【单选题】
Within an 802. 1x-enabled network with the auth Fail feature configured, when does a switch port get placed into a restricted VLAN?___
A. When a conected client fails to authenticate after a certain number of attempts.
B. if a connected client does not support 802. 1x
C. when AAA new-model is ena bled
D. after a connected client exceeds a specified idle time
E. when 802. 1x is not globally enabled on the Cisco Catalyst switch
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of attack does a proxy firewall protect against ?___
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks
【单选题】
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?___
A. It requests the administrator to choose between erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device pin or password before proceeding with the operation
C. It notifies the device user and proceeds with the erase operation
D. It immediately erases all data on the device
【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
推荐试题
【单选题】
( )是两岸关系的政治基础
A. 九二共识
B. 反对“台独”
C. 一个中国原则
D. 和平统一
【单选题】
我党面临的四个危险,指的是( )
A. 精神懈怠,危险能力不足,危险脱离群众危险,消极腐败危险
B. 精神懈怠,危险封闭僵化,危险脱离群众危险,消极腐败危险
C. 精神懈怠,危险能力不足,危险官僚主义危险消极腐败危险
D. 精神懈怠,危险能力不足,危险脱离群众,危险腐化堕落危险
【单选题】
党的( )是党的根本性建设,决定党的建设方向和效果
A. 思想建设
B. 政治建设
C. 组织建设
D. 制度建设
【单选题】
增强党自我净化能力,根本靠强化( )和( )
A. 党的自我监督,舆论监督
B. 党的自我监督,群众监督
C. 党的自我监督,司法监督
D. 党的自我监督,民主监督
【单选题】
推进( ),建设覆盖纪检监察系统的检举举报平台,强化不敢腐的震慑,扎牢不能腐的笼子,增强不想腐的自觉,通过不懈努力换来海晏河清,朗朗乾坤
A. 监察局,国家立法
B. 预防腐败,国家立法
C. 反腐败国家立法
D. 廉政国家立法
【单选题】
勇于( ),从严管党治党是我们党最鲜明的品格
A. 自我革命
B. 自我批评
C. 改革创新
D. 创新理论
【单选题】
党的19大于( )召开
A. 2017年10月17日
B. 2017年10月18日
C. 2017年11月17日
D. 2017年11月18日
【单选题】
当前我军面临的两大历史性课题是( )
A. 机械化,信息化
B. 打得赢不变质
C. 打赢能力信息化建设
D. 自身建设打赢能力
【单选题】
增强党自我净化能力,根本靠强化( )和( )
A. 党的自我监督,舆论监督
B. 党的自我监督,群众监督
C. 党的自我监督,司法监督
D. 党的自我监督,民主监督
【单选题】
在坚持党对军队绝对领导一整套制度体系中,( )是党指挥枪原则落地生根的坚实基础
A. 军委主席负责制
B. 党委致政治委员制,政治机关制
C. 党委统一的集体领导下的首长分工制度
D. 支部建在连上
【单选题】
( )得看齐是最根本的看齐
A. 思想上
B. 政治上
C. 行动上
D. 标准上全面深入贯彻
【单选题】
( )是全面深入贯彻军委主席负责制的重要保障
A. 依法从严治军,严格落实条例
B. 强化法治信仰,严格遵守法律
C. 加强法制约束,严格落实制度
D. 加强法制约束,严格依法治军
【单选题】
党在新形势下的强军目标是( )
A. 实现两个100年奋斗目标
B. 全面实现军队三化
C. 建设一支听党指挥,能打胜仗,作风优良的人民军队
D. 实现强军梦
【单选题】
习主席在对陆军的训词中指出,要努力建设一支强大的( )新型陆军
A. 正规化
B. 纪律化
C. 成熟化
D. 现代化
【单选题】
军队抓作风建设,最重要的是聚焦能打仗,打胜仗贯彻和体现( )这个唯一的根本的标准
A. 战斗力
B. 装备水平
C. 政治思想
D. 能打胜仗
【单选题】
习近平指出,要加强部队自身建设,始终保持部队高度集中统一和纯洁巩固,要贯彻依法治军( )方针强化部队管理,确保部队自身安全稳定
A. 从严治军
B. 科技强军
C. 人才强军
D. 政治建军
【单选题】
确保党对军队绝对领导是军队党的建设( )也是检验军队党的建设的根本标准
A. 主要内容
B. 根本目的
C. 根本任务
D. 重要内容
【单选题】
习主席指出,我军人民军队的性质永远不能变,老红军的传统永远不能丢( )的政治本色永远不能改
A. 团结群众
B. 服务人民
C. 艰苦奋斗
D. 勤俭节约
【单选题】
军人着军服时通常行( )
A. 举手礼
B. 注目礼
C. 举枪礼
D. 鞠躬礼
【单选题】
军人听到首长和上级呼唤自己时,应当立即答( )
【单选题】
卫兵交接班时应当( )
A. 交班人员向接班人员敬礼
B. 接班人员向交班人员敬礼
C. 互相敬礼
D. 互不敬礼
【单选题】
以下军人不敬礼的时机和场合是( )
A. 机房工作时
B. 队列训练时
C. 互相不认识时
D. 携带武器装备时
【单选题】
奏唱国歌时,在场的军人应当( )
A. 自行立正
B. 自行稍息
C. 自行跨立
D. 随节奏踏步
【单选题】
当驻地无警备工作领导机构时,季节换装的时间和要求通常由( )统一规定
A. 师旅以上单位
B. 军师以上单位
C. 团以上单位
D. 营以上单位
【单选题】
在营区外着夏常服时应当( )
A. 系领带
B. 带夏常服帽
C. 戴大檐帽
D. 扣紧领扣
【单选题】
着冬常服、常服大衣大衣需要带冬帽时,可以由( )及以上单位确定
A. 营
B. 团(营)
C. 旅(团)
D. 师(旅)
【单选题】
参加重大庆典活动,不可以在军服胸前适当位置佩戴( )
A. 勋章
B. 奖牌
C. 荣誉章
D. 纪念章
【单选题】
营级单位( )至少进行一次军容风纪检查
【单选题】
旅团及以上单位( )至少进行一次军容风纪检查
A. 每月
B. 每季度
C. 每半年
D. 每年
【单选题】
因集体活动超过熄灯时间( )的,部(分)队首长可以确定推迟吃起床时间
A. 15分钟
B. 60分钟
C. 90分钟
D. 30分钟
【单选题】
午休时间由( ),但不得私自外出,不得影响他人休息
A. 连队组织
B. 个人支配
C. 班里组织
D. 集体组织
【单选题】
连队集中驻防时的值日员,受( )领导
A. 连队值班员
B. 连队首长
C. 上级首长
D. 单位主官
【单选题】
营连级单位值班员交接班,通常组织( )一次
【单选题】
营、连级单位值班员交接班,由( )组织
A. 值班首长
B. 单位首长
C. 连队值班员
D. 士官长
【单选题】
连队值日员和其他专业值班值日的,交接班通常( )组织一次
【单选题】
值班部(分)队换班后,接班部队首长应当向( )报告
A. 上级首长
B. 本单位首长
C. 下级部门
D. 同级部门
【单选题】
卫兵分队队长受组织单位( )领导
A. 值班首长
B. 上级首长
C. 最高首长
D. 单位首长
