【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
推荐试题
【判断题】
每个库房应在库房外单独安装开关箱。保管人员离库时,必须拉闸断电
【判断题】
甲、乙类危化品仓库管理人员应当经过专门的安全培训,持证上岗。库房内严禁设置休息室、办公室。库房内应有防静电措施
【判断题】
造成3人以下死亡,或者10人以下受伤,或者1000万元以下直接经济损失的火灾事故为一般火灾事故
【判断题】
工业气瓶外观无严重损伤或腐蚀;两个防震圈装在规定的位置;气瓶立放时应采取防倾倒措施,要妥善固定
【判断题】
库房的照明灯具应安装在不燃或难燃的基座上,周围或下方可堆放可燃物
【判断题】
库房电器设备周围和架空线路下方严禁堆放物品
【判断题】
《消防法》确立的消防工作原则是:政府统一领导、部门依法监管、单位全面负责、公民积极参与
【判断题】
烟囱效应是建筑火灾通过楼梯间和电梯井迅速向上发展蔓延的主要原因之一
【判断题】
《消防法》规定,任何单位和个人都有维护消防安全、保护消防设施、预防火灾、报告火警的权利
【判断题】
室内消火栓栓口的出水方向应便于消防水带的敷设,并宜与设置消火栓的墙面成900角或向下
【判断题】
常见的水泵接合器分为地上式水泵接合器、地下式水泵接合器和墙壁式水泵接合器三种形式
【判断题】
人员密集场所的疏散通道、安全出口可自愿配置疏散照明和疏散指示标志
【判断题】
社会单位消防安全“四个能力”分别是: 检查消除火灾隐患能力、组织扑救初起火灾能力、组织人员疏散逃生能力、消防宣传教育培训能力
【判断题】
消防控制室、消防水泵房、自备发电机房、配电室、防排烟机房以及发生火灾时仍需正常工作的消防设备房应设置备用照明,其作业面的最低照度不应低于正常照明的照度
【判断题】
常闭防火门应在门扇的明显位置设置保持防火门开启等提示标志
【判断题】
消防安全重点单位应当进行每日防火巡查,防火巡查应当填写巡查记录,巡查人员及其主管人员应当在巡查记录上签名
【判断题】
灭火器应该放置在被保护物附近、通风干燥及取用方便的地方
【判断题】
单位应当组织新上岗和进入新岗位的员工进行上岗前的消防安全培训
【判断题】
单位在生产时,为做好安全保卫工作,可临时将安全出口上锁,下班时打开
【判断题】
走廊、楼道等公用区域可以放置、堆积一些不易起火的杂物
【判断题】
危险化学品仓库应设置醒目的防火、禁止吸烟等安全警示标志
【判断题】
凡有爆炸和火灾危险的区域,操作人员必须穿防静电鞋或导电鞋、防静电工作服
【判断题】
任何危险化学品都可以通过公路、铁路和水域渠道进行运输
【判断题】
一切爆炸品严禁与氧化剂、自燃物品、酸、碱、盐类、易燃可燃物、金属粉末和钢铁材料器具等混储混运
【判断题】
危险化学品可以露天堆放,但应符合防火、防爆的安全要求。爆炸物品、一级易燃物品、遇湿燃烧物品、剧毒物品不得露天堆放
【判断题】
发现房间内充满煤气、液化气、汽油等易燃气体或易燃液体的蒸汽时,应立即在该房间内拨打电话或手机报警
【判断题】
下班离开工作岗位时应熄灭火种,切断非工作电源
【判断题】
储存易燃、易爆危险化学品的建筑,必须安装避雷设备
【判断题】
易燃液体、遇湿易燃物品、易燃固体不得与氧化剂混合储存,具有还原性的氧化剂应单独存放
【判断题】
危险化学品仓库的库房门应为铁门或木质外包铁皮并采用内开式
【判断题】
为防止易燃气体积聚而发生爆炸和火灾,贮存和使用易燃液体的区域要有良好的空气流通
【判断题】
危险化学品专用仓库,应当符合国家标准对安全、消防的要求,设置明显标志
【判断题】
进行电焊、气焊等具有火灾危险的作业人员必须持证上岗,并严格遵守消防安全操作规程
【判断题】
电气线路的起火原因可能是由于短路、超负荷、以及线路产生的电火花和电弧
