【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
推荐试题
【判断题】
思想政治工作是经济工作和其他一切工作的生命线,是我们党和社会主义国家的重要政治优势
【判断题】
全面建成小康社会是实现现代化建设第二步战略目标必经的承上启下的发展阶段
【判断题】
党的十六大报告中,江泽民把社会主义物质文明、政治文明、精神文明、生态文明一起确立为社会主义现代化全面发展的四大基本目标
【判断题】
坚决反对和防止腐败是全党一项重大的政治任务,是关系党和国家生死存亡的严重政治斗争
【判断题】
科学发展观是在深刻把握我国基本国情和新的阶段性特征的基础上形成和发展起来的
【判断题】
当今世界发展大势、国外发展的经验教训,是科学发展观形成的时代背景
【判断题】
以人为本是科学发展观的核心立场,集中体现了马克思主义历史唯物论的基本原理,体现了我们党全心全意为人民服务的根本宗旨和推动经济社会发展的根本目的
【判断题】
建设资源节约型社会的核心是加强节能减排和生态保护工作
【判断题】
新形势下,党面临着执政考验、改革开放考验、市场经济考验、军事实力的考验
【判断题】
安定友序,就是全社会互帮互助、诚实守信,全体人民平等友爱、融洽相处
【判断题】
社会主义核心价值体系是根源于民族优秀文化和马克思主义文化发展起来的
【判断题】
发展社会主义民主政治,最重要的就是要坚持好、发展好适合我国国情的社会主义道路
【判断题】
科学发展观强调,全面深化经济体制改革是加快转变经济发展方式的关键
【判断题】
发展不平衡,主要指各区域各领域各方面发展不平衡,制约了全国发展水平提升
【判断题】
经济建设取得重大成就表现在,经济保持高速增长,综合国力和国际影响力显著提升
【判断题】
实施共建“一带一路”倡议,倡导构建人类命运共同体,促进全球治理体系变革,为世界和平与发展作出新的重大贡献
【判断题】
我国社会主要矛盾的变化,没有改变我们对我国社会主义所处历史阶段的判断,我国仍处于并将长期处于社会主义初级阶段的基本国情没有变,我国是世界最大发展中国家的国际地位没有变
【判断题】
实现中国梦离不开世界和平发展的国际环境,世界的发展也需要中国,作为世界上的发达国家和第一大经济体,新时代的中国有责任也有能力为人类繁荣与进步作出新的更大贡献
【判断题】
人民是历史的创造者,是决定党和国家前途命运的根本力量
【判断题】
必须以党章为根本遵循,把党的思想建设摆在首位,政治建设和制度治党同向发力,统筹推进党的各项建设
【判断题】
全面建成小康社会新的目标要求经济保持中高速增长,到2020年比2010年翻一番的是国内生产总值和工业增加值
【判断题】
中国梦是人民的梦,也是世界的梦,与世界的梦息息相通
【判断题】
依法治国得到全面落实,科学立法、严格执法、公正司法、全民守法的局面已经形成
【判断题】
中国梦和社会主义核心价值观深入人心,爱国主义、集体主义、社会主义思想广泛弘扬,全体人民的文化自信、文化自觉和文化凝聚力不断提高
【判断题】
作为负责任的大国,中国决不会称霸,决不搞扩张,中国越发展,对世界和平与发展就越有利
【判断题】
经过全党全国各族人民共同努力,我们先后提前实现了第一步、第二步战略目标,党的十七大正式宣布人民生活总体达到小康水平
【判断题】
改革开放40年来,我国经济持续较快发展,工业化现代化快速推进,各项事业全面进步,国家面貌发生了前所未有的巨大变化
【判断题】
国家富强,是指我国综合国力进一步增强,中国特色社会主义事业进一步发展和完善
【判断题】
民族振兴,是通过自身的不断发展与强大,继承并创造中华民族的优秀文化以及先进的文明成果,进而使中华民族再次处于世界领先地位,再次以高昂的姿态屹立于世界民族之林
【判断题】
人民幸福,就是人民权利保障更加充分、人人得享共同发展,生活在伟大祖国和伟大时代的中国人民,共同享有人生出彩的机会,共同享有梦想成真的机会,共同享有同祖国和时代一起成长与进步的机会
【判断题】
当今时代,文化在综合国力竞争中的地位日益重要,谁占据了文化发展的制高点,谁就能够更好地在激烈的国际竞争中掌握主动权
【判断题】
文化强国既表现为具有高度文化素养的国民,也表现为发达的文化产业,还表现为强大的文化软实力
【判断题】
文化自信是一个国家、一个民族发展中更基本、更深沉、更持久的力量。坚定文化自信,事关国运兴衰,事关文化安全,事关民族精神的独立性
【判断题】
文化是一种跨越国界、跨越民族、跨越时空的普适性精神力量,因此,要积极融入世界文化,完全没有必要坚守中华文化立场、走中国特色社会主义文化发展道路
【判断题】
共享发展注重的是解决社会公平正义的问题
【判断题】
在中国实行人民代表大会制度,是中国人民在人类政治制度史上的伟大创造
