【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
推荐试题
【单选题】
Fzh-CTC分散自律调度集中自律机作为心跳使用的接口是_______。[322000000]___
A. 串口
B. USB口
C. 并口
D. COM口
【单选题】
Fzh-CTC分散自律调度集中自律机的CAN卡正常工作时,CAN卡上面的两个指示灯会分别指示绿色和_______色。[332010201]___
【单选题】
Fzh-CTC分散自律调度集中KVM切换装置前面板_______亮灯说明当前显示器和键盘鼠标控制的是A车务终端。[332000000]___
A. B选中
B. B加电
C. A选中
D. A加电
【单选题】
Fzh-CTC分散自律调度集中KVM延长器在正常情况下上面的指示灯是_______的。[332010201]___
A. 同时亮
B. 交替闪烁
C. 全灭灯
D. 信号传输时亮
【单选题】
CISCO路由器S0/0接口名称中的“S”表示_______接口。[322000000]___
【单选题】
CISCO路由器F0/0接口名称中的“F”表示_______接口。[322000000]___
A. 快速串行
B. 快速以太网
C. 并行
D. 数据
【单选题】
路由协议中“STP”的中文名称是_______。[311000000]___
A. 普通路径协议
B. 增强型内部网关路由协议
C. 热备份路由协议
D. 生成树协议
【单选题】
路由配置提示符“Router>”说明目前在_______模式。[322000000]___
A. 特权EXEC
B. 用户EXEC
C. 全局配置
D. 接口配置
【单选题】
路由配置提示符“Router#”说明目前在_______模式。[322000000]___
A. 特权EXEC
B. 用户EXEC
C. 全局配置
D. 接口配置
【单选题】
一般车站中在TDCS站机屏幕上可以看见相邻_______站站场情况。[311000000]___
【单选题】
当与调度所通信中断中,TDCS站机屏幕右下角表示灯 _______ 。[333010201]___
A. 闪绿灯
B. 亮绿灯
C. 闪红灯
D. 亮红灯
【单选题】
TYJL-Ⅱ型计算机联锁系统,可点压电务维修机显示屏菜单栏的“_______切换”按钮来切换所调用的记录数据文件,进行主备监控机各种信息的查询。[322000000]___
A. A机
B. B机
C. C机
D. A/B机
【单选题】
TYJL-Ⅱ型计算机联锁系统运用过程中,若系统停电不超过_______就恢复供电,微机房不做信息存盘处理。[331000000]___
A. 3min
B. 4min
C. 5min
D. 6min
【单选题】
TYJL—Ⅱ型计算机联锁系统,每个I/O板最多控制_______采集板或驱动板。[32212000000]___
A. 4个
B. 8个
C. 16个
D. 32个
【单选题】
TYJL—Ⅱ型计算机联锁系统,采集电路采集设备状态在有信息时,采集点与采集地的直流电压应大于_______。[332010102]___
A. 10V
B. 16V
C. 18V
D. 24V
【单选题】
TYJL-ECC型计算机系统,每块INOM板提供_______信息点。[332000000]___
A. 24路
B. 32路
C. 40路
D. 48路
【单选题】
计算机联锁应按联锁图表进行_______一次的联锁试验。[312030204]___
【单选题】
计算机联锁采用_______结构的实质在于用增加相同性能的模块来换取系统的可靠性和安全性的。[332000000]___
【单选题】
当计算机联锁系统备机停机或备机仅处于_______时,禁止关闭主机电源或人为干预主机切换到备机。[332000000]___
A. 停机状态
B. 热备状态
C. 主机状态
D. 同步校核状态
【单选题】
下列设备中_______不需要UPS供电。[311000000]___
A. 联锁主机
B. 监控子系统打印机
C. 控制台分机 C输入分机
【单选题】
计算机联锁系统联锁机的故障一安全性是指_______。[322000000]___
A. 联锁机不发生危险侧输出的功能
B. 联锁机平均危险侧输出的间隔时间
C. 联锁机在规定的时间和条件下完成联锁功能的概率
D. 联锁机不发生危险侧输出概率
【单选题】
JD-1A型微机联锁系统控制台,区段空闲时,构成区段的发光二极管_______。[311010201]___
A. 不点亮
B. 发白色光
C. 发红色光
D. 闪白色光
【单选题】
JD-1A型微机联锁系统控制台,区段锁闭时,构成区段的发光二极管_______。[331010201]___
A. 不点亮
B. 发白色光
C. 发红色光
D. 闪白色光
【单选题】
JD-1A型微机联锁系统控制台,区段占用时,二极管_______。[331010201]___
A. 不点亮
B. 发白色光
C. 发红色光
D. 闪白色光
【单选题】
JD-1A型微机联锁系统控制台,进站信号机红白灯表示_______。[331010201]___
A. 信号关闭
B. 引导信号
C. 信号开放
D. 灯丝断丝
【单选题】
JD-1A型微机联锁系统控制台,进站信号机闪红灯表示_______。[331010201]___
A. 信号关闭
B. 引导信号
C. 信号开放
D. 灯丝断丝
【单选题】
JD-1A型微机联锁系统控制台,出站兼调车信号机绿灯表示_______。[311010201]___
A. 信号关闭
B. 列车信号开放
C. 调车信号开放
D. 灯丝断丝
【单选题】
JD-1A型微机联锁系统控制台,出站兼调车信号机白闪表示_______。[331010201]___
A. 信号关闭
B. 列车信号开放
C. 调车信号开放
D. 灯丝断丝
【单选题】
JD-1A型微机联锁系统,在控制台上对应每一台上下位机均有一对表示灯表示该机的联机状态,两个灯均点亮表示该机处于_______。[333010201]___
A. 主用状态
B. 热备状态
C. 脱机
D. 死机
【单选题】
JD-1A型微机联锁系统,在控制台上对应每一台上下位机均有一对表示灯表示该机的联机状态,仅有左侧的一个灯点亮表示该机处于_______。[333010201]___
A. 主用状态
B. 热备状态
C. 脱机
D. 死机
【单选题】
JD-1A型微机联锁系统,实现联锁机的主、备用,即完成本机3个倒机继电器和邻机的3个倒机继电器的采集和驱动的是_______。[322000000]___
A. 多功能匹配板
B. 机箱控制板
C. 驱动板
D. 采集板
【单选题】
JD-1A型微机联锁系统,与单线半自动闭塞结合电路中采集KTJ的_______。[322010103]___
A. 前接点
B. 后接点
C. 中接点
D. 前后接点
【单选题】
JD-1A型微机联锁系统,当备机启动后首先进入_______。[333000000]___
A. 停机状态
B. 主用状态
C. 热备状态
D. 同步校核状态
【单选题】
JD-1A型微机联锁系统,当备机和主机动态信息一致后,备机进入_______。[312000000]___
A. 停机状态
B. 主用状态
C. 热备状态
D. 同步校核状态
【单选题】
JD-1A型微机联锁系统,只有在另一台联锁机处于_______的情况下,才能人工倒机。[312000000]___
A. 停机状态
B. 主用状态
C. 热备状态
D. 同步校核状态
【单选题】
EI32-JD型计算机联锁系统,具有进行联锁运算功能,并根据运算结果,产生控制命令的是_______。[332000000]___
A. 联锁机
B. 操作表示机
C. 驱采机
D. 电务维修机
【单选题】
EI32-JD型计算机联锁系统,电务维修机不具备的功能是_______。[323000000]___
A. 接收操作表示机传来的站场状态信息、操作信息、提示信息、故障信息等
B. 显示站场运行状况、车站值班员操作信息、故障信息、系统运行状况等
C. 记录一个月的历史信息,可查看一个月内站场运行状况、车站值班员操作信息、故障信息等
D. 通过LAN通信,接收联锁机传送的控制命令;并根据控制命令控制相应驱动电路
【单选题】
在DS6-11计算机联锁系统中由于工作机A机发生硬件故障造成死机故障或人工关机,_______落下。[322010104]___
A. AYUJ
B. BYUJ
C. AGZJ
D. BGZJ
【单选题】
在DS6-11计算机联锁系统中当A机发生错误开放信号的危险性故障,或人工在监测机上输入双机切换命令,_______落下。[322010104]___
A. AYUJ
B. BYUJ
C. AGZJ
D. BGZJ
【单选题】
DS6-K5B在计算机联锁,系统各设备间采用光缆连接,下列说法正确的是_______。[331010103]___
A. 不得用手摸光缆接头的光端口,光缆接头不用时,应带上防尘帽
B. 可以用手摸光缆接头的光端口
C. 光缆接头不用时,不用带上防尘帽
D. 不得用手摸光缆接头的光端口,但光缆接头不用时,不用带上防尘帽
