会议
C. 中共一大
D. 中共四大
【单选题】
毛泽东指出“以后要非常注意军事,须知政权是由枪杆子中取得的。”是在___
A. 八七会议
B. 中共六大
C. 中共五大
D. 古田会议
【单选题】
将“没收一切土地”改为“没收一切公共土地及地主阶级的土地”的法规是___
A. 井冈山土地法
B. 兴国土地法
C. 中国土地法大纲
D. 土地问题决议案
【单选题】
1935年1月15日至17日,中共中央政治局在遵义召开扩大会议,会议着力解决了___
A. 党的政治路线问题
B. 红军的前进方向问题
C. 当时具有决定意义的军事和组织问题
D. 土地革命的政策问题
【单选题】
1933年5月成立的察哈尔民众抗日同盟军,其主要领导人是___
A. 冯玉祥、吉鸿昌
B. 冯玉祥、董振堂
C. 赵博生、董振堂
D. 蔡廷锴、蒋光鼐
【单选题】
抗日战争进人相持阶段后,日本帝国主义对国民政府采取的策略是___
A. 以军事打击为主,政治诱降为辅
B. 以政治诱降为主,军事打击为辅
C. 军事打击和政治诱降并重
D. 速战速决,武力征服
【单选题】
中国共产党历史上第一个开展自然科学教学与研究的专门机构是___
A. 中国人民抗日军政大学
B. 陕北公学
C. 鲁迅艺术学院
D. 延安自然科学院
【单选题】
1946年2月10E[,国民党特务政破坏“庆祝政协成功大会”,致李公朴、郭沫若、马寅初及新闻记者等多人被打伤,史称___
A. 下关惨案
B. 较场口惨案
C. “一二.一"惨案
D. 李闻惨案
【单选题】
解放战争时期,1947年6月底,刘邓大军挺进大别山,揭开了___
A. 战略进攻的序幕
B. 战略决战的序幕
C. 战略防御的序幕
D. 战略相持的序幕
【单选题】
1947年10月,被国民党当局宣布为“非法团体”的是___
A. 中国国民党革命委员会
B. 中国民主同盟
C. 中国民主建国会
D. 中国民主促进会
【单选题】
新中国成立初期,各解放区建立的过渡性临时政权形式是___
A. 军事管制委员会
B. 各界人民代表会议
C. 各界人民代表大会
D. 各级人民政府
【单选题】
在中共七届三中全会上作了《为争取国家财政经济状况的基本好转而斗争》报告的是___
A. 刘少奇
B. 陈云
C. 周恩来
D. 毛泽东
【单选题】
鸦片战争前中国封建社会的主要矛盾是___
A. 地主阶级和农民阶级的矛盾
B. 帝国主义和中华民族的矛盾
C. 资产阶级和工人阶级的矛盾
D. 封建主义和资本主义的矛盾
【单选题】
中国封建社会产生过诸多“盛世”,出现在清代的是___
A. 文景之治
B. 贞观之治
C. 开元之治
D. 康乾盛世