【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
推荐试题
【判断题】
工作票不得任意涂改。如有个别错字、漏字需修改,应字迹清晰。[1分]
【判断题】
动火作业许可证作为工作票的补充,可以代替工作票。[1分]
【判断题】
应按照国家标准规定对起重机械进行月检和年检。对在检查中发现有问题的起重机械,应进行检修,并保存检修档案。[1分]
【判断题】
吊装过程中,出现故障,应立即向工作负责人报告,没有指挥令,任何人不得擅自离开岗位。[1分]
【判断题】
焊工应戴防尘(电焊尘)口罩穿帆布工作服、工作鞋,戴工作帽、手套,上衣应扎在裤子里,口袋应有遮盖,脚面应有鞋罩,以免烧伤。[1分]
【判断题】
采用非常规起重设备、方法,且单件起吊重量在0.5吨及以上的起重吊装工程应编制专项施工方案。[1分]
【判断题】
《职业病防治法》第二十条规定,用人单位应当采取下列职业病防治管理措施:设置或者指定职业卫生管理机构或者组织,配备专职或者兼职的职业卫生管理人员,负责本单位的职业病防治工作。[1分]
【判断题】
精神不振、情绪不稳、慌恐不安、过分激动等人员,不宜进行高处作业。[1分]
【判断题】
任何单位和个人不得将产生职业病危害的作业转移给不具备职业病防护条件的单位和个人。[1分]
【判断题】
《安全生产法》第四十九条规定,企业与从业人员订立的劳动合同,应当载明有关保障从业人员劳动安全、防止职业危害的事项,以及依法为从业人员办理工伤保险的事项。[1分]
【判断题】
作业中禁止投掷工具、材料和杂物等,工具应有防掉绳,并放入工具袋。所有材料应堆放平稳。作业点下方应设置安全警戒区和警戒标志,不需设专人监护。[1分]
【判断题】
开启阀门阀腔进行排气泄压前,作业人员严禁正对泄压口。[1分]
【判断题】
动火作业前应将隔离阀门阀腔应放空,确保无内漏;如有内漏,应采取必要措施后方可作业。[1分]
【判断题】
不准在带有压力(液体压力或气体压力)或带电的设备上进行焊接、气割;在特殊情况下必须在带压和带电设备上进行焊接、气割时,应采取安全措施,并经总经理批准。[1分]
【判断题】
电动执行机构检修或维护作业前,应将执行机构打至远控状态,以便出现意外方便站控人员紧急操作。[1分]
【判断题】
拆除管线的动火作业,必须先查明内部介质及其走向,并制定相应的安全防火措施。[1分]
【判断题】
交叉作业各方工作负责人必须对其工作人员进行再交底,交底应有记录和签名。[1分]
【判断题】
《安全生产法》第四十七条规定,生产经营单位发生生产安全事故时,单位的主要负责人应当立即组织抢救,并不得在事故调查处理期间擅离职守。[1分]
【判断题】
《安全生产法》第三条规定, 安全生产工作应当以人为本,坚持科学发展,坚持安全第一、预防为主的方针,强化和落实生产经营单位的主体责任,建立生产经营单位负责、职工参与、政府监管、行业自律和社会监督的机制。[1分]
【判断题】
对于采用氮气或其它惰性气体对可燃气体进行置换后的密闭空间内作业前应进行含氧量检测,环境氧含量应大于21.5%。[1分]
【判断题】
职业病诊断标准和职业病诊断、鉴定办法由国务院劳动保障行政部门制定。[1分]
【判断题】
检修或维护作业前,应将流量计退出运行并切换到备用支路,如无法切换支路或需进行在线作业的,电动调节阀应调至流量自动控制。[1分]
【判断题】
《安全生产法》第五十六条规定,从业人员发现事故隐患或者其他不安全因素,应当自己想办法排除隐患。[1分]
【判断题】
移动发电机应停放在平稳的基础上,运转时可以移动、加油。[1分]
【判断题】
用人单位可以安排未经上岗前职业健康检查的劳动者从事接触职业病危害的作业。[1分]
【判断题】
向金属管道或容器内充氧气或富氧空气进行受限空间作业前准备。[1分]
【判断题】
检修人员因工作需要可经工作负责人同意操作工艺区内的阀门、盲板及安全附件、保护设施。[1分]
【判断题】
工作票由工作负责人填写,并由签发人签发。如需2个及以上专业配合完成的工作,由任意方担任工作负责人,填写工作票,并经其他各方审核确认。[1分]
【判断题】
脚手架工程除办理特殊作业许可证还应编制专项施工方案。[1分]
【判断题】
《安全生产法》第五条规定, 生产经营单位的主要负责人对本单位的安全生产工作全面负责。[1分]
【判断题】
《安全生产法》第十二条规定,有关协会组织依照法律、行政法规和章程,为生产经营单位提供安全生产方面的信息、培训等服务,发挥自律作用,促进生产经营单位加强安全生产管理。[1分]
【判断题】
高处作业前,作业人员无需仔细检查作业平台是否牢固,应尽快完成作业。[1分]
【判断题】
用人单位与劳动者订立劳动合同(含聘用合同,下同)时,应当将工作过程中可能产生的职业病危害及其后果、职业病防护措施和待遇等如实告知劳动者,并在劳动合同中写明,不得隐瞒或者欺骗。[1分]
【判断题】
《职业病防治法》第三十四条规定,用人单位应当对劳动者进行上岗前的职业卫生培训和离岗期间的定期职业卫生培训,普及职业卫生知识,督促劳动者遵守职业病防治法律、法规、规章和操作规程,指导劳动者正确使用职业病防护设备和个人使用的职业病防护用品。[1分]
【判断题】
射线检测时,必须按规定划出透照区,并设明显警戒标记或信号,以防止非工作人员误入该区受到伤害。[1分]
【判断题】
《安全生产法》第二十三条规定,生产经营单位不得因安全生产管理人员依法履行职责而降低其工资、福利等待遇或者解除与其订立的劳动合同。[1分]
【判断题】
外检测作业过程中发现管道防腐层严重破损并可能危及管道安全的,应立即组织人员进行修复。[1分]
【判断题】
内检测实施作业前应确认收发球筒前后隔离阀门有无内漏;内漏严重的禁止进行收发球作业。[1分]
【判断题】
进入特别潮湿作业场所作业,还应穿绝缘鞋、戴绝缘手套,照明电压不超过24V。[1分]
【判断题】
《安全生产法》第八十二条规定,参与事故抢救的部门和单位应当听从本部门和单位领导的指示,各个击破采取有效的应急救援措施,减少人员伤亡和财产损失。[1分]