【单选题】
Within an 802. 1x-enabled network with the auth Fail feature configured, when does a switch port get placed into a restricted VLAN?___
A. When a conected client fails to authenticate after a certain number of attempts.
B. if a connected client does not support 802. 1x
C. when AAA new-model is ena bled
D. after a connected client exceeds a specified idle time
E. when 802. 1x is not globally enabled on the Cisco Catalyst switch
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of attack does a proxy firewall protect against ?___
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks
【单选题】
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?___
A. It requests the administrator to choose between erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device pin or password before proceeding with the operation
C. It notifies the device user and proceeds with the erase operation
D. It immediately erases all data on the device
【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
推荐试题
【多选题】
保持香港、澳门长期繁荣稳定,必须全面准确贯彻___的方针。
A. “一国两制”
B. “港人治港”
C. “澳人治澳”
D. 高度自治
【多选题】
世界正处于大发展大变革大调整时期,和平与发展仍然是时代主题,___深入发展。
A. 世界多极化
B. 经济全球化
C. 社会信息化
D. 文化多样化
【多选题】
积极促进“一带一路”国际合作,努力实现政策沟通、设施联通、___,打造国际合作新平台,增添共同发展新动力。
A. 人员互通
B. 贸易畅通
C. 资金融通
D. 民心相通
【多选题】
十八大以来,国防和军队改革取得历史性突破,实现了人民军队___,提高了国防和军队现代化建设水平。
A. 政治生态重塑
B. 组织形态重塑
C. 力量体系重塑
D. 作风形象重塑
【多选题】
习近平强调,从严治警一刻都不能放松。要坚持政治建警、全面从严治警,着力锻造一支有___的公安铁军。
A. 铁一般的理想信念
B. 铁一般的责任担当
C. 铁一般的过硬本领
D. 铁一般的纪律作风
【多选题】
青年兴则国家兴,青年强则国家强。青年一代___,国家就有前途,民族就有希望。
A. 有能耐
B. 有理想
C. 有本领
D. 有担当
【多选题】
全党全国各族人民要紧密团结在党中央周围,高举中国特色社会主义伟大旗帜,锐意进取,埋头苦干,为实现___三大历史任务,为实现中华民族伟大复兴的中国梦继续奋斗!
A. 推进现代化建设
B. 实现人民对美好生活的向往
C. 完成祖国统一
D. 维护世界和平与促进共同发展
【多选题】
监督执纪的“四种形态”是指___。
A. 经常开展批评和自我批评、约谈函询,让“红红脸、出出汗”成为常态
B. 纪轻处分、组织调整成为违纪处理的大多数
C. 党纪重处分、重大职务调整的成为少数
D. 严重违纪涉嫌违法立案审查的成为极少数
【多选题】
邓小平同志指出,在中国这样的大国,要把几亿人口的思想和力量统一起来建设社会主义,没有一个具有高度___的党员组成的能够真正代表和团结人民群众的党,没有这样一个党的统一领导,是不可能设想的,那就只会四分五裂,一事无成。
A. 觉悟性
B. 自发性
C. 纪律性
D. 自我牺牲精神
【多选题】
坚决打好___三大攻坚战,推动经济社会持续健康发展,确保决胜全面建成小康社会完美收官。
A. 防范化解重大风险
B. 精准脱贫
C. 全面小康
D. 污染防治
【多选题】
新中国成立以来,我们党团结带领人民___,完成了中华民族有史以来最为广泛深刻的社会变革,实现了中华民族由近代不断衰落到根本扭转命运、持续走向繁荣富强的伟大飞跃。
A. 打黑除恶
B. 完成社会主义革命
C. 确立社会主义基本制度
D. 推进社会主义建设
【多选题】
十八大以来,我们党创造性地提出了牢牢把握意识形态工作的___,意识形态领域一度被动的局面得到了根本扭转。
A. 否决权
B. 领导权
C. 管理权
D. 话语权
【多选题】
加强公安队伍“四化”建设指的是革命化、___。
A. 现代化
B. 正规化
C. 职业化
D. 专业化
【多选题】
涉密载体包括密件和密品两种,按介质类型可分为___涉密载体、( )涉密载体、( )涉密载体、半导体介质涉密载体等。( )
A. 纸介质
B. 磁介质
C. 光介质
D. 声介质
【多选题】
新时代公安保密工作面临的形势包括___。
A. 工作环境复杂,保密斗争激烈
B. 执法公开透明,保密难度加大
C. 加密技术发达,保密流程简化
D. 信息技术提高,保密形势严峻
【多选题】
下列符合警务人员的言谈礼仪的是___。
A. 尊重他人,礼貌待人
B. 态度和蔼,讲究艺术
C. 善于倾听,保持距离
D. 拉近距离,称兄道弟
【多选题】
根据我国国家秘密的密级规定,警务工作秘密分为___三个等级。
A. “绝密”
B. “机密”
C. 保密
D. “秘密”
【多选题】
我们党是代表最广大人民利益的政党,一切工作的成败得失必然要由人民群众来检验,以人民___ 作为根本标准。
A. 拥护不拥护
B. 赞成不赞成
C. 高兴不高兴
D. 答应不答应
【判断题】
习近平指出,这次组建国家移民管理局,都是考虑了解决当前最突出的问题,也考虑了顺应形势发展需要。这是立足于党和国家事业全局做出的部署,既着眼于解决当前突出矛盾和问题,又为一些战略目标预置措施,以适应党和国家事业长远发展要求
【判断题】
在今年的全国公安厅局长会议上,国务委员、公安部部长赵克志分析了今年公安工作面临的形势后指出,为新中国成立60周年创造安全稳定的政治社会环境,是党和人民交给公安机关的重大政治任务
【判断题】
拒敌于境外、俘敌于前沿,这是就是国家移民管理局第一道防线的意义所在。国家移民管理局把维护口岸安全、边境安全摆上突出位置,投入最大精力、最优资源,不断增强对敌斗争能力、提高对敌斗争水平
【判断题】
移民管理是国家安全的第一道屏障、边境稳定的第一道防线
【判断题】
许甘露强调,要破除现役制和职业制的门户之见,坚决戒除唯老乡关系、唯战友关系、唯老同事、老同学关系的陋习,全方位融合成一个血脉相通的整体,爱集体,讲团结,坚决防止和反对宗派主义、圈子文化、码头文化,大家拧成一股绳,汇集力量,共创未来
【判断题】
习近平总指出,在道路、方向、立场等重大原则问题上,旗帜要鲜明,态度要明确,不能有丝毫含糊。他反复强调,在政治制度模式上,我们就是要咬定青山不放松,任尔东西南北风
【判断题】
“一国两制”是中国的一个伟大创举。在统一的国家之内,国家主体实行社会主义制度,个别地区依法实行资本主义制度,这在过往的人类政治实践中还从未有过
【判断题】
网络安全已经成为我国面临的最复杂、最现实、最严峻的非传统安全问题之一
【判断题】
推动形成绿色发展方式和生活方式,是发展观的一场深刻革命
【判断题】
马克思指出,我们不要过分陶醉于我们人类对自然界的胜利。对于每一次这样的胜利,自然界都对我们进行报复
【判断题】
我国实行的是社会主义市场经济体制,仍然要坚持发挥社会主义制度的优越性、发挥党和政府的积极作用
【判断题】
美国巨额贸易逆差并非因中国而生,也不会因中国而终。过度消费、储蓄不足、巨额财政赤字是美国贸易逆差形成的根本原因
【判断题】
美国也利用美元作为国际贸易主要支付手段和储备货币的地位,借助不断扩大的贸易逆差,通过美元回流购买美国国债获得大量廉价资本,用于高科技等领域投资,成为经济全球化的最大受益者
【判断题】
多年来,当多国央行都忙于抑制通胀水平时,美国通胀水平始终维持在2%的目标值以下。正是中美贸易让质优价廉的中国商品走进美国千家万户,增加了美国消费者的福祉
【判断题】
民心是最大的政治,要把凝聚民心作为意识形态工作的出发点和落脚点,坚持以人民为中心的工作导向,为党的中心工作服务,为维护最广大人民根本利益服务
【判断题】
现在国际舆论格局总体是西强我弱,我们往往有理说不出,或者说了传不开,这表明我国发展优势和综合实力还没有转化为话语优势
【判断题】
“三去一降一补”即去产能、去库存、去杠杆、降成本、补短板五大任务
【判断题】
要紧盯涉黑涉恶重大案件、黑恶势力经济基础、背后“关系网”“保护伞”不放,在打防并举、标本兼治上下真功夫、细功夫,确保取得实效、长效
【判断题】
市场在资源配置中起决定性作用,并不是起全部作用,不是说政府就无所作为,而是必须坚持有所为、有所不为,着力提高宏观调控和科学管理水平
【判断题】
实体经济是一国经济的立身之本,是财富创造的根本源泉,是国家强盛的重要支柱
【判断题】
新旧动能转换成为世界经济复苏繁荣的关键
