【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
推荐试题
【多选题】
以下关于电汇的说法正确的有___ 。
A. 金额<5万且业务优先级为普通,汇款渠道只能选择小额支付系统;
B. 金额<5万且业务优先级为紧急或特急,汇款渠道可以选择大额支付系统
C. 节假日小额支付系统限额提升至20万。
D. 若验印结果为人工通过,需要网点会计主管授权。
E. 若付款人一样、金额一样的重复业务,需要网点会计主管授权。
【多选题】
实行7×24小时运行的支付系统有___
A. 大额支付系统
B. 小额支付系统
C. 同城清算系统
【多选题】
小额支付系统和大额支付系统 ___
A. 共享清算账户清算资金
B. 共享密押处理机制
C. 共享行名行号管理系统
D. 共享停启运机制
【多选题】
下列属于小额支付系统办理的定期借记业务的是___
A. 代付工资业务
B. 代付保险金、养老金业务
C. 代收水、电等公用事业费业务
D. 国库批量扣税业务
【多选题】
小额支付系统付款行对发起的___可以发送撤销申请。
A. 普通贷记业务
B. 定期贷记业务
C. 普通借记业务回执
D. 定期借记业务回执
【多选题】
下列哪些业务可以纳入小额轧差___。
A. 普通借记业务
B. 普通贷记业务
C. 实时贷记业务
D. 定期贷记业务
【多选题】
通过___业务,可由银行根据付款授权协议完成工资、公用事业费用的自动拨付和缴纳。
A. 定期贷记业务
B. 普通贷记业务
C. 普通借记业务
D. 定期借记业务
【多选题】
小额支付系统处理的普通借记业务主要包括___业务。
A. 普通借记业务
B. 国库资金借记划拔
C. 支票截留
D. 通用截留
【多选题】
城商行柜面通业务包括___。
A. 通存业务
B. 通兑业务
C. 通存业务和通兑业务
【多选题】
密码汇款支取时,支取密码连续___次输入错误,系统自动锁定该笔汇款,当日不得办理支取,次日系统自动解锁。
【多选题】
绍兴银行城商行支付清算系统业务分为___
A. 汇兑业务
B. 城商行柜面通业务
C. 密码汇款业务
D. 支票业务
【多选题】
下列选项正确的是___。
A. 客户遗忘密码,不得办理支取,也不能办理挂失,可办理退汇;被锁定状态下的密码汇款由汇款人在原汇款行办理退汇。
B. 正常退汇:汇款人需持汇款时的身份证件,凭密码+汇款号码+取款人证件类型和证件号码在原汇款行办理。
C. 密码遗忘退汇:汇款人需持汇款时的身份证件,凭汇款号码+取款人证件类型和证件号码在原汇款行办理。
D. 正常退汇、密码遗忘退汇业务只能由原汇款行受理,要原汇款人到柜台填写密码汇款申请书。如原汇款行撤销,由其归属行指定行(原汇款行撤销前其归属行应书面通知资金清算中心)受理。密码汇款汇款人、取款人不为同一人的,正常退汇、密码遗忘退汇须在逾期后办理。
【多选题】
以下关于城商行支付业务说法正确的有___。
A. 往账录入若付款人一样、金额一样的重复业务,需要网点会计主管授权。
B. 来账退汇需要远程集中授权
C. 来账补记客户账允许补记非本网点的客户账
D. 来账补记客户账需要远程集中授权
【多选题】
四十三、当票据状态为___时,客户在网银端撤票成功后,系统无账务处理。
A. 出票已登记
B. 承兑撤销记账
C. 提票承兑已签收
【多选题】
电票手续费收取可选择___方式。
A. 转账
B. 现金
C. 转账或现金
D. 以上都错
【多选题】
电子商业汇票业务不支持签发的是___
A. 电子商业承兑汇票
B. 华东三省一市汇票
C. 电子银行承兑汇票
【多选题】
关于电票到期自动备款错误的为___。
A. 电票到期系统自动备款功能同纸票到期自动备款
B. 票据系统将已达到期日的票据(节假日顺延到下一工作日)发送核心系统进行备款处理
C. 定期保证金账户利息随同本金一起入24300301银承保证金备付科目,当保证金扣款金额大于票面金额时,系统自动将多扣款项转入客户结算账户
D. 核心的扣款顺序为先扣结算账户金额、再扣保证金账户锁定金额,若扣款金额仍不足票据金额时,核心系统自动生成银承备款
【多选题】
在办理全额电子商业汇票时,客户经理提交的资料有:___
A. 信贷客户放款业务审批表、信贷客户单笔单批业务审批表、银行承兑汇票承兑申请书、银行承兑协议。
B. 放款通知书、信贷客户单笔单批业务审批表、银行承兑汇票承兑申请书、银行承兑协议。
C. 放款通知书、信贷客户放款业务审批表、银行承兑汇票承兑申请书、银行承兑协议。
D. 放款通知书、银行承兑汇票承兑审查(审批)书、银行承兑汇票承兑申请书、银行承兑协议、银行承兑汇票清单、保证金质押合同。
【多选题】
需要在本行办理电子商业汇票业务的客户,应具备___。
A. 组织机构代码
B. 营业执照
C. 税务登记证
【多选题】
电票到期系统自动备款是指票据系统将已达到期日的票据(节假日顺延到下一工作日)发送核心系统进行备款处理,核心的扣款顺序为先扣()、再扣(),若扣款金额仍不足票据金额时()正确的扣款顺序为以下哪一项___。
A. 结算账户金额、保证金账户锁定金额、生成银承备款
B. 保证金账户锁定金额、结算账户金额、生成银承备款
C. 生成银承备款、保证金账户锁定金额、结算账户金额
D. 生成银承备款、结算账户金额、保证金账户锁定金额
【多选题】
电子商业汇票业务的各票据行为参与者(客户)必须为我行___签约客户,具有有效的电子签名认证信息。
A. 手机银行
B. 网上银行
C. 电子银行
D. 电话银行
【多选题】
办理电子银行承兑汇票业务,出票人需按照票面金额的___向承兑机构支付银承签发手续费。
A. 万分之三
B. 千分之三
C. 万分之五
D. 千分之五
【多选题】
超过提示付款期提示付款的,按照逾期提示付款进行处理,可在票据到期日后___内发起逾期提示付款。
A. 3个月
B. 6个月
C. 1年
D. 2年
【多选题】
客户在网上银行发起电票批量出票申请时,单个批次出票上限为___张。
A. 50
B. 100
C. 150
D. 200
【多选题】
电子商业汇票提示付款期自票据到期日起___日,最后一日遇法定休假日、大额支付系统非营业日、电子商业汇票系统非营业日顺延。
A. 10天
B. 一个月
C. 三个月
D. 六个月
【多选题】
电子商业汇票系统适用于___对电子商业汇票业务的处理需求。
A. 对私客户
B. 对公客户
C. 财务公司
D. 商业银行各分支机构
【多选题】
电子商业汇票系统适用于对公客户、财务公司、各商业银行分支机构对电子商业汇票业务的处理需求, 需要客户___。
A. 应具备组织机构代码,在本行开立结算账户
B. 必须为我行网上银行签约客户,具有有效的电子签名认证信息;
C. 开通企业短信业务
D. 需与开户机构签订《单位银行结算账户综合服务协议》、《单位银行结算账户综合服务申请表》,并提供相应企业资质文件等;
【多选题】
电票银票签发,客户经理提交的资料有___。
A. 放款通知书
B. 银行承兑汇票承兑审查(审批)书
C. 银行承兑汇票清单
D. 银行承兑汇票承兑申请书
E. 银行承兑协议
【多选题】
电子商业汇票业务是指以电子商业汇票系统为基础,网上银行 为前端,核心业务系统为账务处理中心,为客户提供全面的电子商业汇票的出票、承兑、背书、___等业务。
A. 托收
B. 解付
C. 质押
D. 贴现
E. 转贴现
【多选题】
电票银票签发,客户通过企业网银发起___操作,向我行网点发起承兑申请。
A. 出票清单编辑
B. 出票申请
C. 出票登记
D. 提示承兑申请
【多选题】
下列关于电票业务正确的有___。
A. 电票到期系统自动备款功能同纸票到期自动备款;
B. 人行签收应答成功后,贴现业务不再支持撤回;
C. 我行网银客户发起的贴现申请都默认为线上清算方式;
D. 银承签发手续费收取按信贷合同批次一次性收取。
【多选题】
电子商业汇票业务为客户提供全面的电子商业汇票业务,包括电子商业汇票的___等业务。
A. 出票
B. 承兑
C. 背书
D. 质押
E. 贴现
【多选题】
关于承兑记账,下列说法正确的是___。
A. 柜员可在作复核前先从跟踪查询中查询该张电子银行承兑汇票的状态
B. 柜员可在“承兑撤销记账”菜单发起承兑记账撤销,将承兑记账撤退回信贷系统修改
C. 当票据状态为“出票已登记”时,客户在网银端撤票成功后,系统无账务处理
D. 当票据状态为“提票承兑已签收”时,客户在网银端撤票成功后,系统自动账务处理,同时解绑原已绑定的保证金账号金额;对原收取的承兑手续费冲销返还,票据系统处理完上述操作后,自动往综合柜面系统发送通知任务,通知网点该笔电票已撤票
【多选题】
电子商业汇票业务包括___
A. 票据承兑
B. 提示付款
C. 到期解付
D. 贴现/转贴现
E. 质押
【多选题】
电子商业汇票面临___风险。
A. 系统运行瘫痪
B. 数据文件丢失
C. 票据诈骗
D. 网络遭遇攻击
E. 病毒入侵
【多选题】
财政零余额账户为___,预算单位零余额账户为( )。
A. 专用存款账户、基本存款账户或专用存款账户
B. 基本存款账户或专用存款账、专用存款账户户
C. 基本存款账户、基本存款账户
【多选题】
转入零余额账户的款项必须在___对账清算前支付(转出)。
A. 前一天
B. 当天
C. 隔日
D. 一周内
【多选题】
一个预算单位原则上只能开立___零余额账户。
【多选题】
以下哪个账户可办理提取现金业务___
A. 财政零余额账户
B. 预算单位零余额账户
C. 预算外资金财政专户
D. 国库单一账户
【多选题】
代理银行依据《人民币银行结算账户管理办法》的规定,预算单位零余额账户和特设专户,须审核哪些资料?___。
A. 预算单位机构设置的批准
B. 同级财政局同意其在代理银行开户的文件
C. 预算单位的预留印鉴
D. 其它资料
