【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
推荐试题
【单选题】
下列行为中,属于行政强制的是 ___。
【多选题】
行政机关依法作出要求当事人履行排除妨碍、恢复原状等义务的行政决定,当事人逾期不履行,经催告仍不履行,其后果已经或者将危害交通安全、造成环境污染或者破坏自然资源的。___
A. 行政机关可以代履行
B. 委托没有利害关系的第三人代履行
C. 不能由行政机关代履行
D. 不可委托他人代履行
【多选题】
根据《行政强制法》的规定,划拨的存款、汇款以及拍卖和依法处理所得的款项应当如何处理。___
A. 上缴国库
B. 按比例返还行政机关
C. 划入财政专户
D. 归行政机关工作人员所有
【多选题】
根据《行政强制法》的规定,有下列哪些情形之一的,行政强制执行终止执行。___
A. 公民死亡,无遗产可供执行,又无义务承受人的
B. 法人或者其他组织终止,无财产可供执行,又无义务承受人的
C. 执行标的灭失的
D. 据以执行的行政决定被撤销的
【多选题】
行政机关作出强制执行决定前,应当事先催告当事人履行义务。催告应当以书面形式作出,并载明下列哪些事项___。
A. 履行义务的期限
B. 履行义务的方式
C. 涉及金钱给付的,应当有明确的金额和给付方式
D. 当事人依法享有的陈述权和申辩权
【多选题】
依照法律规定实施限制公民人身自由的行政强制措施,应当当场告知或者实施行政强制措施后立即通知当事人家属实施行政强制措施的___。
A. 行政机关
B. 地点
C. 期限
D. 理由
【多选题】
当事人采取补救措施的,可以减免___。
A. 罚款
B. 处罚
C. 加处的罚款
D. 滞纳金
【多选题】
对违法的建筑物、构筑物、设施等需要强制拆除的,行政机关可以依法强制拆除的条件包括:___。
A. 当事人在公告规定的期限内不拆除
B. 当事人在法定期限内不申请行政复议
C. 当事人在法定期限内不提起行政诉讼
D. 当事人在法定期限内不提出异议
【多选题】
行政机关不得在( )实施行政强制执行。但情况紧急的除外。___
A. 工作日
B. 夜间
C. 法定节假日
D. 休息日
【多选题】
行政机关作出解除冻结决定的,应当及时通知___。
A. 上级行政机关
B. 社会公众
C. 金融机构
D. 当事人
【多选题】
下列不得查封、扣押的有___。
A. 公民个人的生活必需品
B. 公民所扶养家属的生活必需品
C. 公民近亲属的生活必需品
D. 与违法行为无关的场所、设施或者财物
【多选题】
地方性法规可以设定的行政强制措施有:___。
A. 限制公民人身自由
B. 查封场所、设施或者财物
C. 扣押财物
D. 冻结存款、汇款
【多选题】
行政法规不可以设定的行政强制措施有:___。
A. 限制公民人身自由
B. 查封场所、设施或者财物
C. 扣押财物
D. 冻结存款、汇款
【多选题】
以下属于行政强制措施种类的有___。
A. 限制公民人身自由
B. 查封场所、设施或者财物
C. 扣押财物
D. 冻结存款、汇款
【多选题】
行政机关实施行政强制措施,当事人不到场的,邀请见证人到场,由在现场的( )在笔录上签名或者盖章。___
A. 见证人
B. 执法人员
C. 利害关系人
D. 其他在场人员
【多选题】
公民、法人或者其他组织对行政机关的行政强制行为___。
A. 享有陈述权
B. 享有抗辩权
C. 享有复议权
D. 享有赔偿权
【多选题】
《行政强制法》所称行政强制,包括___
A. 行政强制行为
B. 行政强制措施
C. 行政强制执行
D. 行政强制程序
【多选题】
金钱制裁的形式有___
A. 支付违约金
B. 履行合同
C. 赔偿损失
D. 罚款
【多选题】
行政强制执行的性质是___。
A. 行政性
B. 执行性
C. 强制性
D. 合法性
【多选题】
根据我国现行法律、法规的规定,对人身的强制措施主要有___等。
A. 收容审查
B. 强制传唤
C. 强制戒毒
D. 强制扣留
【多选题】
违法行为___的,可以不采取行政强制措施。
A. 情节显著轻微
B. 未造成严重结果
C. 没有明显社会危害
D. 未侵害公共利益
【多选题】
在行政机关依法作出的下列决定中,当事人逾期不履行的,行政机关可以委托第三人代为履行的是___
A. 排除障碍
B. 强制拆除
C. 恢复原状
D. 征收社会抚养费
【多选题】
下列措施属于直接强制执行的有___
A. 代履行
B. 执行罚
C. 强制拘留
D. 强制传唤
【多选题】
下列措施属于间接强制执行的有___。
A. 代履行
B. 执行罚
C. 强制收购
D. 强制治疗
【多选题】
___属于排除行政诉讼障碍的强制措施。
A. 拘留
B. 罚款
C. 训诫
D. 劳动教养
【判断题】
在催告期间,对有证据证明有转移或者隐匿财物迹象的,行政机关可以作出立即强制执行决定
【判断题】
代履行的费用按照成本合理确定,由当事人承担。但是,法律另有规定的除外
【判断题】
行政机关申请人民法院强制执行,需要按照法律的规定缴纳一定的申请费用
【判断题】
行政强制法中规定的十日以内期限是指工作日,不含法定节假日
【判断题】
查封、扣押的期间包括检测、检验、检疫或者技术鉴定的期间
【判断题】
违法行为涉嫌犯罪应当移送司法机关的,行政机关应当将查封、扣押、冻结的财物一并移送,并书面或者口头告知当事人
【判断题】
行政机关实施行政强制措施时应由两名以上行政执法人员实施
【判断题】
公民、法人或者其他组织因人民法院在强制执行中有违法行为或者扩大强制执行范围受到损害的,无权依法要求赔偿
【判断题】
采用非强制手段可以达到行政管理目的的,同样可以设定和实施行政强制
【判断题】
行政强制执行,是指行政机关或者行政机关申请人民法院,对不履行行政决定的公民、法人或者其他组织,依法强制履行义务的行为
【判断题】
加处罚款或者滞纳金的数额不得超出金钱给付义务的数额。
【判断题】
划拨存款、汇款、拍卖、加处罚款或者滞纳金等都属于直接强制。
【判断题】
没有强制执行权的行政机关只能申请法院执行。
