【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
推荐试题
【单选题】
城市轨道交通列车驾驶员应当按照法律法规的规定取得驾驶员()资格。 ___
A. 职业准入
B. 上岗
C. 特殊工种
D. 安全
【单选题】
运营单位应当对列车驾驶员定期开展()测试,对不符合要求的及时调整工作岗位。 ___
【单选题】
城市轨道交通运营主管部门应当对运营单位运营安全管理工作进行监督检查,定期委托第三方机构组织专家开展运营期间( )工作。 ___
A. 运营评估
B. 质量评估
C. 安全评估
D. 风险评估
【单选题】
运营单位应当建立网络()管理制度,严格落实网络()有关规定和等级保护要求,加强列车运行控制等关键系统信息安全保护,提升网络()水平。 ___
【单选题】
运营单位应当向社会公布运营服务质量承诺并报城市轨道交通()备案,定期报告履行情况 ___
A. 运营主管部门
B. 行业
C. 主管部门
D. 主管单位
【单选题】
在通风口、车站出入口()米范围内存放有毒、有害、易燃、易爆、放射性和腐蚀性等物品 ___
A. 60
B. 50
C. 100
D. 120
【单选题】
在通风口、车站出入口()米范围内存放有毒、有害、易燃、易爆、放射性和腐蚀性等物品___
A. 60
B. 50
C. 100
D. 120
【单选题】
在地面或者高架线路两侧各( )米范围内升放风筝、气球等低空飘浮物体和无人机等低空飞行器。___
A. 50
B. 100
C. 120
D. 60
【单选题】
运营单位调整运行图严重影响()的,应当向城市轨道交通运营主管部门说明理由。___
A. 列车运行
B. 服务质量
C. 市民出行
D. 行车间隔
【单选题】
城市轨道交通票价制定和调整按照()有关规定执行。___
【单选题】
在()、通风亭、变电站、冷却塔周边躺卧、留宿、堆放和晾晒物品;___
A. 站厅
B. 出入口
C. 站台
D. 升降机
【单选题】
城市轨道交通车站()、站厅层不应设置妨碍安全疏散的非运营设施。___
A. 站厅
B. 出入口
C. 站台
D. 升降机
【单选题】
城市轨道交通工程项目应当按照规定划定___
A. 保护区
B. 监管区
C. 安全区
D. 作业区
【单选题】
开通初期运营前,建设单位应当向运营单位提供()平面图,并在具备条件的保护区设置提示或者警示标志。___
A. 安全区
B. 作业区
C. 保护区
D. 监管区
【单选题】
地面、高架线路沿线建(构)筑物或者植物不得妨碍行车瞭望,不得侵入城市轨道交通___
A. 建筑的限界
B. 线路的限界
C. 车辆的限界
D. 行车限界
【单选题】
沿线建(构)筑物、植物可能妨碍行车瞭望或者侵入线路限界的,()应当及时采取措施消除影响___
A. 责任单位
B. 运营单位
C. 施工单位
D. 监理单位
【单选题】
在城市轨道交通保护区内进行爆破作业的,()应当按照有关规定制定安全防护方案,经运营单位同意后,依法办理相关手续并对作业影响区域进行动态监测___
A. 施工单位
B. 运营单位
C. 责任单位
D. 作业单位
【单选题】
运营单位应当按规定在车站()公示城市轨道交通禁止、限制携带物品目录。___
A. 站厅
B. 出入口
C. 站台
D. 醒目位置
【单选题】
鼓励经常乘坐城市轨道交通的乘客担任(),及时报告城市轨道交通运营安全问题和隐患,检举揭发危害城市轨道交通运营安全的违法违规行为___
A. 志愿者
B. 检查者
C. 举报者
D. 探访者
【单选题】
交通运输部应当建立城市轨道交通()从业人员不良记录和乘客违法违规行为信息库,并按照规定将有关信用信息及时纳入交通运输和相关统一信用信息共享平台。___
A. 保密岗位
B. 特定岗位
C. 关键岗位
D. 重点岗位
【单选题】
运营单位应当根据城市轨道交通沿线()及网络化运输组织要求,合理编制运行图,并报城市轨道交通运营主管部门备案。___
A. 交通运行情况
B. 乘客出行规律
C. 线路规划
D. 交通规划
【单选题】
城市轨道交通运营主管部门应当按照有关标准组织实施()在轨道交通的建设与推广应用,推动跨区域、跨交通方式的互联互通。___
A. 一卡畅通
B. 全网畅通
C. 交通全网通
D. 交通一卡通
【单选题】
城市轨道交通运营主管部门应当制定城市轨道交通乘客乘车规范,乘客应当遵守。拒不遵守的,运营单位有权劝阻和制止,制止无效的,报告公安机关依法处理。___
A. 主管单位
B. 行业
C. 主管部门
D. 运营主管部门
【单选题】
城市轨道交通运营主管部门应当通过乘客满意度调查等多种形式,定期对运营单位服务质量进行监督和考评,考评结果向()公布。___
A. 主管部门
B. 社会
C. 乘客
D. 行业
【单选题】
城市轨道交通运营主管部门和()应当分别建立投诉受理制度。接到乘客投诉后,应当及时处理,并将处理结果告知乘客。___
A. 运营单位
B. 上次主管部门
C. 作业单位
D. 设计单位
【单选题】
乘客及其他人员因违法违规行为对城市轨道交通运营造成严重影响的,应当___
A. 依法进行罚款
B. 对违法违规行为进行教育
C. 依法追究责任
D. 依法进行处理
【单选题】
鼓励运营单位采用大数据分析、()等先进技术及有关设施设备,提升服务品质。___
A. 数字端
B. 信息端
C. 移动互联网
D. 移动信息
【单选题】
使用()不得危害城市轨道交通运营安全,并预留高架线路桥梁设施日常检查、检测和养护维修条件。___
A. 高架线路桥
B. 高架线路桥下空间
C. 高架线路桥10m内空间
D. 高架线路桥20m内空间
【单选题】
运营单位应当定期组织运营突发事件应急演练,其中综合应急预案演练和专项应急预案演练每()年至少组织()次___
A. 半、一
B. 一、一
C. 半、两
D. 一、两
【单选题】
城市轨道交通运营管理规定自()起施行。___
A. 2018/8/1
B. 2018/9/1
C. 2019/7/1
D. 2018/7/1
【单选题】
违反本规定第十八条、第四十六条,运营单位未按照规定上报城市轨道交通运营相关信息或者运营安全重大故障和事故的,由城市轨道交通运营主管部门责令限期改正;逾期未改正的,处以()的罚款。___
A. 5000元以上3万元以下
B. 5000元以上2万元以下
C. 10000元以上3万元以下
D. 10000元以上2万元以下
【单选题】
违反本规定第十条、第十一条,城市轨道交通工程项目(含甩项工程)未经安全评估投入运营的,由城市轨道交通运营主管部门责令限期整改,并对运营单位处以()以下的罚款,同时对其主要负责人处以1万元以下的罚款;有严重安全隐患的,城市轨道交通运营主管部门应当责令暂停运营。___
A. 3万元以上4万元
B. 1万元以上2万元
C. 2万元以上3万元
D. 1万元以上3万元
【单选题】
未按照有关规定完善风险分级管控和隐患排查治理双重预防制度由城市轨道交通运营主管部门责令限期改正;逾期未改正的,处以()以下的罚款,并可对其主要负责人处以1万元以下的罚。___
A. 5000元以上3万元以下
B. 5000元以上2万元以下
C. 10000元以上3万元以下
D. 10000元以上2万元以下
【单选题】
高架线路桥下的空间使用可能危害运营安全的由城市轨道交通运营主管部门责令相关责任人和单位限期改正、消除影响;逾期未改正的,可以对个人处以()元以下的罚款,对单位处以()以下的罚款;造成损失的,依法承担赔偿责任;情节严重构成犯罪的,依法追究刑事责。___
A. 5000、30000
B. 10000、20000
C. 10000、30000
D. 5000、20000
【单选题】
地面、高架线路沿线建(构)筑物或者植物妨碍行车瞭望、侵入限界的由城市轨道交通运营主管部门责令相关责任人和单位限期改正、消除影响;逾期未改正的,可以对个人处以()元以下的罚款,对单位处以()以下的罚款;造成损失的,依法承担赔偿责任;情节严重构成犯罪的,依法追究刑事责。___
A. 5000、30000
B. 10000、20000
C. 10000、30000
D. 5000、20000
【单选题】
现场处置方案演练应当纳入日常工作,开展常态化演练。运营单位应当组织()参与应急演练,引导()正确应对突发事件。___
A. 人民群众
B. 百姓
C. 社会公众
D. 公司员工
【单选题】
城市轨道交通运营主管部门和运营单位应当建立城市轨道交通运营信息统计分析制度,并按照有关规定及时报送相关信息。由城市轨道交通运营主管部门责令限期整改,并对运营单位处以()以下的罚款,同时对其主要负责人处以1万元以下的罚款;有严重安全隐患的,城市轨道交通运营主管部门应当责令暂停运营。___
A. 5000元以上3万元以下
B. 5000元以上2万元以下
C. 10000元以上3万元以下
D. 10000元以上2万元以下
【单选题】
未建立投诉受理制度,或者未及时处理乘客投诉并将处理结果告知乘客由城市轨道交通运营主管部门责令限期改正;逾期未改正的,处以()万元以下的罚款___
【单选题】
未建立投诉受理制度,或者未及时处理乘客投诉并将处理结果告知乘客由城市轨道交通运营主管部门责令限期改正;逾期未改正的,处以()万元以下的罚款___
【单选题】
运行图未报城市轨道交通运营主管部门备案或者调整运行图严重影响服务质量的,未向城市轨道交通运营主管部门说明理由由城市轨道交通运营主管部门责令限期改正;逾期未改正的,处以()万元以下的罚款___
