【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
推荐试题
【单选题】
介质置换作业置换时,每个检测点应使用____检测仪分别进行____检测。___
A. 两台 一次
B. 两台 三次
C. 一台 一次
D. 一台 三次
【单选题】
放空点的选择应远离交通线和居民点,必要时应设置放空隔离区,人员应撤离至____。___
A. 下风口
B. 上风口
C. 50米外
D. 100米外
【单选题】
安全阀、ESD前手动球阀应保持____,并做好闭锁___
A. 常闭
B. 常开
C. 安全阀前常开、ESD前常闭
D. 安全阀前常闭、ESD前常开
【单选题】
任何电气设备在未验明无电之前,一律认为 ____ 。___
【单选题】
触电急救必须分秒必争,立即就地迅速用____进行急救。___
A. 木棍
B. 心肺复苏法
C. 拨打120
D. 海姆立克急救法
【单选题】
天然气生产设施宜布置在人员相对集中和有明火产生场所的全年最小频率风向的 ____。___
A. 侧风向
B. 下风侧
C. 上风侧
D. 顺风向
【单选题】
职业病防治工作采取﹙ ﹚的方针,实行分类管理,综合治理。___
A. 安全第一,预防为主
B. 安全第一,预防为主,综合治理
C. 预防为主,防治结合
D. 责任制
【单选题】
患有心脏病、____、严重贫血、恐高症、癫痫等不适宜高处作业的人员不允许进行脚手架搭拆作业。___
A. 高血压
B. 高血糖
C. 糖尿病
D. 以上都不对
【多选题】
动火工作间断后,重新动火前动火____必须重新检查安全措施的落实情况,并按要求再次填写《动火现场检查记录表》,检查内容确认完成后方可进入许可签字程序。___
A. 工作票签发人
B. 工作负责人
C. 动火监护人
D. 工作票许可人
【多选题】
识别危害因素时应充分考虑哪些方面____、方法几个方面和正常、异常、紧急三种状态。___
【多选题】
动火作业前应将隔离阀门____。___
A. 断电
B. 上锁
C. 就地打STOP
D. 挂禁止操作牌
【多选题】
因工作需要临时增加三种人的,需按三种人资格审批程序履行相应的____手续。___
【多选题】
在输气管道设备设施上进行____作业,必须办理动火作业许可证___
【多选题】
工作票按专业可分为工艺、电气、仪表、自控____等___
【多选题】
输气管道设备设施上工作的人员应具备必要的天然气知识,学会紧急救护法(心肺复苏及人工呼吸),特别要掌握____等急救常识。___
A. 烧伤、烫伤
B. 冻伤
C. 窒息
D. 中毒
【多选题】
作业机具、安全工器具、个人防护用品、应急救援器材等应符合国家或行业标准的规定,并根据产品说明书、有关标准规范或实际情况定期进行____或试验,对不符合要求的,应及时更换。___
【多选题】
相关方人员在输气管道设备设施上工作前,管道企业应对其进行____,交底方和被交底方应在交底记录上签字确认后,方可允许其进入现场参加指定地点的工作。___
A. 设备设施状态
B. 运行隔离情况
C. 安全要求交底
D. 管理制度
【多选题】
介质置换作业包括_______
A. 氮气置换天然气
B. 天然气置换氮气
C. 氮气置换空气
D. 氮气置换空气
【多选题】
安规中所称工作是指从事浙能集团所属输气管道调度____等职务行为。___
A. 运行、维(检、抢)修
B. 检测、检验
C. 技术改造和改(扩)建工程施工
D. 试验
【多选题】
特殊作业许可证必须履行____等程序。___
【多选题】
____人员,必须经过安全教育培训 ,方可进入输气管道现场随同参加指定的工作,不得单独工作。___
A. 新参加工作
B. 实习人员
C. 临时工作
D. 外包人员
【判断题】
安规所称驻守站是指无人值班、有人值守的站场。
【判断题】
安规所称工作是指从事浙能集团所属输气管道调度、运行、维(检、抢)修、检测、检验、试验、技术改造和改(扩)建工程施工等职务行为。
【判断题】
工作票签发人、工作负责人、工作许可人三者一定不得相互兼任。
【判断题】
工作票风险辨识结果涉及八大特殊作业的,应同时办理特殊作业许可证。
【判断题】
专项施工方案应经管道企业主要负责人组织作业部门、工作许可部门、技术管理部门、安监部门审查批准后,作为办理工作票、特殊作业许可证的依据。
【判断题】
当发现大量泄漏时,不得靠近泄漏点,应启动ESD,并立即报告站场负责人和调度部门。
【判断题】
放空前需对放空区域进行辨识,不需要进行评价。
【判断题】
管线打开过程中发现现场工作条件与专项作业方案不一致时也可继续作业。
【判断题】
热放空操作前应确认放空区50米范围内无闲杂人员。
【判断题】
气体检测的位置和所采的样品可以任意选择。
【判断题】
动火点附近如有阴井、地沟等应进行检查分析,并根据现场的具体情况采取相应的安全防火措施。
【判断题】
挖掘作业坑除满足施工作业要求外, 应分别有上、下通道,通道坡度宜小于30 度。
【判断题】
需要动火的设备和管线,清洗、置换和通风后,要进行可燃气体浓度检测。
【判断题】
超过一天的工作票每天工作开始前,工作负责人和工作许可人需重新检查确认安措落实情况后,方可重新开始工作。
【判断题】
一类、二类、三类工作许可人应得到调度部门操作指令后方可进行操作。
【判断题】
中断工作连续3个月以上者,必须重新学习安规,并经考试合格后,方可恢复工作。
【判断题】
天然气场站中,机动车辆不带防火罩不准进入场区。
【判断题】
员工“三懂”是指:懂天然气着火爆炸条件、懂天然气着火爆炸的危险性、懂天然气着火爆炸预防措施及补救方法。
【判断题】
《安全生产法》规定,从业人员有权对本单位安全生产工作中存在的问题提出整改。