【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
推荐试题
【判断题】
许甘露强调,要破除现役制和职业制的门户之见,坚决戒除唯老乡关系、唯战友关系、唯老同事、老同学关系的陋习,全方位融合成一个血脉相通的整体,爱集体,讲团结,坚决防止和反对宗派主义、圈子文化、码头文化,大家拧成一股绳,汇集力量,共创未来
【判断题】
根据《国家移民管理机构民警教育训练3年规划》,民警专业训练每年至少一次,三年累计不少于30天,基层一线民警没见实战训练时间不少于15天
【判断题】
2019年国家移民管理局将继续坚持以人民为中心的发展思想,对移民管理领域中凡是有利于实现稳就业、稳金融、稳外贸、稳外资、稳投资、稳预期的事都要先办快办,凡是有利于开放发展、创新发展、高质量发展的事都要快办大办,凡是有利于提高人民群众获得感、幸福感、安全感的事都要大办办好,凡是有利于巩固和发展党的执政基础的事都要办好多办
【判断题】
“一国两制”是中国的一个伟大创举。在统一的国家之内,国家主体实行社会主义制度,个别地区依法实行资本主义制度,这在过往的人类政治实践中还从未有过
【判断题】
网络安全已经成为我国面临的最复杂、最现实、最严峻的非传统安全问题之一
【判断题】
13推动形成绿色发展方式和生活方式,是发展观的一场深刻革命
【判断题】
马克思指出,我们不要过分陶醉于我们人类对自然界的胜利。对于每一次这样的胜利,自然界都对我们进行报复
【判断题】
今年上半年,我们将筹建移民事务服务中心。该中心将统筹调动移民管理系统资源和社会力量,探索开展对来华移民定居人员的社会融入服务,对长期居留外国人的移民辅导服务,对境外人员的居留旅行服务、法律援助服务、语言文化服务,积极促进移民管理领域的社会建设、文化建设,努力成为联系境外人员的桥梁、团结来华定居人员的纽带
【判断题】
历史和现实反复表明,一个社会是否文明进步、安定和谐,很大程度上取决于公民的思想道德素质
【判断题】
民心是最大的政治,要把凝聚民心作为意识形态工作的出发点和落脚点,坚持以人民为中心的工作导向,为党的中心工作服务,为维护最广大人民根本利益服务
【判断题】
现在国际舆论格局总体是西强我弱,我们往往有理说不出,或者说了传不开,这表明我国发展优势和综合实力还没有转化为话语优势
【判断题】
“三去一降一补”即去产能、去库存、去杠杆、降成本、补短板五大任务
【判断题】
要紧盯涉黑涉恶重大案件、黑恶势力经济基础、背后“关系网”“保护伞”不放,在打防并举、标本兼治上下真功夫、细功夫,确保取得实效、长效
【判断题】
历史和现实都一再证明,一个执政党进行社会革命不容易,进行自我革命更不容易,而不进行自我革命就必然被历史所淘汰
【判断题】
国防和军队改革取得历史性突破,形成军委管总、战区主战、军种主建新格局,人民军队组织架构和力量体系实现革命性塑造
【判断题】
2015年秋,习近平主席在出访哈萨克斯坦和印度尼西亚时先后提出建设“丝绸之路经济带”和“21世纪海上丝绸之路”重大倡议
【判断题】
“产业兴旺、生态宜居、乡风文明、治理有效、生活富裕”,是党的十九大报告提出的实施乡村振兴战略的总要求
【判断题】
党的十九大报告指出,党的领导是社会主义民主政治的本质特征
【判断题】
文化事业和文化产业是承载传播主流价值观念、提升国家文化软实力和综合国力的重要力量
【判断题】
根据《国家移民管理机构民警教育训练3年规划》,国家移民管理局每年组织50名左右机关干部跨总站(总队)学习交流,各总站(总队)结合实际每年组织部分机关干部跨边检站(支队)学习交流
【判断题】
加强党的建设必须把党的组织建设和作风建设作为主线
【判断题】
习近平强调,公平正义是执法司法工作的生命线。要抓住关键环节,完善执法权力运行机制和管理监督制约体系,努力让人民群众在每一起案件办理、每一件事情处理中都能感受到公平正义
【判断题】
国家移民管理局自2018年4月2日挂牌成立以来,持续深化移民管理领域改革创新,深入推进“放管服”改革,切实抓好“马上办、网上办、就近办、一次办”等审批服务便民化,密集推出一批便民利民惠民、服务经济社会发展新举措,努力为中外出入境人员和广大人民群众提供更好、更优质、更高效专业的服务,受到了各方高度评价
【判断题】
坚持和发展中国特色社会主义,总任务是实现社会主义现代化和中华民族伟大复兴
【判断题】
许甘露强调,新组建国家移民管理机构是以习近平同志为核心的党中央做出的重大战略部署,是顺应时代发展要求和应对形势任务挑战的迫切需要,为每一位同志提供了展示理想才华抱负的崭新舞台,我们要迅速统一思想,凝聚共识,奋发进取,全身心投入新的战场、接受新的考验,创造新的业绩
【判断题】
我国经济已由高速增长阶段转向高质量发展阶段,正处在转变发展方式、优化经济结构、转换增长动力的攻关期,建设现代化经济体系是跨越关口的迫切要求和我国发展的战略目标
【判断题】
我国社会主义民主政治的特有形式和独特优势是民主集中制
【判断题】
在日常巡逻、设卡堵截中遇有涉私、枪、赌、毒等紧急警情,必须上报后处理
【判断题】
执行巡逻、检查、监护等勤务时,行动前必须随机编组派遣
【判断题】
执行勤务时,执法记录仪和车辆行驶记录仪可以暂时关闭
【判断题】
一般来说,秘密级保密期限为10年,机密级15年,绝密级20年
【判断题】
公安民警着装时,应当随身携带《公安机关人民警察证》
【判断题】
人的心理健康水平大致分为常态心理、.失调心理、病态心理
【单选题】
错觉是指
A. 不正确的知觉
B. 不正确的感觉
C. 对从未经历过的事物有熟悉感
D. 对客观事物部分属性产生了错误的感觉
E. 对已知的事物有未经历的陌生
