【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
推荐试题
【多选题】
来自国内疫区的交通工具,或者在国内航行中发现________,交通工具负责人应当向到达的国境口岸卫生检疫机关报告,接受临时检疫。___
A. 检疫传染病
B. 疑似检疫传染病
C. 有人因意外伤害死亡的
D. 有人非因意外伤害而死亡并死因不明的
【多选题】
在国内或者国外检疫传染病大流行的时候,应当立即报请国务院决定采取的检疫措施包括:___
A. 下令封锁陆地边境、国界江河的有关区域
B. 指定某些物品必须经过消毒、除虫,方准由国外运进或者由国内运出
C. 禁止某些物品由国外运进或者由国内运出
D. 指定第一入境港口、降落机场
【多选题】
根据《国境卫生检疫法实施细则》规定,入境、出境的________等特殊物品,须经卫生检疫机关签发特殊物品审批单。___
A. 微生物
B. 人体组织
C. 生物制品
D. 血液及其制品
【多选题】
卫生检疫机关发现________时,应当向当地卫生行政部门和卫生防疫机构通报。___
A. 检疫传染病
B. 监测传染病
C. 疑似检疫传染病
D. 疑似监测传染病
【多选题】
地方卫生防疫机构发现________时,应当向卫生检疫机关通报。___
A. 疑似检疫传染病
B. 疑似监测传染病
C. 检疫传染病
D. 监测传染病
【多选题】
船舶的入境检疫,必须在________实施。___
A. 港口
B. 港口的检疫锚地
C. 经卫生检疫机关同意的指定地点
D. 港务监督机关指定的地点
【多选题】
卫生检疫机关的工作人员在监督实施卫生处理时,必须注意________________。___
A. 防止对任何人的健康造成危害
B. 防止对交通工具的结构和设备造成危害
C. 防止发生火灾
D. 防止对行李、货物造成损害
【多选题】
船舶、航空器在到达时,________________,为染有鼠疫。___
A. 船舶、航空器上有鼠疫病例的
B. 船舶、航空器上发现有感染鼠疫的啮齿动物的
C. 船舶上曾经有人在上船六日以后患鼠疫的
D. 船上啮齿动物有反常死亡,并且死因不明的
【多选题】
船舶在到达时,________________,为染有鼠疫嫌疑。___
A. 船舶上有鼠疫病例的
B. 船舶上没有鼠疫病例,但曾经有人在上船后6日以内患鼠疫的
C. 船上啮齿动物有反常死亡,并且死因不明的
D. 船舶上发现有感染鼠疫的啮齿动物的
【多选题】
根据《国境口岸卫生监督办法》规定,国境口岸货车的卫生要求包括:___
A. 应当消灭蚊、蝇、蟑螂、鼠等病媒昆虫和有害动物及其孳生条件
B. 在装货前或卸货后应当进行彻底清扫,做到无粪便、垃圾
C. 凡装载有毒物品和食品的货车,应当分开按指定地点存放,防止污染,货物卸空后应当进行彻底洗刷
D. 来自疫区的行李、货物,要严格检查,防止带有病媒昆虫和啮齿动物
【多选题】
卫生检疫机关对国境口岸公共场所的卫生监督职责包括:___
A. 卫生监测
B. 卫生技术指导
C. 监督从业人员健康检查
D. 对新建、扩建、改建的公共场所的选址和设计进行卫生审查
【多选题】
公共场所直接为顾客服务的人员,患有_______以及其他有碍公共卫生的疾病的,治愈前不得从事直接为顾客服务的工作。 ___
A. 痢疾、伤寒
B. 病毒性肝炎
C. 活动期肺结核
D. 皮肤病
【多选题】
从中华人民共和国境外引进农业转基因生物用于研究、试验的,应当符合的条件包括:___
A. 引进单位具有国务院农业行政主管部门规定的申请资格
B. 引进的农业转基因生物在国(境)外已经进行了相应的研究、试验
C. 有相应的安全管理、防范措施
D. 输出国家或者地区已经允许作为相应用途并投放市场
【判断题】
商检机构和经国家商检部门许可的检验机构,依法对进出口商品实施检验
【判断题】
进口商品未经商检机构检验的,不准销售和使用
【判断题】
对法定检验的进出口商品,尚未制定国家技术规范的强制性要求的,可以参照国家商检部门指定的行业标准进行检验
【判断题】
法定检验的进出口商品,有国家技术规范的强制性要求的,按照国家技术规范的强制性要求进行检验
【判断题】
经国家商检部门许可的检验机构,可以接受对外贸易关系人或者外国检验机构的委托,办理进出口商品检验鉴定业务
【判断题】
法律、行政法规规定由其他检验机构实施检验的进出口商品或者检验项目,依照有关法律、行政法规的规定办理
【判断题】
对重要的进口商品和大型成套设备,应当进行装运前预检验
【判断题】
为出口危险货物生产包装容器的企业,必须向商检机构申请进行包装容器的使用鉴定
【判断题】
国家商检部门应当公布进出口商品抽查检验结果或者向有关部门通报抽查检验情况
【判断题】
商检机构根据便利对外贸易的需要,可以根据国家规定对法定检验的进出口商品进行出厂前的质量监督管理和检验
【判断题】
国家商检部门和商检机构依法对经国家商检部门许可的检验机构的进出口商品检验鉴定业务活动进行监督,可以对其检验的商品抽查检验
【判断题】
商检机构依照《进出口商品检验法》对实施许可制度的进出口商品实行认证管理,查验单证,核对证货是否相符
【判断题】
当事人对进出口商品复验结论不服应首先依法申请行政复议,对复议结论不服的,再提起行政诉讼
【判断题】
因科学研究需要可以引进动植物检疫禁止进境物
【判断题】
通过贸易、科技合作、交换、赠送、援助等方式输入动植物、动植物产品和其他检疫物的,应当在合同或者协议中订明双方商定的检疫要求
【判断题】
输出动植物、动植物产品和其他检疫物,检疫不合格又无有效方法作除害处理的,不准出境
【判断题】
对过境植物、动植物产品和其他检疫物口岸动植物检疫机关发现有《进出境动植物检疫法》规定的一类、二类动物传染病、寄生虫病;植物危险性病、虫、杂草的,作除害处理或者不准过境
【判断题】
对过境植物、动植物产品和其他检疫物,口岸动植物检疫机关检查运输工具或者包装,经检疫合格的,准予过境
【判断题】
按照《进出境动植物检疫法》规定,进境供拆解用的废旧船舶,由口岸动植物检疫机关实施动植物检疫
【判断题】
《进出境动植物检疫法》规定的“其他检疫物”是指除了动植物、动植物产品以外的所有应实施动植物检疫的货物和物品
【判断题】
《进出境动植物检疫法》规定,已经加工的植物产品不属须实施检疫的植物产品范围
【判断题】
国境卫生检疫法规定的传染病是指检疫传染病和监测传染病
【判断题】
来自国外的船舶、航空器因故停泊、降落在中国境内非口岸地点的时候,船舶、航空器的负责人应当立即向就近的国境卫生检疫机关或者当地卫生行政部门报告
【判断题】
国境卫生检疫机关对来自疫区的行李、货物、邮包等物品,应当进行卫生检查,实施消毒、除鼠、除虫或者其他卫生处理
【判断题】
各地医疗单位对持有国境卫生检疫机关发给的就诊方便卡的人员应当优先诊治
【判断题】
我国缔结或者参加的有关卫生检疫的国际条约同《国境卫生检疫法》有不同规定的,适用《国境卫生检疫法》的规定
【判断题】
任何组织或个人有权举报食品生产经营中的违法行为,依法向有关部门了解食品安全信息,对食品安全监督管理工作提出意见和建议
