【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
推荐试题
【判断题】
验钞仪是按动态鉴别方式进行纸币鉴别的仪器
【判断题】
金融机构因操作不便、运行速度慢,可以关闭冠字号码记录设备的清分、鉴伪等功能或调低设备性能
【判断题】
残缺、污损的人民币,按照中国人民银行的规定兑换,并由中国人民银行负责销毁
【单选题】
一带一路指的是
A. 丝绸之路经济带,21世纪海上丝绸之路
B. 丝绸之路发展带,21世纪陆上丝绸之路
【单选题】
双创指的是
A. 大众创业,万众创新
B. 大众创新,万众创业
【填空题】
1.___是最根本的党内法规,是管党治党的总规矩。
【填空题】
2.中国共产党是___的先锋队,同时是___的先锋队,是___的领导核心,代表___的发展要求,代表___的前进方向,代表___的根本利益。
【填空题】
5.改革开放以来我们取得一切成绩和进步的根本原因,归结起来就是:开辟了___,形成了___,确立了___,发展了___。
【填空题】
6.在新世纪新时代,经济和社会发展的战略目标是:到建党一百年时,___;到新中国成立一百年时___。
【填空题】
7.《党章》强调,坚持改革开放是我们的强国之路,改革开放应当大胆探索,勇于开拓,提高改革决策的科学性,更加注重改革的___、___、___,在实践中开创新路。
【填空题】
8.《党章》强调,要促进___、___、___、___同步发展,建设社会主义新农村,走中国特色新型工业化道路,建设创新型国家和世界科技强国。
【填空题】
9.《党章》强调,要牢牢掌握意识形态工作领导权,不断巩固___,巩固___。
【填空题】
10.民主集中制是___和___相结合,它既是党的根本组织原则,也是群众路线在党的生活中的运用。
【填空题】
11.我们党的最大政治优势是___,党执政后的最大危险是___。
【填空题】
12.党员如果没有正当理由,连续___不参加党的组织生活,或不交纳党费,或不做党所分配的工作,就被认为是自行脱党。
【填空题】
13.党的基层委员会、总支部委员会、支部委员会每届任期___。
【填空题】
14.党的纪律主要包括:___、___、___、群众纪律)、___、___。
【填空题】
15.对党员的纪律处分有五种:___、___、___、___、___。
【填空题】
16.党的民主集中制的“四个服从”是___,___,___,___。
【填空题】
17.党的建设必须坚决实现五项基本要求是___。___。___。___。___。
【填空题】
18.“十三五”时期是全面建成 ___ 决胜阶段。
【填空题】
19.党的十八大以来,以习近平同志为总书记的党中央毫不动摇坚持和发展___,勇于实践、善于创新,深化对共产党执政规律、社会主义建设规律、人类社会发展规律的认识,形成一系列治国理政 ___ ,为在新的历史条件下深化改革开放、加快推进社会主义现代化提供了科学理论指导和行动指南。
【填空题】
20.党的十八届五中全会指出,坚持人民主体地位,必须坚持 ___ 的发展思想,把增进人民福祉、促进人的全面发展作为发展的出发点和落脚点。
【填空题】
21.党的十八届五中全会指出,坚持科学发展,必须坚持以___ 为中心,从实际出发,把握发展新特点,加大结构性改革力度,加快转变经济发展方式,实现更有质量、更有效率、更加公平、更可持续的发展。
【填空题】
22.党的十八届五中全会指出,创新是引领发展的第一动力,必须把 ___ 摆在国家发展全局的核心位置,不断推进理论创新、制度创新、科技创新、文化创新等各方面创新。
【填空题】
23.党的十八届五中全会指出, ___ 是永续发展的必要条件和人民对美好生活追求的重要体现,必须坚持节约资源和保护环境的基本国策,坚持可持续发展,坚定走生产发展、生活富裕、生态良好的文明发展道路。
【填空题】
24.党的十八届五中全会指出, ___ 是中国特色社会主义的本职要求。必须坚持发展为了人民、发展依靠人民、发展成果由人民共享,作出更有效的制度安排,使全体人民在共建共享发展中有更多获得感。
【填空题】
25.党的十八届五中全会指出,增强发展协调性,必须坚持 ___ 、 ___ 、物质文明精神文明并重、经济建设国防建设融合,在协调发展中拓展发展空间,在加强薄弱领域中增强发展后劲。
【填空题】
26.党的十八届五中全会提出,要推进 ___ 、 ___ 、 ___ 建设。
【填空题】
27.党的十八届五中全会指出, ___ 是中国特色社会主义制度的最大优势,是实现经济社会持续健康发展的根本政治保证。
【填空题】
28.党的十八届五中全会提出,必须坚持 ___ ,全面提高党依据宪法法律治国理政、依据党内法规管党治党的能力和水平。
【填空题】
29.党的十八届五中全会指出,坚持 ___ 、 ___ 、 ___ 、 ___ 、 ___ 五大发展理念,是关系我国发展全局的一场深刻变革。全党同志要充分认识这场变革的重大现实意义和深远历史意义,统一思想,协调行动,深化改革,开拓前进,推动我国发展迈上新台阶。科学理论指导和行动指南。
【填空题】
30.深化行政管理体制改革的主要任务,是要进一步转变政府职能,持续推进简政放权、放管结合、优化服务,提高 ___ ,激发市场活力和社会创造力。
【填空题】
31.中国共产党人追求的 ___ 最高理想,只有在社会主义社会充分发展和高度发达的基础上才能实现。
【填空题】
32.中国共产党在领导社会主义事业中,必须坚持以___ 为中心,其他各项工作都必须服从和服务于这个中心。
【填空题】
33.要坚定实施___战略、___战略、___战略、___战略、___战略、___战略、___战略。
【填空题】
34.新时代党的建设的主线是:加强___、___和___。
【填空题】
35.党的根本性建设是党的___,决定党的建设方向和效果。
