【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
推荐试题
【单选题】
导线、地线更换施工,带电更换架空地线或架设耦合地线时,应通过___可靠接地。
A. 金属滑车
B. 放线滑车
C. 转向滑车
D. 压线滑车
【单选题】
为预防雷电以及临近高压电力线作业时的感应电,应按电网建设《安规》要求装设___。
A. 导线
B. 接地线
C. 金属线
D. 避雷线
【单选题】
工作接地线应用多股软铜线,截面积不得小于___mm2。
【单选题】
装设接地线时,应___。
A. 先接接地端,后接导线或地线端,拆除时的顺序相反
B. 后接接地端,先接导线或地线端,拆除时的顺序相反
C. 先接接地端,后接导线或地线端,拆除时的顺序相同
D. 后接接地端,先接导线或地线端,拆除时的顺序相同
【单选题】
接地棒应镀锌,直径应不小于___mm。
【单选题】
保安接地线应使用截面积不小于___mm2的多股软铜线。
【单选题】
张力放线时的接地,在架线前,放线施工段内的杆塔应与___装置连接。
【单选题】
张力放线时,牵引机及张力机出线端的牵引绳及导线上应安装___。
A. 接地滑车
B. 放线滑车
C. 转向滑车
D. 压线滑车
【单选题】
邻近带电体作业时,人体与带电体之间的最小安全距离应符合___的规定。
A. 10kV(交流)及以下电压等级,安全距离0.5m
B. 220kV(交流)电压等级,安全距离3.0m
C. 20、35kV(交流)电压等级,安全距离0.7m
D. 500kV(交流)电压等级,安全距离4.5m
【单选题】
在邻近或交叉其他带电电力线处作业时,采取有效措施,使人体、导线、工器具等与110kV带电导线的最小安全距离为___m。
【单选题】
在邻近或交叉其他带电电力线处作业时,采取有效措施,使起重机及吊件、牵引绳索和拉绳沿垂直方向与110kV带电导线的最小安全距离为___m。
【单选题】
跨越施工前,___应安装完毕且与杆塔可靠连接。
A. 避雷装置
B. 接地装置
C. 防坠装置
D. 警示标志
【单选题】
绝缘绳、网___使用前,应进行检查,有严重磨损、断股、污秽及受潮时禁止使用。
【单选题】
跨越不停电电力线路,在架线施工前,施工单位应向___书面申请该带电线路“退出重合闸”。
A. 建设单位
B. 调试单位
C. 监理单位
D. 运维单位
【单选题】
架线过程中,不停电跨越位置处、跨越档两端铁塔应设专人监护,监护人应配备通信工具,且应保持与___的联系畅通。
A. 现场指挥人
B. 项目经理
C. 技术负责人
D. 安全员
【单选题】
跨越档两端铁塔上的放线滑轮均应采取接地保护措施,放线前所有铁塔接地装置应安装完毕并接地可靠。人力牵引跨越放线时,跨越档相邻两侧的施工___应接地。
A. 导线、地线
B. 铁塔
C. 工器具
D. 张力机
【单选题】
跨越电气化铁路时,跨越架与接触网的最小安全距离,应满足___kV电压等级的有关规定。
A. 110
B. 220
C. 66
D. 35
【单选题】
跨越档两端铁塔的附件安装应进行___道防护,即采用包胶钢丝绳将导线圈住并挂于横担上。
【单选题】
现场作业负责人在接到已停电许可作业命令后,应首先安排人员进行验电。验电应使用___的合格的验电器。验电时应戴绝缘手套并逐相进行。验电应设专人监护。同杆塔架设有多层电力线时,应先验低压、后验高压、先验下层、后验上层。
A. 相应电压等级
B. 相应电流等级
C. 相应功率等级
D. 相应功能
【单选题】
线路施工,验明线路确无电压后,作业人员应按照工作票上接地线布置的要求,立即挂___。
A. 安全警示牌
B. 工作接地线
C. 个人保安线
D. 操作接地线
【单选题】
挂拆工作接地线应遵守规定正确的是___。
A. 验明线路确无电压后,作业人员应按照工作票上接地线布置的要求,不用立即挂工作接地线
B. 凡有可能送电到作业地段内线路的分支线也应挂工作接地线
C. 同杆塔架设有多层电力线时,应先挂高压、后挂低压、先挂下层、后挂上层
D. 工作接地线挂完后,不用经现场作业负责人检查确认即可开始作业
【单选题】
拆除工作接地线时的顺序与挂工作接地线的顺序___。
【单选题】
作业间断或过夜时,作业段内的工作接地线___。
A. 应全部拆除
B. 应部分拆除
C. 应部分保留
D. 应全部保留
【单选题】
停电、送电作业应指定专人负责。禁止采用___停电、送电。
A. 按步骤操作
B. 调度下令
C. 提前通知
D. 口头或约时
【单选题】
关于停电、送电作业,下列说法错误的是___。
A. 应指定专人负责
B. 禁止采用口头停电、送电
C. 禁止约时停电、送电
D. 采用电话约时停电送电
【多选题】
关于施工用电说法正确的是___。
A. 施工用电方案应编入项目管理实施规划或编制专项方案
B. 施工用电设施安装、运行、维护应由专人负责
C. 施工用电工程应定期检查,对安全隐患应及时处理,并履行复查验收手续
D. 施工用电工程的380V/220V低压系统,应采用三级配电、二级漏电保护系统,末端应装漏电保护器
E. 专用变压器中性点直接接地的低压系统宜采用TNS接零保护系统
【多选题】
关于变压器设备说法正确的是___。
A. 10kV/400kVA 及以下的变压器宜采用支柱上安装,底部距地面的高度不得小于2.5m
B. 35kV及10kV/400kVA以上的变压器如采用地面平台安装,装设变压器的平台应高出地面0.5m
C. 围栏与变压器外廓的距离:10kV及以下应不小于1m
D. 围栏与变压器外廓的距离:35kV应不小于1.5m
E. 35kV及10kV/400kVA以上的变压器其四周应装设高度不低于1.7m的围栏
【多选题】
关于发电机组说法正确的是___。
A. 发电机组禁止设在基坑里
B. 发电机组应配置可用于扑灭电气火灾的灭火器,禁止存放易燃易爆物品
C. 发电机组应采用电源中性点直接接地的三相五线制供电系统
D. 总容量为100kVA以下的系统,工作接地电阻不得大于4Ω
E. 发电机供电系统应设置可视断路器或电源隔离开关及短路、过载保护
【多选题】
关于行灯照明说法正确的是___。
A. 行灯的电压不得超过36V
B. 潮湿场所、金属容器或管道内的行灯电压不得超过12V
C. 行灯电源线应使用绝缘护套软电缆
D. 行灯照明变压器应使用自耦变压器
【多选题】
配电箱应坚固,金属外壳接地或接零良好,其结构应具备___的功能。
【多选题】
行灯的电压不得超过36V,___的行灯电压不得超过12V。行灯应有保护罩,行灯电源线应使用绝缘护套软电缆。
A. 潮湿场所
B. 金属容器
C. 管道内
D. 电缆沟内
【多选题】
采用TNS系统做保护接零时,说法正确的是___。
A. 工作零线应通过漏电保护器
B. 工作零线不应通过漏电保护器
C. 保护零线应由电源进线零线重复接地处或漏电保护器电源侧零线处引出
D. 保护零线不通过漏电保护器
E. 保护零线通过漏电保护器
【多选题】
电源线、保护接零线、保护接地线应采用___或其他可靠方法连接。
A. 焊接
B. 压接
C. 钩挂
D. 螺栓连接
【多选题】
保护零线(PE线)应在配电系统的___处做重复接地。
【多选题】
对地电压在127V及以上的下列电气设备及设施,均应装设接地或接零保护,说法正确的是___。
A. 电缆接头盒的外壳及电缆的金属外皮
B. 吊车的轨道及焊工等的工作平台
C. 架空线路的木杆
D. 室内外配线的金属管道
E. 金属制的集装箱式办公室、休息室及工具、材料间、卫生间等
【多选题】
禁止利用___作为接地装置的自然接地体。
A. 易燃、易爆气体管道
B. 易燃、易爆液体管道
C. 金属井管
D. 与大地有可靠连接的建筑物的金属结构
【多选题】
符合接地装置的敷设基本要求的是___。
A. 符合GB 50194《建设工程施工现场供用电安全规范》的规定
B. 人工接地体的顶面埋设深度不宜小于0.5m
C. 人工垂直接地体宜采用热浸镀锌圆钢、角钢、钢管、螺纹钢,长度宜为2.5m
D. 人工水平接地体宜采用热浸镀锌的扁钢或圆钢。圆钢直径不应小于12mm
E. 扁钢、角钢等型钢的截面积不应小于90mm2,其厚度不应小于3mm;钢管壁厚不应小于2mm
【多选题】
___应配锁具。
A. 配电室
B. 现场的配电柜
C. 总配电箱
D. 分配电箱
【多选题】
施工用电设施应定期检查并记录。对用电设施的___应进行定期检测并记录。
A. 绝缘电阻
B. 接地电阻
C. 绝缘电流
D. 接地电流
