【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
推荐试题
【判断题】
不能按原样连接的部分,不作为票面剩余面积计算。
【判断题】
金融机构可以拒绝兑换残缺、污损人民币。
【判断题】
残缺、污损人民币是指票面撕裂、损缺,或因自然磨损、侵蚀,外观、质地受损,颜色变化,图案不清晰,防伪特征受损,不宜再继续流通使用的人民币。
【判断题】
能辨别面额,票面剩余四分之二(含)以上,其图案、文字能按原样连接的残缺、污损人民币,柜员应向持有人按原面额全额兑换。
【判断题】
票面污损、熏焦、水湿、油浸、变色,不能辨别真假的纸币不予兑换。
【判断题】
残缺、污损硬币的兑换确认为真币的,只要能辨别正面的图案、背面的数字、边部设计,即可兑换全额。确认为假币的,按假币收缴办法办理。
【判断题】
经办人员在办理残缺、污损人民币兑换业务时,应向持有人说明认定的结果。不予兑换的残缺、污损人民币,应及时收缴。
【判断题】
兑付额不足一分的,不予兑换;五分按半额兑换,兑付二分。
【判断题】
不宜流通人民币纸币行业标准所称残缺、污损人民币是指票面撕裂、残缺,或因自然磨损、侵蚀,外观、质地受损,颜色变化,图案不清晰,防伪特征受损,但可继续流通使用的人民币。
【判断题】
凡办理人民币存取款业务的金融机构应无偿为公众兑换残缺、污损人民币,不得拒绝兑换。
【判断题】
残缺、污损人民币兑换分“全额”和“半额”两种情况。
【判断题】
全额、半额使用的专用袋及封签应具有可恢复性。
【判断题】
办理票币兑换业务必须坚持先兑出,后兑入,当面点清,一笔一清。
【判断题】
票面出现一处粘贴物,粘贴物面积大于100mm2的为不宜流通人民币。
【判断题】
票面出现多处粘贴物,粘贴物累计面积大于100mm2的为不宜流通人民币。
【判断题】
粘贴物面积虽未超过规定标准,但遮盖了重要防伪特征之一,影响防伪功能的为不宜流通人民币。
【判断题】
不宜流通人民币纸币指有穿孔、裂口、变形、磨损、氧化及文字、面额数字、图案模糊不清等情形之一,影响正常流通的人民币纸币。
【判断题】
不宜流通人民币硬币指外观、质地、防伪特征受损,变色变形,图案模糊,尺寸、重量发生变化,影响正常流通的人民币硬币。
【判断题】
弯曲挺度:使一端夹紧的人民币样品弯曲至15度角时所需的力,以毫牛(MN)或牛(N)表示。
【判断题】
票面出现一处撕裂,撕裂长度大于10mm的为不宜流通人民币。
【判断题】
票面出现多处撕裂,最短撕裂长度大于2mm,累计撕裂长度大于8mm的。
【判断题】
一张人民币纸币损坏为2部分(含)以上,通过粘贴等方式,按原样连接的,为不宜流通人民币。
【判断题】
人民币纸币形状、尺寸发生变化,票幅长边与标准规格相差2%以上,或票幅宽边与标准规格相差4%以上的,为不宜流通人民币。
【判断题】
票面出现一处涂写,其涂写面积大于100mm2的为不宜流通人民币。
【判断题】
票面出现多处涂写,累计涂写面积大于100mm2的为不宜流通人民币
【判断题】
光密度指入射光强度与透射光强度之比值的常用对数值。
【判断题】
人民币纸币形状、尺寸发生变化,票幅长边与标准规格相差4%以上,或票幅宽边与标准规格相差8%以上的,为不宜流通人民币。
【判断题】
票面出现贯穿纸币的明显折痕,折痕处纸质变软、起毛的为不宜流通人民币。
【判断题】
人民币纸币弯曲挺度检测是指使一端夹紧的人民币样品弯曲至30度角时所需的力,以毫牛(MN)或牛(N)表示。
【判断题】
涂写面积是按纸币票面出现人为的文字、图画、符号或其他标记的最边缘处连接时所圈围的票面面积计算。
【判断题】
人民币硬币在流通过程中出现扭曲、弯折、凸起、凹坑或其他变形,其最低面直径与最高面直径差值大于1mm,或整体厚度与标准边部厚度差值大于2mm的,为不宜流通人民币。
【判断题】
人民币硬币在流通过程中因自然氧化、火烧等原因,使币面色泽发生较大改变、图案模糊不清,或光泽度变暗,影响辨别面额或真伪的,为不宜流通人民币。
【判断题】
不宜流通人民币纸币行业标准所称特殊残缺、污损人民币是指票面因火灾,虫蛀鼠咬、霉烂等特殊原因,造成外观质地、防伪特征受损,纸张炭化变形,图案不清晰,不宜再继续流通使用的人民币。
【判断题】
营业机构的日间库为库房的,必须实行全天候监控。营业机构的日间库为专用保柜(箱)的,保险柜(箱)必须置于全方位的摄像监控下,确保营业日间不间断监控。
【判断题】
未发生专用保险柜(箱)密码交接的,密码必须不定期更换,最长期限不得超过90天。
【判断题】
入日间库保管的经有关部门封存的库存实物、重要物品和代保管物品,每月至少验封一次。
【判断题】
入库保管的现金、实物,正、副管库员必须按以下规定双人结库,并进行账实核对。
【判断题】
日间库使用钥匙(密码)由正、副管库员分别掌管,实行定人定向交接。中午休息、营业终了或中途离开网点,库房使用钥匙一律入保险箱保管。
【判断题】
未发生专用保险柜(箱)密码交接的,密码必须不定期更换,最长期限不得超过30天
【判断题】
日间库可以单人结库;只要现金、实物及钱箱必须与现金登记簿、重要机具物品登记簿的结存数核对一致,由管库员双人签章确认。
