【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
推荐试题
【单选题】
在计算速动比率时,要从流动资产中扣除存货部分,再除以流动负债。这样做的主要原因是流动资产中()。___
A. 存货的价值较大
B. 存货的质量不稳定
C. 存货的变现能力较差
D. 存货的未来销路不定
【单选题】
不动产登记,由()的登记机构办理___
A. 所有人户籍所在地
B. 所有人经常经住地
C. 不动产所在地
D. 以上几项都可以
【单选题】
抵押合同可以不包括以下哪项内容:()___
A. 被担保的主债权种类、数额
B. 债务人履行债务的地点
C. 抵押担保的范围
D. 债务人履行债务的期限
【单选题】
据《商业银行授信工作尽职指引》的规定,客户资料如有变动,商业银行应要求客户()进一步核实后在档案中重新记载。___
A. 做出口头说明
B. 提供书面报告
C. 提供公司章程
D. 电话告知
【单选题】
对公客户调查内容主要包括()、行业情况、营管理情况、申请信贷业务的原因和还款来源、验证客户资料、验证客户抵质押物状况、财务状况。___
A. 客户基本情况
B. 企业职工工资
C. 企业法人学历
D. 企业股东学历
【单选题】
商业银行经常将贷款分散到不同的行业和领域,使违约风险降低,其原因是()。___
A. 不同行业及地域间的贷款可以进行风险对冲
B. 将贷款分散至不同行业及地域来取得规模效应
C. 通过不同行业及地域间的贷款进行风险转移
D. 利用不同行业及地域间企业来进行风险分散
【单选题】
下列关于同一债务有两个以上保证人时,保证人责任承担方式说法不对的是___
A. 没有约定保证份额的,债权人可以要求任何一个保证人承担全部保证责任,保证人都负有担保全部债权实现的义务
B. 数个保证人应当按照保证合同约定的保证份额,承担保证责任
C. 已经承担保证责任的保证人,有权向债务人追偿,但不能要求承担连带责任的其他保证人清偿其应当承担的份额
D. 没有约定保证份额的,保证人承担连带保证责任
【单选题】
银行可根据风险水平、筹资成本、管理成本、贷款目标收益、资本回报要求以及当地市场利率水平等因素自主确定贷款利率,对不同借款人实行()___
A. 固定利率
B. 浮动利率
C. 平等利率
D. 差别利率
【单选题】
有关集团客户的信用风险,下列说法错的是()。___
A. 内部关联交易频繁
B. 风险监控难度较小
C. 连环担保十分普遍
D. 系统性风险较高
【单选题】
信用风险的控制手段不包括()。___
A. 风险缓释
B. 限额管理
C. 风险规避
D. 风险定价
【单选题】
甲向乙借款 20 万元做生意,由丙提供价值 15 万元的房屋抵押,并订立了抵押合同。甲因办理登记手续费过高,经乙同意未办理登记手续。甲又以自己的一辆价值 6 万元的“夏利”车质押给乙,双方订立了质押合同。乙认为将车放在自家附近不安全,决定仍放在甲处。一年后,甲因亏损无力还债,乙诉至法院要求行使抵押权、质权。本案中抵押和质押的效力为:___
A. 抵押、质押均有效
B. 抵押、质押均无效
C. 抵押有效、质押无效
D. 抵押有效、质押无效
【单选题】
银行或者其他金融机构的工作人员以牟利为目的,采取吸收客户资金不入账的方式,将资金用于非法拆借、发放贷款,造成重大损失的,处()年以下有期徒刑或者拘役,并处 2 万元以上 20 万元以下罚金;___
【单选题】
以下()环节不属于一笔贷款的管理流程。___
A. 贷款申请
B. 受理与调查
C. 贷款支付
D. 贷款监控
【单选题】
对保证人管理的内容不包括( )___
A. 审查保证人的资格
B. 抵押品价值的变化情况
C. 分析保证人的保证实力
D. 了解保证人的保证意愿
【单选题】
个人经营类贷款不能用于()。___
A. 定向购买或租赁商用房、机械设备
B. 满足个人控制的企业生产经营流动资金需求
C. 个人购买耐用消费品
D. 个人助业贷款
【单选题】
贷款受理和调查中的风险不包括( )。___
A. 借款申请人的主体资格不符合银行相关规定
B. 借款申请人所提交的材料不真实、不合法
C. 借款申请人的担保措施不足额或无效
D. 审批人对借款人的资格审查不严
【单选题】
实行客户统一授信管理。县级行社对应授信客户必须遵循“()”的原则,___
A. 先授信、后用信
B. 先用信,后授信
C. 同时用信授信
D. 以上都不对
【单选题】
贷款审查和审批中的主要风险点不包括( )。___
A. 未按独立公正原则审批
B. 不按权限审批贷款
C. 未履行法定提示义务
D. 审批人员对审查内容审查不严
【单选题】
每月的还款本金固定,而利息越来越少,贷款人起初还款压力比较大,但是随着时间的推移,每月还款数也越来越少,这种还款方式称为()。___
A. 等额本息
B. 等额本金
C. 等额递减
D. 等比递增
【单选题】
关于对借款人的贷后财务监控,下列说法对的是()。___
A. 企业提供的财务报表如为复印件,需要公司盖章
B. 企业提供的财务报表如经会计师事务所审计,需要完整的审计报告(不包括附注)
C. 财务报表应含有资金运用表
D. 对于关键数据,主要进行纵向比较
【单选题】
下列做法中,不符合信贷档案管理原则和要求的是()。___
A. 将一个信贷项目形成的文件资料划分为信贷文件和信贷档案,分别管理
B. 任命直接经办贷款的信贷人员担任信贷档案员
C. 业务人员将信贷执行过程续生的文件随时移交信贷档案员
D. 将信贷档案的检查列入年度绩效考核中
【单选题】
对于逾期贷款,银行应及时发送()。___
A. 逾期还本付息通知单
B. 催收通知单
C. 宽限通知单
D. 违约起诉书
【单选题】
催收包括逾期催收和()。___
A. 上门催收
B. 电话催收
C. 人员催收
D. 到期催收
【单选题】
“借款人未按约定用途使用贷款”是()贷款的特征之一。___
【单选题】
贷款风险分类最核心的内容是( )。___
A. 基本信贷分析
B. 还款能力分析
C. 还款可能性分析
D. 确定分类结果
【单选题】
银行防范质物的价值风险,应要求质物经过有行业资格且资信良好的评估公司做价值认定,选择()的动产或权利作为质物,谨慎地接受股票、权证等价值变动较大的质物。___
A. 价值高
B. 价值低
C. 价格高
D. 价值稳定
【单选题】
行使抵押权或质押权,追索保证人,属于( )。___
A. 信用风险的事前管理
B. 操作风险的流程管理
C. 信用风险的事中管理
D. 操作风险的制度管理
【单选题】
依法应办理抵押登记的,抵押权的生效时间为()。___
A. 抵押交付之日
B. 登记之日
C. 签订之日
D. 当事人协商之日
【单选题】
目前我国政府规定的居住用地的土地使用权出让年限为( )年。___
【单选题】
( )是指借款人无法足额偿还贷款本息,即使执行担保,也肯定要造成较大损失的。___
A. 正常贷款
B. 关注贷款
C. 可疑贷款
D. 损失贷款
【单选题】
以下各项中,不属于认为贷款或信用卡的逾期记录与实际不符的异议类型的是( )。___
A. 他人冒用或盗用个人身份获取信贷或信用卡
B. 贷款按约定由单位或担保公司或其他机构代偿.但它们没有及时到银行还款造成逾期
C. 个人办理的信用卡从来没有使用过因欠年费而造成逾期
D. 个人不清楚银行确认逾期的规则
【单选题】
关于个人信用报告的档案管理,下列说法错误的是( )。___
A. 查询机构要对所有查询相关的纸质和电子档案资料整理归档
B. 信用报告查询相关档案资料保管期限为二年,到期可对档案资料进行销毁
C. 档案资料按照一事一档、编号管理的原则进行
D. 档案资料的借阅应当严格限定范围,无查询机构主管的审批,任何人不得擅自查询、借阅和复制档案资料
【单选题】
个人征信查询系统中,( )涵盖了信用卡与贷款的明细等情况。___
A. 个人身份信息
B. 居住信息
C. 信贷信息
D. 个人质押信息
【单选题】
农村信用社贷款利率浮动幅度的具体实施细则,由()制定。___
A. 县级联社
B. 县级人民银行
C. 地市级中心支行
D. 省农信联社
【单选题】
农户消费贷款要求至贷款到期日借款人的年龄一般不超过()周岁。___
【单选题】
日常对借款人实行检查,自然人贷款()不少于一次,其他贷款每季度不少于一次,额度较大的贷款必须在贷后()内作跟踪检查。___
A. 每年,30 天
B. 每年,20 日
C. 每半年,10 天
D. 每月,10 天
【单选题】
商业银行应确定一个管理部门或委员会统一审核批准对客户的授信,不能由不同部门分别对同一或不同客户进行授信,这是指授信要做到()。___
A. 授信主体的统一
B. 授信形式的统一
C. 授信对象的统一
D. 不同币种授信的统一
【单选题】
审议、审批原则上不得超过()个工作日。___
【单选题】
同时满足四项条件(①借款人生产经营活动正常,能按时支付利息。②重新办理了贷款手续。③贷款担保有效。④属于周转性贷款的“借新还旧”贷款原则上要划为()。___
A. 正常贷款
B. 关注贷款
C. 次级贷款
D. 可疑贷款
【单选题】
下列做法中,符合银行贷款发放的计划、比例放贷原则的是()。___
A. 按照项目完成工程量的多少付款
B. 借款人擅自改变前期贷款款项的用途,银行拒绝支付后期贷款款项
C. 按照已批准的贷款项目年度投资计划中规定的建设内容、费用,准确、及时地提供相应贷款
D. 拒绝企业将银行贷款用于股本金的融资。
