【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
推荐试题
【多选题】
【多选题】关于施工招标,下列说法中正确的有___
A. 招标人采用邀请招标方式,应当向两个以上具备承担招标项目的能力、资信良好的特定的法人或者其他组织发出投标邀请书。
B. 通过资格预审,招标人可以了解潜在投标人对项目投标的兴趣
C. 招标人可以根据实际情况在标前会议上确定延长投标截止的间
D. 初步评审审查内容包括:投标资格审查、投标文件完整性审查、投标担保的有效性、与招标文件是否有显著的差异和保留、取费标准等
E. 技术评审主要是对投标书的技术方案、技术措施、技术手段、技术装备、人员配备、组织结构、进度计划等的先进性、合理性、可靠性、安全性、经济性等进行分析评价
【多选题】
【多选题】投标人在准备施工投标时,正确的做法有___
A. 投标人需要注意投标文件的组成,避免因提供的资料不全而被作为废标处理
B. 投标人需要对招标工程的自然经济和社会条件进行调查
C. 施工方案应由投标人的技术负责人主持制定
D. 投标文件应当对招标文件提出的实质性要求和条件做出响应
E. 对于以实测工程量结算工程量的单价合同,投标人无需核算工程量
【多选题】
【多选题】某工程项目施工过程中,监理人对已同意承包人覆盖的隐蔽工程质量有怀疑,指示承包人进行重新检验。检验结果表明该部分施工质量未达到合同约定的质量标准性,但满足行业规范的要求,下述说法正确的有___
A. 承包人有权拒绝监理人重新检验的要求
B. 监理人应判定质量合格
C. 承包人损失的工期和费用均不予补偿
D. 应补偿承包人费用,但工期不顺
E. 承包人应自费对该部分工程进行修复
【多选题】
【多选题】根据《建设工程施工专业分包合同(示范文本)》(GF-2003-0214),专业工程分包人应承担违约责任的情形有___
A. 未能及时办理与分包工程相关的各种证件、批件
B. 未履行总包合同中与分包工程有关的承包人的义务与责任
C. 经承包人允许,分包人直接致函发包人或工程师
D. 已竣工工程未交付承包人之前,发生损坏
E. 为施工方便,分包人直接接受发包人或工程师的指令
【多选题】
【多选题】关于物资采购合同中交货日期的说法,正确的有___
A. 供货方负责送货的,以供货方按合同规定通知的提货日期为准
B. 供货方负责送货的,以采购方收货截记的日期为准
C. 采购方提货的,以供货方按合同规定通知的提货日期为准
D. 采购方提货的,以采购方收货截记的日期为准
E. 委托运输部门代运的产品,一般以供货方发运产品时承运单位答发的日期为准
【多选题】
【多选题】对于业主而言,采用单价合同的不足之处是___
A. 承担工程量变化的风险
B. 不利于工程质量控制
C. 不利于投资控制
D. 不利于进度控制
E. 协调工作量大
【多选题】
【多选题】对于固定总价合同,为了合理分摊风险,承包商可以要求在合同中约定重大变更.累计工程变更超过一定幅度或其他特殊条件下对合同价格进行调整的规定,但需要在合同中明确___
A. 定义重大变更的含义
B. 特殊条件的含义
C. 调整合同价款的支付方式
D. 如何调整合同价格
E. 累计工程变更的幅度
【多选题】
【多选题】总价合同和单价合同在报价形式上很相似,都要报出各项单价,并以工程量表中的工程量乘以各项单价之和形成合同总价。但两者在性质上完全不同,总价合同是___
A. 总价优先
B. 单价优先
C. 以合同总价结算
D. 以各项单价乘以实际完成工程量之和结算
E. 以实际完成的工程总价结算
【多选题】
【多选題】某工程实行施工总承包管理模式,在签订成本加酬金合同时,业主和施工总承包单位应在合同中明确向承包商支付酬金的条款,其具体内容包括___。
A. 成本超支限额
B. 工程量增加幅度
C. 支付时间
D. 支付金额百分比
E. 发生变更后酬金的调整方式
【多选题】
【多选题】在最大成本加费用合同中,投标人所报___
A. 管理费
B. 临时设施费
C. 利润
D. 风险费
E. 暂定金额
【多选题】
【多选题】在成本加奖金合同中奖金是根据报价书中的成本估算指标的点和顶制定的底点和顶点通常分别是工程成本估算的___
A. 80%-90%
B. 70%~80%
C. 60%~75%
D. 100%~110%
E. 10%-135%
【多选题】
【多选题】对施工合同执行者而言,合同跟踪的对象有___
A. 承包的任务
B. 工程小组或分包人的工程和工作
C. 业主和其委托的工程师的工作
D. 设计部门的设计变更工作
E. 供应商的供应进度和质量
【多选题】
【多选题】承包商在进行合同实施趋势分析时,需针对合同实施偏差情况以及可以釆取的措施,分析在不同措施下合同执行的结果与趋势,包括___等
A. 最终的工程状况
B. 产生偏差的原因
C. 工程终经济效益利(利润)水平
D. 承包商将承担的后果
E. 合同实施偏差的责任
【多选题】
【多选题】根据合同实施偏差分析处理的结果,承包商应该采取相应的调整措施,包括___
A. 组织措施
B. 技木措施
C. 经济措施
D. 合同措施
E. 法律措施
【多选题】
【多选题】根据九部委《标施工招标文件》中“通用合同条款”,变更指示应说明变更的___
A. 目的
B. 范围
C. 变更程序
D. 变更内容
E. 变的工程量及其进度和支术要求
【多选题】
【多选题】常见的施工合同索赔证据主要有___
A. 施工日记、现场记录和工程有关照片录像资料
B. 各种合同文件及法规文件
C. 发包人或者工程师签认的签证、往来函件、备忘录
D. 工程各项会议纪要、技术资料、气象资料
E. 工程核贸料及财芻报告、凭证、物价、汇率指数等
【多选题】
【多选题】施工索赔成立应该具备的前提条件包括___。
A. 与合同对照,事件已经造成承包人工程项目成本的额外支出,或直接工期损失
B. 造成费用或工期失的原因,按合同约定不属于承包人行为责任或风脸责任
C. 承包人按合同规定的程序和时间提交索赔意向通知和索赔报告
D. 施工日志完整,所有的施工生产过程有清晰的文字、图片记载
E. 所有的工程变更都有监理工程师的字认可
【多选题】
【多选题】索赔意向通知要简明要地说明___等方面的内容
A. 索赔事件的发生
B. 索事件的过程
C. 索赔依据和理由
D. 索赔事件对工程成本和工期的不利影响
E. 索赔金额
【多选题】
【多选题】在索赔资料准备阶段,主要工作有___,
A. 跟踪和调查干扰事件,掌握事件产生的详细经过
B. 分析干扰事件产生的因,划清各方责任,确定索赔根据
C. 损失或损害调查分析与计算,确定工期索赔和费用索赔值
D. 起草提出索赔意向通知
E. 收集获得充分而有效的证据
【多选题】
【多选题】承包商索赔成立应具备的前提条件有___
A. 与合同对照,事件已造成了承包人工程项目成本的额外支出或直接工期损失
B. 造成费用增加或工期损失的原因,按合同约定不属于承包人的行为责任或风险责任
C. 承包人按合同规定的程序和时间提交索赔意向通知和索赔报告
D. 造成费用增加或工期损失数额巨大,超出了正常的承受范围
E. 索赔费用计算正确,并目容易分析
【多选题】
【多选题】编写索赔文件应注意___
A. 明确表明索赔意向
B. 责任分析清楚准确
C. 索赔额计算依据和结果要准确
D. 提供充分有效的证据材料
E. 叙述事件产生的详细经过
【单选题】
下列不属于办法规定纪律处分的有___。
A. 降级
B. 撤职
C. 开除留用
D. 开除
【单选题】
应给予撤职处分但无职可撤的,给予___处理。
A. 记大过
B. 降一个职级
C. 降两个职级
D. 开除留用
【单选题】
处分期间发生新的违规行为,处分期为___。
A. 原处分期限
B. 新处分期限
C. 原处分期限与新处分期限之和
D. 原处分期尚未执行的期限与新处分期限之和
【单选题】
对抵制、报告和正确履职、执行制度的工作人员打击报复的,给予___处分。
A. 记过至开除
B. 降级至开除
C. 撤职至开除
D. 开除
【单选题】
未经批准擅自招录、接收、聘用员工的,给予有关责任人员___处分。
A. 警告至记大过
B. 记过至降级
C. 记大过至撤职
D. 撤职至开除
【单选题】
无正当理由拒不服从组织分配、调动或岗位交流决定的,给予警告至记大过处分;情节或后果严重的,给予___处分。
A. 降级
B. 撤职
C. 降级至撤职
D. 降级至开除
【单选题】
未按规定程序和手续办理授权事宜的,给予有关责任人员___处分。
A. 警告至记过
B. 警告至记大过
C. 警告至降级
D. 警告至撤职
【单选题】
柜员离岗时不签退或暂退业务系统的,给予___处分;后果或情节严重的,给予( )处分。
A. 记过至记大过,降级至开除
B. 警告至记过,记大过至开除
C. 警告至记过,降级至开除
D. 警告至降级,撤职至开除
【单选题】
隐藏、窃取储蓄重要单证或套取客户密码,给予直接责任人___处分。
【单选题】
在集中采购过程中疏于管理、玩忽职守,造成经济损失的,至少应给予___处分。
【单选题】
在办理现金出纳业务过程中,直接给予开除处分的有___。
A. 现金出纳业务没有做到日清日结
B. 管库员无手续出库
C. 在办理现金出纳业务时抽张
D. 当日结账时发现账款不符,不及时查明原因,在规定时间内隐瞒不报
【单选题】
违反规定将拆入资金直接用于发放贷款、进行直接投资或者证券交易的,至少应给予___处分。
【单选题】
向不具备借款主体资格或资信条件的客户进行信贷授信的,至少应给予___处分。
【单选题】
下列属贷款审查过程违规行为的有___。
A. 提供虚假或有重大缺陷的材料或报告的
B. 未按规定核实抵押物、质物的真实性、有效性及抵押物、质物的价值和变现能力的
C. 伪造虚假信贷资料
D. 帮助、默许客户编造虚假信息资料
【单选题】
当日结账时发现账款不符,不及时查明原因,在规定时间内隐瞒不报的,给予有关责任人员___处分。
A. 警告至降级
B. 警告至记大过
C. 记过至降级
D. 记过至记大过
【单选题】
截留客户存折、银行卡和身份资料,后果或情节严重的,给予___处分。
A. 记大过至开除
B. 降级至开除
C. 撤职至开除
D. 记大过至降级
【单选题】
未按规定核实抵押物、质物的真实性、有效性及抵押物、质物的价值和变现能力的,给予有关责任人员___处分;后果或情节严重的,给予( C )处分。
A. 警告至记过 记大过至开除
B. 记过至记大过 降级至开除
C. 记大过至撤职 开除
D. 记过至撤职 开除
【单选题】
信贷档案管理混乱,丢失重要信贷档案、保险单据或违反规定销毁或隐匿、篡改信贷档案,后果或情节严重的,给予___处分。
A. 记大过至开除
B. 记大过至降级
C. 降级至开除
D. 撤职至开除
【单选题】
办理代收、代付、代理清算业务时,截留、压延、挪用、占用客户资金,后果或情节严重的,给予___处分。
A. 记大过至开除
B. 记大过至降级
C. 降级至开除
D. 撤职至开除
