【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
推荐试题
【多选题】
新购置列车均应开展(),测试应先在试车线进行,并做好安___
A. 动态功能测试
B. 安全防护措施
C. 运行测试
D. 工作测试
【多选题】
新购置列车均应开展动态功能测试,测试应先在(),并做好安全___
A. 试车线进行
B. 安全防护措施
C. 室内进行
D. 室外进行
【多选题】
新购置列车均应开展动态功能测试,测试应先在(),并做好___
A. 安全防护措施
B. 试车线进行
C. 保护措施
D. 应急措施
【多选题】
测试合格后,应开展不少于()列公里的不载客运行后,方可投入运营。正线测试应在()施行___
A. 2000
B. 非运营时段施行
C. 4000
D. 5000
【多选题】
测试期间发现可能危及行车安全的故障或突发事件时,应(),待故障或突发事件()后方可继续进行。___
A. 立即汇报
B. 立即停止
C. 处理完毕
D. 立即逃跑
【多选题】
信号系统整体更新应在非运营时段进行,运营单位应实施(),确保既有信号系统在过渡期间正常运行,并对设备的安装()进行卡控。___
A. 全过程现场管理
B. 全过程监控管理
C. 安装工艺和标准
D. 全过程跟岗管理
【多选题】
信号系统整体更新应在()进行,运营单位应实施全过程监控管理,确保既有信号系统在过渡期间正常运行,并对设备的()进行卡控。___
A. 安装工艺和要求
B. 非运营时段施行
C. 安装工艺和标准
D. 安装人员和方法
【多选题】
新旧信号系统兼容运行的,在对两列列车进行升级并上线试用不少于()个月后,方可开展对其他列车分批次___
【多选题】
新旧信号系统倒切前,应在非运营时段开展不少于()次的实战演练,新信号系统经过累计不少于144小时的不载客运行后方可___
【多选题】
软件升级前,运营单位应要求供应商在实验室进行充分试验,并进行()。升级时应组织供应商共同做好___
A. 记录
B. 技术交底
C. 安全防护
D. 观察
【多选题】
城市轨道交通项目改建、扩建时,运营单位应对改扩建设计方案、技术方案、施工方案、()保障方案等文件进行事前审核后,办理()。实施过程中应采取安全和检查措施保障运营安全。___
A. 试验
B. 安全
C. 施工手续
D. 防护
【多选题】
运营单位具体负责并组织开展设施设备运行维护工作,确保设施设备性能良好、___
A. 高压试验
B. 运行维护
C. 状态稳定
D. 排查记录
【多选题】
托外单位开展设施设备运行维护服务工作(以下简称委外服务)的,运营单位应与服务商签订(),明确()、监测及维护周期、需求响应时间、质量要求、安全作业要求和违约责任等。___
【多选题】
托外单位开展设施设备运行维护服务工作(以下简称委外服务)的,运营单位应与服务商签订书面协议,明确()、监测及()、需求响应时间、质量要求、安全作业要求和违约责任等。___
【多选题】
委外服务不免除或减轻运营单位应承担的主体责任,委外服务商依据委外服务合同承担相应责任。___
【多选题】
运营单位应建立委外服务评价体系,对服务商响应及时性、故障处理速度、维护计划完成率、监测和维护质量等进行综合评价,加强()管理。___
【多选题】
营单位应按月统计设施设备(),定期开展设施设备故障发生次数、平均无故障运行时间、故障发生率等重点指标分析,对设施设备运行状况和服役能力进行持续评估,为设施设备()提供支持___
A. 故障时间
B. 故障情况
C. 维护及更新改造
【多选题】
运营单位应组织编制各类设备的操作手册,()的发布、修订及废止应经充分()后方可实施。___
【多选题】
操作手册应至少包括启用前的状态检查、启停程序、操作流程、异常情况处置程序、()规定等内容。___
【多选题】
运营单位应根据(),合理制定()。___
A. 设备试验计划
B. 设备运行计划
C. 运营实际
【多选题】
每日(),应对轨行区行车环境,车辆系统、供电系统、通信系统、信号系统、自动售检票系统、乘客信息系统、站台门等直接影响行车安全和客运服务的设备,以及其他重新开机启用的设备进行检查,确认正常后方可投入运营。鼓励采用()进行状态检查。___
【多选题】
运营单位应密切监控设施设备(),对于设备异常情况报警,应进行(),及时检查确认并处理。___
【多选题】
无法继续维持运营或继续运营将危及行车安全的,应停运抢修并尽快恢复()。可继续维持运营的,应视情采取区间限速、添乘检查、安全防护等措施,尽快完成()。___
【多选题】
《城市轨道交通运营突发事件应急演练管理办法》参考了以下那些文献 。___
A. 《中华人民共和国安全生产法》
B. 《中华人民共和国突发事件应对法》
C. 《生产安全事故应急条例》
D. 《突发事件应急预案管理办法》
E. 《国家城市轨道交通运营突发事件应急预案》
【多选题】
城市轨道交通运营过程中发生的因 ,造成人员伤亡、行车中断、财产损失的突发事件应急演练工作适用本办法。___
A. 列车冲突
B. 脱轨
C. 损毁
D. 设施设备故障
E. 大客流
【多选题】
因 以及其他因素影响或可能影响城市轨道交通正常运营的情形,参照本办法开展运营处置方面的应急演练工作。___
A. 地震
B. 洪涝
C. 气象灾害
D. 恐怖袭击
E. 刑事案件
【多选题】
运营突发事件应急演练应遵循 的原则。___
A. 全面覆盖
B. 总专结合
C. 协同联动
D. 有效融合
E. 逐级汇报
【多选题】
城市轨道交通所在地城市交通运输主管部门或者城市人民政府指定的城市轨道交通运营主管部门依法承担职责范围内本行政区域运营突发事件应急演练的 工作。___
A. 安全
B. 组织实施
C. 监督管理
D. 协调
E. 集中领导
【多选题】
城市轨道交通运营主管部门应根据 ,组织完善运营突发事件,协调建立 健全部门间 ,并细化行业内部的职责分工和工作要求等。___
A. 城市专项应急预案
B. 部门应急预案
C. 应急处置体系
D. 应急处置联动机制
E. 城市轨道交通运营突发事件应急预案
【多选题】
城市轨道交通运营单位应建立 方案。___
A. 专项应急预案
B. 城市轨道交通运营突发事件综合应急预案
C. 现场处置
D. 应急处置联动机制
E. 生产安全事故应急条例
【多选题】
运营单位 应报城市轨道交通运营主管部门备案。___
A. 故障处理指南
B. 综合应急预案
C. 专项应急预案
D. 突发事件应急预案管理办法
E. 生产安全事故应急条例
【多选题】
运营单位综合应急预案应与政府层面的专项应急预案相衔接,总体阐述本单位运营突发事件的 及保障措施等内容。___
A. 应急工作原则
B. 应急组织机构及职责
C. 专项应急预案体系
D. 预警及信息报告
E. 应急响应
【多选题】
运营单位专项应急预案应针对重大风险、关键设施设备故障等某一类型或某几种类型的运营突发事件,明确 等内容。___
A. 风险分析
B. 应急指挥机构及职责
C. 处置程序
D. 措施
E. 故障点
【多选题】
专项应急预案应至少涵盖以下重点内容,并开展演练。___
A. 列车脱轨、撞击、冲突、挤岔
B. 土建结构病害、轨道线路故障
C. 异物侵限、车站及线路淹水倒灌
D. 车辆故障、供电中断、通信中断、信号系统故障
E. 突发大客流、客伤
【多选题】
运营单位现场处置方案应根据不同运营突发事件类型,针对具体的场所、设施设备等明确现场作业人员的 等内容。___
A. 岗位职责
B. 岗位主要内容
C. 应急处置流程
D. 处置措施
E. 安全注意事项
【多选题】
关键岗位的现场处置方案,行调应至少涵盖以下重点内容,并开展经常性演练。___
A. 列车事故、故障
B. 列车区间阻塞
C. 设施设备故障清客
D. 道岔失表、火灾
E. 线路运营调整及故障抢修
【多选题】
关键岗位的现场处置方案,电调、环调应至少涵盖以下重点内容,并开展经常性演练。___
A. 大面积停电
B. 供电区段失电
C. 电力监控系统离线
D. 区间火灾
E. 区间积水
【多选题】
关键岗位的现场处置方案,列车驾驶员应至少涵盖以下重点内容,并开展经常性演练。___
A. 列车事故、故障
B. 列车降级运行
C. 区间乘客疏散
D. 列车连挂救援
E. 非正常交路行车
【多选题】
关键岗位的现场处置方案,行车值班员应至少涵盖以下重点内容,并开展经常性演练。___
A. 非正常情况下的行车进路办理
B. 列车接发作业
C. 道岔失表
D. 车站乘客疏散、客伤
E. 抢修作业办理
【多选题】
关键岗位的现场处置方案,设施设备维护人员应至少涵盖以下重点内容,并开展经常性演练。___
A. 土建结构
B. 轨道线路
C. 车辆
D. 供电
E. 通信、信号
