【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
推荐试题
【单选题】
___是指一国通过宪法和法律调整以生产资料所有制为核心的各种基本经济关系的规则、原则和政策的总和
A. 社会主义公有制
B. 政治协商制度
C. 基本经济制度
D. 基本政治制度
【单选题】
我国宪法规定: 中华人民共和国的社会主义经济制度的基础是___。
A. 生产资料的社会主义公有制
B. 消灭剥削的制度
C. 坚持按劳分配为主体
D. 人民当家作主
【单选题】
___是调整平等主体的自然人、法人和非法人组织之间的人身关系和财产关系的法律规范,遵循民事主体地位平等、自愿、公平、诚信、公序良俗、有利于节约资源和保护生态环境等基本原则。
【单选题】
“遵循民法的基本原则,同时秉承保障商事交易自由、等价有偿、便捷安全等原则”指的是___。
A. 商法
B. 经济法
C. 社会法
D. 行政法
【单选题】
我国制定的___,规定民事活动必须遵循的基本原则和一般性规则,对民法基本原则、民事主体、民事权利、民事法律行为、民事责任和诉讼时效等作出规定,既构建了我国民事法律制度的基本框架,也为各分编的规定提供依据。
A. 宪法相关法
B. 罪刑法定原则
C. 民法总则
D. 民事诉讼法
【单选题】
___是关于行政权的授予、行政权的行使以及对行政权监督的法律规范,调整的是行政机关与行政管理相对人之间因行政管理活动发生的关系。
A. 民法
B. 刑法
C. 社会法
D. 行政法
【单选题】
___是国家从社会整体利益出发,对经济活动实行干预、管理或者调控的法律规范。是国家对市场经济进行适度干预和宏观调控的法律手段和制度框架,旨在防止市场经济的自发性和盲目性所导致的弊端。
A. 经济法
B. 社会法
C. 商法
D. 行政法
【单选题】
___是调整劳动关系、社会保障、社会福利和特殊群体权益保障等方面的法律规范。
A. 经济法
B. 商法
C. 社会法
D. 民法
【单选题】
___是规定犯罪与刑罚的法律规范。
A. 宪法相关法
B. 行政法
C. 刑法
D. 诉讼法
【单选题】
___确立了当事人有平等的诉讼权利、根据自愿和合法的原则进行调解、公开审判、两审终审等民事诉讼的基本原则和制度。
A. 刑事诉讼法
B. 行政诉讼法
C. 诉讼法
D. 民事诉讼法
【单选题】
___是规范国家司法活动解决社会纠纷的法律规范
A. 民法
B. 刑法
C. 诉讼法
D. 非诉讼程序法
【单选题】
___是规范仲裁机构或者人民调解组织解决社会纠纷的法律规范。
A. 民法
B. 刑法
C. 诉讼法
D. 非诉讼程序法
【单选题】
“天下之事,不难于立法,而难于法之必行。”反映的是___
A. 科学立法
B. 严格执法
C. 公正司法
D. 全民守法
【单选题】
“理国要道,在于公平正直。” 反映的是___
A. 科学立法
B. 严格执法
C. 公正司法
D. 全民守法
【单选题】
“立善法于天下,则天下治;立善法于一国,则一国治。” 反映的是___
A. 科学立法
B. 严格执法
C. 公正司法
D. 全民守法
【单选题】
“邦国虽有良法,要是人民不能全部遵循,仍然不能法治。” 反映的是___
A. 科学立法
B. 严格执法
C. 公正司法
D. 全民守法
【单选题】
___是中国特色社会主义最本质的特征,是社会主义法治最根本的保证。
A. 党的领导
B. 人民当家作主
C. 依法治国
D. 依宪治国
【单选题】
要把党的领导贯彻到依法治国全过程和各方面,坚持___。
A. 依法治国与以德治国相结合
B. 以保障人民根本权益为出发点和落脚点
C. 党的领导、人民当家作主、依法治国相统一
D. 公平正义是法治的生命线
【单选题】
我国依法治国的主体和力量源泉是___。
A. 共产党
B. 工人阶级
C. 农民
D. 人民
【单选题】
___是社会主义法律的基本属性,是社会主义法治的基本要求。
【单选题】
___是治国理政的基本方式,依法治国是基本方略,具有根本性、决定性和统一性,它强调对任何人都一律平等,任何人都必须遵守法律。
【单选题】
通过在全社会培育、弘扬社会主义核心价值观和社会主义道德,对不同人群提出有针对性的道德要求,指的是___。
A. 以德治国
B. 依法治国
C. 依宪治国
D. 民主治国
【单选题】
法治和德治对社会成员都具有约束作用,但约束作用的内在要求和表现形式不同,法治发挥作用主要通过___。
A. 内心信念
B. 传统习俗
C. 国家强制力
D. 社会舆论
【单选题】
以法治价值和法治精神为导向,运用法律原则、法律规则、法律方法思考和处理问题的思维模式,称为___。
A. 法治观念
B. 法治意识
C. 法治思维
D. 法治信仰
【单选题】
法律至上是指___。
A. 任何人无论权力大小、职位高低,必须遵守法律,违反法律都要受到惩罚
B. 在国家或社会的所有规范中,法律是地位最高、效力最广、强制力最大的规范
C. 法律是约束权力最大的“笼子”,具有制约公权力的重要功能
D. 法律在本国主权范围内对所有人具有普遍的约束力
【单选题】
法律在本国主权范围内对所有人具有普遍的约束力,所有国家机关、社会组织和公民个人都必须遵守法律,依法享有和行使法定职权与权利,承担和履行法定职责与义务。指的是___。
A. 法律的至上性
B. 法律的普遍适用性
C. 法律的不可违抗性
D. 法律的制约性
【单选题】
当同一项社会关系同时受到多种社会规范的调整而多种社会规范又相互矛盾时,要优先考虑法律规范的适用,是指___。
A. 法律的优先适用性
B. 法律的普遍适用性
C. 法律的科学性
D. 法律的不可违抗性
【单选题】
___是指法律必须遵守,违反法律要受到惩罚。任何人不论权力大小、职位高低,只要有违法犯罪行为,就要依法追究其法律责任。
A. 法律的普遍适用性
B. 法律的至上性
C. 法律的制约性
D. 法律的不可违抗性
【单选题】
权力制约是指___。
A. 在国家或社会的所有规范中,法律是地位最高、效力最广、强制力最大的规范
B. 所有国家机关、社会组织和公民个人都必须遵守法律,依法享有和行使法定职权与 权利,承担和履行法定职责与义务
C. 国家机关的权力必须受到法律的规制和约束。
D. 任何人不论权力大小、职位高低,只要有违法犯罪行为,就要依法追究和承担法律责任
【单选题】
权力由法定,即法无授权不可为,是指___。
A. 国家机关的权力必须受到法律的规制和约束
B. 国家权力的运行和行使必须接受各种形式的监督
C. 国家工作人员违法行使权力必须受到法律的追究和制裁
D. 国家机关的职权必须来自法律明确的授予
【单选题】
国家机关在获得权力的同时必须承担相应的职责和责任,是指___。
A. 权力由法定
B. 有权必有责
C. 用权受监督
D. 违法受追究
【单选题】
国家权力的运行和行使必须接受各种形式的监督,是指___。
A. 权力由法定
B. 有权必有责
C. 用权受监督
D. 违法受追究
【单选题】
国家工作人员违法行使权力必须受到法律的追究和制裁,是指___。
A. 权力由法定
B. 有权必有责
C. 用权受监督
D. 违法受追究
【单选题】
___是指社会的政治利益、经济利益和其他利益在全体社会成员之间合理、公平分配和占有。
A. 按劳分配
B. 民主平等
C. 公平正义
D. 人权保障
【单选题】
生活在同一社会中的成员拥有相同的发展机会和发展前景,反对任何形式的歧视。称为___。
A. 权利公平
B. 义务公平
C. 人权公平
D. 机会公平
【单选题】
___是指对所有人适用同一的规则和标准,不得因人而异。
A. 权利公平
B. 规则公平
C. 救济公平
D. 机会公平
【单选题】
___是指为权利受到侵害或处于弱势地位的公民提供平等有效的救济。
A. 权利公平
B. 规则公平
C. 救济公平
D. 机会公平
【单选题】
___是权利保障的前提和基础。
A. 宪法保障
B. 立法保障
C. 行政保护
D. 司法保障
【单选题】
___是权利保障的重要条件
A. 宪法保障
B. 立法保障
C. 行政保护
D. 司法保障
【单选题】
公民权利保障的最后防线,既是解决个人之间权利纠纷的有效渠道,也是纠正和遏制行政机关侵犯公民权利的有力机制,指的是___。
A. 宪法保障
B. 立法保障
C. 行政保护
D. 司法保障