【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
推荐试题
【单选题】
一台计算机操作系统为Windows,已经连入了Internet. 以下说法中唯一确的是___。
A. 该计算机一定安装了调制解调器
B. 该计算机一定安装了交换机
C. 该计算机一定安装了一部电话
D. 该计算机一定安装了TCP/P协议
【单选题】
网络监听是___。
A. 远程观察一个用户的计算机
B. 监视网络的状态、传输的数据流
C. 监视计算机系统的运行情况
D. 监视一个网站的发展方向
【单选题】
关于拒绝服务攻击的说法正确的是___。
A. 用超出被攻击目标处理能力的海量数据包消耗可用系统、带宽资源等方法的攻击
B. 英文全称是Distributed Denial of Service
C. 拒绝来自一个服务器所发送回应请求的指令
D. 入侵控制一个服务器后远程关机
【单选题】
.数据的___包括线性结构、树状结构和图状结构等基本类型。
A. 存储结构
B. 逻辑结构
C. 基本运算
D. 算法描述
【单选题】
树状结构最适合用来表示___。
A. 有序数据元素
B. 无序数据元素
C. 元素之间具有分支层次关系的数据
D. 元素之间无联系的数据
【单选题】
二叉树的第k层的结点数最多为___。
A. 2*-1
B. 2*+1
C. 2*+1
D. 2*1
【单选题】
在一个长度为n的顺序存储的线性表中,向第i个元素(1≤i≤n+1)位置插入一个新元素时,需要从后向前依次后移___ 个元素。
A. n-1
B. n-i+I
C. n-i-l
D. i
【单选题】
下面关于线性表的叙述错误的是___.
A. 线性表采用顺序存储必须占用一片连续的存储空间
B. 线性表采用链式存储不必占用-:片连续的存储空间
C. 线性表采用链式存储便于插入和删除操作的实现
D. 线性表采用顺序存储便于插入和删除操作的实现
【单选题】
栈的插入和删除操作在___进行。
A. 栈顶
B. 栈底
C. 任意位置
D. 指定位置
【单选题】
一个栈的输入序列为1,2,3,4,5,6,则下列序列中不可能是栈的输出序列的是___。
A. 2,3,4,1,5
B. 5,4,1,3,2
C. 2,3,1,4.5
D. 1,5,4,3.2
【单选题】
设某棵二义树中有200个结点,则该二叉树的最小高度为___。
【单选题】
设某棵二叉树的高度为10.则该二叉树上叶子结点最多有___.
A. 20
B. 256
C. 512
D. 1024
【单选题】
操作系统是一种___。
A. 应用软件
B. 系统软件
C. 工具软件
D. 杀毒软件
【单选题】
操作系统的作用是___。
A. 对计算机存储器进行管理
B. 实现软硬件的转换
C. 对外部设备进行管理
D. 控制和管理资源的使用
【单选题】
操作系统是___ 的接口。
A. 用户与软件
B. 系统软件与应用软件
C. 主机与外设
D. 用户与计算机
【单选题】
4在中文Wndows 7操作系统下,下列文件名中不正确的是___.
A. abc.bak.
B. 计算机_操作doc
C. myfile>new.txt
D. myfilel +myfile2
【单选题】
以下软件中,___不是操作系统软件。
A. Windows7 操作系统
B. UNIX操作系统
C. Linux操作系统
D. Office 2010
【单选题】
在Windows 7 操作系统中,若将剪贴板上的信息粘贴到某个文档窗口的插入内处,正确的操作是___
A. 按[Ctrl+V]组合键
B. 按[Ctrl+Z]组合键
【单选题】
在Windows 7操作系统中,可使用桌面上的___图标测览和查看系统提供的所有软硬件资源。
A. 网络
B. 回收站
C. 计算机
D. 我的电脑
【单选题】
在Windows 7操作系统中, 选择某一文件夹,再选择“文件”→“删除”选项,则___.
A. 只删除文件夹而不剩除其所包含的文件
B. 删除文件夹内的某-程序文件
C. 删除文件夹所包含的所有文件而不删除文件夹
D. 删除文件夹及其所包含的全部文件与子文件夹
【单选题】
在Windows 7操作系统中,使用搜索功能查找硬盘中的所有Word文档,可以在搜索栏输入关键字___。
A. *.docx
B. ?.docx
C. &.docx
D. #.docx
【单选题】
可以通过按___组合键,在弹出的界面中选择“启动任务管理器"选项,弹出“Windows任务管理器”窗口。
A. [Ctrl+Alt+Shift]
B. [Ctrl+Alt+Home]
C. [Ctrl+Alt+Deletc]
D. [Ctrl+ Alt+Enter]
【单选题】
在Word 2010编辑中,要移动或复制文本,可以用___来选择文本。
A. 鼠标
B. 键盘
C. 扩展选取
D. 以上方法都可以
【单选题】
在Word2010中要复制字符格式而不复制字符,需单击___按钮。
A. 格式刷
B. 格式选定
C. 格式工具框
D. 复制
【单选题】
一位同学正在撰写毕业论文,并且要求只用A4规格的纸输出,在打印预览中,他发现最后一页只有一行,他想把这一行提到上一 页,最好的办法是___。
A. 改变纸张大小
B. 增大页边距
C. 减小页边距
D. 把页面方向改为横向
【单选题】
用相对地址引用的单元格在公式复制中目标公式会___。
A. 不变
B. 变化
C. 使列地址变化
D. 使行地址变化
【单选题】
Excel 2010文档包括___
A. 工作表
B. 工作簿
C. 编辑区域
D. 以上都是
【单选题】
Excel 2010单元格DI中有公式=A1+$CI,将DI格中的公式复制到E4格中,E4格中的公式为___
A. =A4+$C4
B. =B4+$D4
C. =B4+$C4
D. =A4+C4
【单选题】
在PowerPoint 2010中,幻灯片内的动画效果可通过“动画“选项卡的___ 选项设置。
A. 动作设置
B. 自定义动画
C. 动画预览
D. 幻灯片切换
【单选题】
在PowerPoint 2010中,在空白幻灯片中不可以直接插入___。
A. 文本框
B. 文字
C. 艺术字
D. Word 表格
【单选题】
在“页眉和页脚”对话框中设置幻灯片编号,将放置到幻灯片中的___.
A. 左下角
B. 中部
C. 右下角
D. 项部
【单选题】
PowerPoint 2010中,艺术字具有___。
A. 文件属性
B. 图形属性
C. 字符属性
D. 文本属性编辑
【单选题】
.文件系统与数据库系统相比较,其主要缺陷表现在数据联系弱、数据冗余和___.
A. 数据存储量少
B. 数据不安全
C. 数据的处理速度慢
D. 数据不一致
【单选题】
数据库系统的核心是___.
A. 数据模型
B. 数据库管理系统
C. 软件L具
D. 数据库
【单选题】
下列有关表的设计原则的叙述中,错误的是___.
A. 表中每一列必须是类型相同的数据
B. 表中每一字段必须是不可再分的数据单元
C. 表中的行、列次序不能任意交换,否则会影响存储的数据
D. 同一个表中既不能有相同的字段,也不能有相同的记录
【单选题】
用树状结构表示实体之间联系的模型是___。
A. 关系模型
B. 网状模型
C. 层次模型
D. 以上3个都是
【单选题】
以下4项,不属于数据库特点的是___。
A. 数据共享
B. 数据完整性
C. 数据冗余很高
D. 数据独立性高
【单选题】
___是位于用户和操作系统之间的一层数据管理软件。
A. 数据库管理系统
B. 开发平台
C. 数据库系统
D. 数据库应用系统
