【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
推荐试题
【单选题】
, 。坚持以人民为中心的发展思想,把人民生命财产安全放在首位,不断提高城市轨道交通安全水平和服务品质。___
A. 预防为先,防处并举
B. 统筹协调,改革创新
C. 属地管理,综合治理
D. 以人为本,安全第一
【单选题】
, 。加强城市轨道交通规划、建设、运营协调衔接,加快技术创新应用,构建运营管理和公共安全防范技术体系,提升风险管控能力。___
A. 预防为先,防处并举
B. 统筹协调,改革创新
C. 属地管理,综合治理
D. 以人为本,安全第一
【单选题】
, 。构建风险分级管控和隐患排查治理双重预防制度,加强应急演练和救援力量建设,完善应急预案体系,提升应急处置能力。___
A. 预防为先,防处并举
B. 统筹协调,改革创新
C. 属地管理,综合治理
D. 以人为本,安全第一
【单选题】
, 。城市人民政府对辖区内城市轨道交通安全运行负总责,充分发挥自主权和创造性,结合本地实际构建多方参与的综合治理体系。___
A. 预防为先,防处并举
B. 统筹协调,改革创新
C. 属地管理,综合治理
D. 以人为本,安全第一
【单选题】
负责指导城市轨道交通运营,拟订运营管理政策法规和标准规范并监督实施,承担运营安全监管职责,负责运营突发事件应对工作的指导协调和监督管理。___
A. 省级人民政府
B. 交通运输部
C. 公安部
D. 运营单位
【单选题】
负责会同交通运输部等部门拟订城市轨道交通反恐防暴、内部治安保卫、消防安全等政策法规及标准规范并监督实施。___
A. 省级人民政府
B. 交通运输部
C. 公安部
D. 运营单位
【单选题】
指导本辖区城市轨道交通安全运行,负责辖区内运营突发事件应对工作的指导协调和监督管理。___
A. 省级人民政府
B. 交通运输部
C. 公安部
D. 运营单位
【单选题】
承担安全生产主体责任,落实反恐防暴、内部治安保卫、消防安全等有关法规规定的责任和措施。___
A. 省级人民政府
B. 交通运输部
C. 公安部
D. 运营单位
【单选题】
强化技术标准规范对安全和服务的保障和引领作用,以保障 和 为重点,进一步修订完善城市轨道交通工程建设标准体系。___
A. 防范处置、设备配置
B. 运营安全、服务质量
C. 衔接高效、运行顺畅
D. 建设质量、安全运行
【单选题】
以 和 为重点,建立健全城市轨道交通运营标准体系。___
A. 防范处置、设备配置
B. 运营安全、服务质量
C. 衔接高效、运行顺畅
D. 建设质量、安全运行
【单选题】
以 和 为重点,建立健全城市轨道交通反恐防暴、内部治安保卫、消防安全等标准体系。___
A. 防范处置、设备配置
B. 运营安全、服务质量
C. 衔接高效、运行顺畅
D. 建设质量、安全运行
【单选题】
城市轨道交通发展要与城市 社会发展阶段、发展水平、发展方向相匹配、相协调。___
【单选题】
城市轨道交通线网规划要 确定线网布局、规模和用地控制要求,与综合交通体系规划有机衔接,主要内容纳入城市总体规划。___
【单选题】
城市轨道交通建设规划要树立“规划建设为运营、运营服务为乘客”的理念,将 要求贯穿于规划、建设、运营全过程。___
A. 安全和生产
B. 安全和服务
C. 生产和服务
D. 快捷和准点
【单选题】
城市轨道交通规划涉及公共安全方面的设施设备和场地、用房等,要与城市轨道交通工程同步规划、同步设计、同步施工、同步验收、同步投入使用,并加强 管理。___
A. 场地规划
B. 安全运营
C. 生产质量
D. 运行维护
【单选题】
在工程可行性研究和初步设计文件中设置运营服务专篇和公共安全专篇,发展改革、规划等部门在审批时要以 听取同级交通运输部门、公安机关意见。___
A. 公证形式
B. 书面形式
C. 口述形式
D. 审核登记形式
【单选题】
城市轨道交通工程项目原则上要在可行性研究报告编制前确定 。___
A. 管理单位
B. 行政单位
C. 运行单位
D. 运营单位
【单选题】
加强城市轨道交通建设与运营的交接管理,完善交接 。___
A. 方式和方法
B. 建设和运营
C. 建设和内容
D. 内容和程序
【单选题】
城市轨道交通建设工程竣工验收不合格的,不得开展 安全评估。___
A. 运营后
B. 运营中
C. 运营前
D. 运行前
【单选题】
未通过运营前安全评估的,不得投入 。___
A. 试运营
B. 运行
C. 试运行
D. 运营
【单选题】
城市轨道交通工程项目要按照相关规定划定保护区,运营期间在保护区范围内进行有关作业要按程序征求运营单位同意后方可办理 。___
A. 相关许可手续
B. 相关作业凭证
C. 相关手续作业
D. 相关许可作业
【单选题】
建立健全运营安全风险分级管控和隐患排查治理双重预防制度,对运营全过程、全区域、各管理层级实施 。___
A. 安全卡控
B. 安全管理
C. 安全监护
D. 安全监控
【单选题】
建立健全行业运营服务指标体系和统计分析制度、服务质量考评制度,加强服务质量 。___
【单选题】
运营单位要依法做好运营安全各项工作,严格落实 。___
A. 安全报告
B. 安全生产责任制
C. 安全检测
D. 安全隐患排查
【单选题】
制定城市轨道交通关键设施设备运营准入技术条件,加快 车辆、信号、通信、自动售检票等关键设施设备产品定型,加强列车运行控制等关键系统信息安全保护。___
【单选题】
建立健全设施设备维修技术 和检测评估、维修保养制度。___
【单选题】
深入开展行业运营人力资源跟踪研究, 行业人才发展水平。___
【单选题】
鼓励各类院校设置 相关专业或者专业方向,扩大人才培养规模。___
A. 城市轨道行业
B. 城市轨道交通
C. 城市轨道运用
D. 城市轨道运营
【单选题】
运营单位要制定安全防范和消防安全管理制度、明确人员岗位职责、落实 措施,保障相关经费投入,及时配备、更新防范和处置设施设备。___
A. 安全生产
B. 安全措施
C. 安全管理
D. 安全卡控
【单选题】
有关部门要加强涉恐情报信息 工作,运营单位要按照规定及时报告发现的恐怖活动嫌疑或恐怖活动嫌疑人员。___
【单选题】
依法对进入城市轨道交通场站的人员、物品进行 。___
A. 安全管理
B. 安全卡控
C. 相关检查
D. 安全检查
【单选题】
从事城市轨道交通安全检查的单位、人员要按照有关标准、规范和约定实施安全检查,发现违禁品、管制物品和涉嫌违法犯罪人员,要妥善处置并立即向 报告。___
A. 公安机关
B. 运营单位
C. 管理单位
D. 人民政府
【单选题】
制定安全检查设备和监控设备设置标准、人员配备标准及操作 。___
【单选题】
城市轨道交通所在地城市及以上地方人民政府要构建公安、交通运输、综治等部门以及运营单位、社会力量多方参与的城市轨道交通公共安全协同防范体系和应急响应机制,加强政府部门、运营单位与街道、社区之间的 ,推广“警企共建”、“街企共建”等专群结合的综治模式。___
A. 联调联动
B. 协调联动
C. 相互合作
D. 协调合作
【单选题】
通过 广泛宣传普及城市轨道交通相关法规和知识,加强公众公共安全防范及突发事件应对培训教育,引导公众增强安全意识和防护能力。___
A. 单种形式
B. 单种模式
C. 多种模式
D. 多种形式
【单选题】
城市轨道交通所在地城市及以上 要将城市轨道交通纳入政府应急管理体系,结合本地实际制定完善应对各类突发事件的专项应急预案、部门应急预案,督促运营单位制定完善具体预案。___
A. 省政府
B. 地方人民政府
C. 国家机关
D. 运营单位
【单选题】
建立突发事件应急处置机制,成立 ,明确相关部门和单位的职责分工、工作机制和处置要求。___
A. 临时指挥小组
B. 应急指挥小组
C. 临时指挥机构
D. 应急指挥机构
【单选题】
城市轨道交通所在地城市及以上地方人民政府和有关部门、运营单位要配备满足需要的应急设施设备和应急物资,根据需要建立专职或志愿消防队、微型消防站,提高 能力。___
A. 自防自救
B. 自我保护
C. 疏散逃生
D. 扑救火灾
【单选题】
建立健全专业应急救援队伍,加强应急培训,提高 能力。___
A. 应急救援
B. 应急救助
C. 紧急救援
D. 紧急救助
【单选题】
建立协调联动、快速反应、科学处置的工作机制,强化 对突发事件第一时间处置应对的能力,最大程度减少突发事件可能导致的人员伤亡和财产损失。___
A. 省政府
B. 地方人民政府
C. 国家机关
D. 运营单位
