【单选题】
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?___
A. It requests the administrator to choose between erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device pin or password before proceeding with the operation
C. It notifies the device user and proceeds with the erase operation
D. It immediately erases all data on the device
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
推荐试题
【判断题】
第653題:双重预防体系建设是作为落实企业主体责任的一项重要法律制度,推动安全生产关口前移的重要举措
【判断题】
第654题:双重预防体系与安全生产标准化管理体系是完全不同的两个安全管理体系
【判断题】
第655题:通过双重预防机制的建设,能够切实解决“想不到、管不到、治理不到问题
【判断题】
第656题:危化品企业开展安全生产标准化工作持续运行一年以上,方可申请安全生产标准化三级达标评审
【判断题】
第658题:参加应急预案评审人员与所评审预案的生产经营单位有利害关系的,可以参加
【判断题】
第659题:危险说明指分配给一个危险种类和类别的短语,用来描述一种危险产品的危险性质,在情况合适时还包括其危险程度
【判断题】
第660題:危险源辨识和风险评价后,应编制风险分级管控凊单,逐级汇总、评审、修订、审核、发布、培训、实现信息有效传递
【判断题】
第661题:危险源辨识是对危险源导致的风险进行分析、评估、分级,对现有控制措施的充分性加以考虑,以及对风险是否可接受予以确定的过程
【判断题】
第662题:为了保证双重预防体系建设的有效性负有安全生产监管职责的部门应加强对体系建设及落实情况的执法检查
【判断题】
第663題:违反法律、法规有关规定,整改时间长或可能造成较严重危害的隐患为重大事故隐患
【判断题】
第664题:卫生工程措施的优先原则是:应以无毒代替有毒、低毒代替高毒,优先采用无危害或危害小的工艺和物料
【判断题】
第665题:风险分级的目的是实现对风险的有效管控
【判断题】
第666题:一般事故隐患是指危害和整改难度较小,发现后能够立即整改排除的隐患
【判断题】
第667題:一个单位的不同类型的应急救援预案要形成统一整体救援力量要统一安排
【判断题】
第668题:一个风险点内存在多个危险源,危险源包含在风险点内
【判断题】
第669题:KT公司设计的裂解炉,当汽包液位超高时,锅炉给水供水电磁阀自动关闭,这属于紧急切断装置对裂解炉汽包的保护,防止汽包超压
【判断题】
第670题:装置内应设贯通式道路道路应有不少于3个出入口且出入口宜位于不同方位
【判断题】
第671題:迷宫密封的密封间隙越小密封齿越多其密封效果越好所以实际使用中密封齿越多密封间隙越小越好
【判断题】
第672题:所有炉管在安装前都需要逐根进行水压试验
【判断题】
第673题:装有催化剂的反应器、有填充物的大型压力容器全面检验每六年一次
【判断题】
第674题:进行有关化学液体的操作时应使用太阳镜保护面部
【判断题】
第675题:严禁将氧气管道与电缆安装在同一管沟内
【判断题】
第676題:禁止将含有汞、镉、砷、铬、铅、氰化物、黄磷等的可溶性剧毒废渣向水体排放、倾倒可以直接埋入地下
【判断题】
第677题:一氧化碳在空气中的允许浓度为30mg/m
【判断题】
第678题:稀释蒸汽液面指示不准的危害为稀释蒸汽带液,夹带钠离子等杂质,破坏炉管
【判断题】
第670题:安全标志包括禁止标志、警告标志、指令标志和提示标志等
【判断题】
第680题:劳动防护用品是指由生产经营单位为从业人员配备的,使其在劳动过程中免遭或者减轻事故伤害及职业危害的个人防护装备
【判断题】
第681题:使用听诊棒时主要通过感受设备的振动从而来判断设备工况
【判断题】
第682题:裂解炉不烧焦的情况下降温炉管部分或全部堵塞的机会是很小的
【判断题】
第684题:润滑油可以倒入含油污水沟内不必回收
【判断题】
第685题:为使压缩机充分预热,开车前必须对透平长时间低速暖机
【判断题】
第686题:企业要充分利用国家对安全生产专用设备所得税优惠、安全生产费用税前扣除等财税支持政策。在年度预算中必须保证应急救援装备、设施和演练、宣传、培训、教育等投入,提高救护队员的工资福利及其他相关待遇
【判断题】
第687题:进入受限空间作业时电焊机、变压器、气瓶应放置在受限空间内
【判断题】
第688题:使用中的原料罐氮封停用的危害为可燃气从呼吸阀外漏,达到爆炸极限,遇明火爆炸
【判断题】
第689題:为了有利于裂解气的分离裂解气压缩机出口压力越高越好
【判断题】
第690题:用人单位应当按照规定对从事使用高毒物品作业的劳动者进行岗位轮换
【判断题】
第691题:应急组织指挥体系或者职责已经调整的生产经营单位应急预案,可三年后修订
【判断题】
第692题:可燃气体与空气形成混合物遇到明火就爆炸
【判断题】
第693题:单位应当对消防档案分级保管、备查
【判断题】
第694题:生产经营单位可以以货币或者其他物品替代应当按规定配备的劳动防护用品
