【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
推荐试题
【单选题】
进行接触网带电作业时的绝缘工具,整个有效绝缘部分的电阻不低于___。
A. 10 2次方 MΩ
B. 10 3次方 MΩ
C. 10 4次方 MΩ
D. 10 5次方 MΩ
【单选题】
远离带电体的检修作业,一般指距带电体___以上的作业。
A. 0.5 m
B. 1 m
C. 2 m
D. 3 m
【单选题】
在线路上使用车梯作业时,车梯上的作业人员不得超过___。
【单选题】
遇有雷雨、大雪、浓雾或风力在___及以上等恶劣气候时,应停止露天高空作业。
【单选题】
接触网第一种工作票为白底___字体和格,用于接触网停电检修作业。
【单选题】
接触网第二种工作票为白底___字体和格,用于接触网带电检修作业。
【单选题】
接触网第三种工作票为白底___字体方和格,用于接触网远离带电体作业。(922000000)
【单选题】
参加接触网作业人员应符合下列___条件。
A. 作业人员每两年进行一次身体检查,符合作业所要求的身体条件
B. 受过接触网作业培训,考试合格并取得相应的安全等级
C. 熟悉触电急救方法
D. 以上全都是
【单选题】
在进行110 kV停电作业时,作业人员(包括所持的机具、材料、零部件等)与周围带电设备的距离不得小于___。
A. 1 500 mm
B. 1 200 mm
C. 1 000 mm
D. 700 mm
【单选题】
国境卫生检疫机关发现检疫传染病或者疑似检疫传染病时,必须用最快的方法报告国务院卫生行政部门,最迟不得超过________。
A. 6小时
B. 12小时
C. 24小时
D. 48小时
【单选题】
申请电讯检疫的船舶,首先向卫生检疫机关申请卫生检查,合格者发给卫生证书。该证书自签发之日起______内可以申请电讯检疫。
A. 3个月
B. 6个月
C. 12个月
D. 24个月
【单选题】
在国外或者国内有检疫传染病大流行的时候,______可以下令封锁有关的国境或者采取其他紧急措施。
A. 全国人大常务委员会
B. 国务院
C. 国家卫生健康委员会
D. 海关总署
【单选题】
鼠疫、霍乱、黄热病三种检疫传染病潜伏期分别为_______。
A. 6日、5日、6日
B. 6日、5日、10日
C. 5日、5日、6日
D. 6日、6日、10日
【单选题】
公共场所经营单位的《卫生许可证》______复核一次。
【单选题】
在国境口岸,所有非因意外伤害而死亡并死因不明的尸体,必须经海关查验,并签发____后,方准移运。
A. 卫生处理证明
B. 特殊物品审批单
C. 出境检疫证
D. 尸体移运许可证
【单选题】
未遵守《食品安全法》的规定出口食品,尚不构成犯罪的,没收违法所得和违法生产经营的食品,货值金额10000元以上的,并处货值金额的____罚款。
A. 3倍以下
B. 3倍以上10倍以下
C. 5倍以上10倍以下
D. 10倍以上20倍以下
【单选题】
逃避检疫、未经许可擅自上下交通工具的,海关对交通工具负责人可以____。
A. 警告或罚款
B. 没收财物
C. 行政拘留
D. 吊销运营资质
【单选题】
《国境卫生检疫法实施细则》所称的“隔离”是指将染疫人收留在____指定的处所,限制其活动并进行治疗,直到消除传染病传播的危险。
A. 海关
B. 卫生部门
C. 公安部门
D. 外事部门
【单选题】
应当实施卫生处理的外国交通工具的负责人拒绝接受卫生处理的,除有特殊情况外,准许该交通工具在_____的监督下,立即离开中华人民共和国国境。
A. 海关
B. 卫生行政部门
C. 公安部门
D. 港务监督部门
【单选题】
感染性疾病与传染病的主要区别为____。
A. 是否有病原体
B. 是否有传染性
C. 是否有发热
D. 是否有感染后的免疫
【单选题】
传染源向四周散播病原体的所能波及的范围称为____。
A. 疫区
B. 疫点
C. 疫源地
D. 自然疫源地
【单选题】
在大多数传染病中,____是最常见的表现。
A. 病原体被清除
B. 显性感染
C. 隐性感染
D. 潜伏性感染
【单选题】
传染病检疫期限的确定,是依据该病的____。
A. 隔离期
B. 传染期
C. 最短潜伏期
D. 最长潜伏期
【单选题】
潜伏期是指____。
A. 从病原体侵入人体起,至病人完全治愈或死亡的一段时期
B. 从病原体侵入人体起,至血液中出现相应抗体的时期
C. 从病原体侵入人体起,至开始出现临床症状为止的时期
D. 从出现临床症状起,至病人完全治愈或死亡的时期
【单选题】
病原携带者是指____。
A. 感染病原体,有临床症状并能排出病原体的人
B. 感染病原体,无临床症状但能排出病原体的人
C. 感染病原体,有临床症状但不能排出病原体的人
D. 感染病原体,无临床症状也不能排出除病原体的人
【单选题】
流行性脑脊髓膜炎的传播途径是____。
A. 生活密切接触传播
B. 通过吸血节肢动物传播
C. 经呼吸道传播
D. 经消化道传播
【单选题】
确诊疟疾最简单而迅速的方法是____。
A. 血涂片
B. 骨髓涂片
C. 酶联免疫吸附试验
D. PCR法
【单选题】
流感病毒独特的和最显著的特征是____。
A. 抗原变异
B. 致病力强
C. 传染性强
D. 潜伏期长
【单选题】
乙脑与流脑的临床鉴别,最重要的是____。
A. 意识障碍的出现与程度
B. 生理反射异常及出现病理反射
C. 皮肤瘀点及瘀斑
D. 颅内压升高程度,呼吸衰竭的出现
【单选题】
____是流行性脑脊髓膜炎的高发季节。
【单选题】
目前一般认为,可能引起流感大流行的病原体是____。
A. 甲型流感病毒
B. 乙型流感病毒
C. 丙型流感病毒
D. 禽流感病毒
【单选题】
当一种新疗法只能延长某病病人的寿命而不能治愈时,____。
A. 该病的患病率会降低
B. 该病的发病率会升高
C. 该病的患病率会升高
D. 该病的发病率会降低
【单选题】
下列关于麻疹的表述,错误的是____。
A. 由麻疹病毒引起
B. 主要有发热、皮疹等症状
C. 成人不发病
D. 婴幼儿广泛接种疫苗后现少见
【单选题】
传染病流行过程的强度,一般用____表示。
A. 发病率
B. 患病率
C. 死亡率
D. 病死率
【单选题】
自然疫源性疾病主要是指____。
A. 以虫媒为传播媒介的传染病
B. 所有地方性传染病都是自然疫源性疾病
C. 以野生动物为主要传染源的动物源性传染病
D. 所有动物源性传染病都是自然疫源性疾病
【单选题】
疟疾的热型为____。
A. 稽留热
B. 弛张热
C. 间歇热
D. 回归热
【单选题】
麻疹前驱期的特征性表现为____。
A. 发热
B. 结膜炎
C. Koplik斑
D. Stimson线
【单选题】
对SARS患者密切接触者的隔离观察期限为____。
A. 5天
B. 7天
C. 10天
D. 14天
【单选题】
霍乱最常见的并发症及引起死亡的原因是____。
A. 肠出血
B. 肠穿孔
C. 急性肾衰竭
D. 急性肺水肿
