【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
推荐试题
【判断题】
按照《商业银行市场风险管理指引》规定,商业银行应当避免其薪酬制度和激励机制与市场风险管理目标产生利益冲突。董事会和高级管理层应当避免薪酬制度具有鼓励过度冒险投资的负面效应,防止绩效考核过于注重短期投资收益表现,而不考虑长期投资风险
【判断题】
商业银行后台员工甲主要负责交易结算工作,由于其身体不适,休病假三天,根据《商业银行市场风险管理指引》行内临时调配前台员工乙顶替其工作
【判断题】
商业银行甲希望能在短期内获得投资收益,根据《商业银行市场风险管理指引》董事会和高级管理层商讨并制定了若半年内业绩上涨50%,则对主要业务人员进行加薪升职奖励
【判断题】
按照《中国银监会关于进一步加强商业银行市场风险工作的通知》规定,各行应结合本行的风险管理架构和特点,指定专门部门统一负责掌控全行总体市场风险状况,并负责向专门委员会和高管层汇报,应将境内外分支机构的市场风险管理纳入统一的市场风险管理中,并建立统一的市场风险管理信息系统
【判断题】
按照《中国银监会关于进一步加强商业银行市场风险工作的通知》规定,各行应使从事市场风险管理的部门及人员与承担风险的业务经营部门及人员完全独立,从事市场风险管理的部门与承担风险的业务经营部门应向同一高管人员报告工作
【判断题】
按照《中国银监会关于进一步加强商业银行市场风险工作的通知》规定,各行应加强对市场风险管理部门的人力资源配置。从事市场风险管理的部门负责人应具备十年以上与市场风险管理相关的工作经验,该部门下设的与市场风险管理工作相关的团队(或处室)主要负责人应具备五年以上与市场风险管理相关的工作经验
【判断题】
按照《中国银监会关于进一步加强商业银行市场风险工作的通知》规定,各行应以现有人民币国债和相关产品交易价格为基础,采用国际通用的方法研究并建立基于市场的人民币国债价格变动曲线,作为人民币产品定价和风险管理的基础
【判断题】
按照《中国银监会关于进一步加强商业银行市场风险工作的通知》规定,各行应加强对复杂衍生产品的风险管理工作,将复杂衍生产品纳入到市场风险管理系统之中,应在人民币国债收益率曲线的基础上,研发具体有效的产品定价模型,并在此基础上计算相关的风险参数,为对冲各类风险提供参考
【判断题】
甲为从事市场风险管理部门的员工,乙为承担风险的业务经营部门的员工,根据《中国银监会关于进一步加强商业银行市场风险工作的通知》甲乙都向高管丁报告各自工作进度
【判断题】
根据《中国银监会关于进一步加强商业银行市场风险工作的通知》,商业银行甲招收了一名具备两年与市场风险管理相关的工作经验的优秀人才作为从事市场风险管理部门的负责人
【判断题】
按照《中国银监会关于加大防范操作风险工作力度的通知》规定,对大额出账和走账,手续上必须按照不同额度设限,分别由基层行单人人验核或由上级行独立进行复审、批准
【判断题】
按照《中国银监会关于加大防范操作风险工作力度的通知》规定,基层主管轮岗轮调和强制性休假制度可以由人事部门按照规定就拟轮岗轮调和休假主管的顶替人员,结合实际工作进行临时安排
【判断题】
按照《中国银监会关于加大防范操作风险工作力度的通知》规定,违法、违规、违纪的管理人员,一经查实,一律调离原工作单位
【判断题】
按照《商业银行声誉风险管理指引》规定,声誉风险是指由商业银行经营、管理及其他行为等内部事件导致利益相关方对商业银行负面评价的风险
【判断题】
按照《商业银行声誉风险管理指引》规定,声誉事件是指造成银行业重大损失、市场大幅波动、引发系统性风险或影响社会经济秩序稳定的声誉事件
【判断题】
按照《商业银行声誉风险管理指引》规定,银行业协会应通过行业自律、维权、协调及宣传等方式维护银行业的良好声誉,指导银行业开展声誉风险管理
【判断题】
按照《商业银行声誉风险管理指引》规定,声誉事件是指引发商业银行声誉风险的相关行为或事件
【判断题】
按照《商业银行声誉风险管理指引》规定,商业银行应将声誉风险管理纳入公司治理及全面风险管理体系,建立和制定声誉风险管理机制、办法、相关制度和要求,主动、有效地防范声誉风险和应对声誉事件,最大程度地减少对商业银行造成的损失和负面影响
【判断题】
按照《商业银行声誉风险管理指引》规定,商业银行董事会应制定与本行战略目标一致且适用于全行的声誉风险管理政策,建立全行声誉风险管理体系,监控全行声誉风险管理的总体状况和有效性,承担声誉风险管理的最终责任
【判断题】
2008年美国次贷危机爆发,在雷曼兄弟公司倒闭后,持有雷曼兄弟公司金融资产的XX银行被曝存在大额投资亏损的可能。该行积极应对,一方面迅速清查风险敞口情况,通过各种途径挽回损失;另一方面,及时回应媒体报道, 避免了声誉事件的扩大。此后,该行股价又回归正常。依据《商业银行声誉风险管理指引》规定,该行主动、有效地防范了声誉风险和应对声誉事件,最大程度地减少了对社会公众造成的损失和负面影响
【判断题】
今年以来,商业银行收费问题又成为社会和媒体关注的热点,广受诟病。依据《商业银行声誉风险管理指引》规定,可以看出个别商业银行在出台相关政策、措施前调研不够、考虑不周,在声誉风险管理方面还有待进一步提高
【判断题】
按照《商业银行合规风险管理指引》规定,商业银行合规负责人应全面协调商业银行合规风险的识别和管理,监督合规管理部门根据合规风险管理计划履行职责,定期向董事会提交合规风险评估报告
【判断题】
按照《商业银行合规风险管理指引》规定,合规管理是商业银行一项基本的风险管理活动
【判断题】
按照《商业银行合规风险管理指引》规定,商业银行应加强合规文化建设,并将合规文化建设融入企业文化建设全过程
【判断题】
按照《商业银行合规风险管理指引》规定,负责日常监督商业银行合规风险管理的董事会下设委员会应监督董事会和高级管理层合规管理职责的履行情况
【判断题】
按照《商业银行合规风险管理指引》规定,合规负责人应全面协调商业银行合规风险的识别和管理,监督合规管理部门根据合规风险管理计划履行职责,定期向高级管理层提交合规风险评估报告。合规负责人可以分管业务条线
【判断题】
按照《商业银行合规风险管理指引》规定,商业银行应建立对管理人员合规绩效的考核制度。商业银行的绩效考核应体现倡导合规和惩处违规的价值观念
【判断题】
按照《中国银监会办公厅关于加强银行业金融机构社会责任的意见》规定,银行业金融机构履行社会责任是构建和谐社会的必然要求
【判断题】
某银行高管十分重视发展业务,认为银行作为企业,应以利润指标为核心,其他一切不直接产生利润的活动都毫无意义。依据《中国银监会办公厅关于加强银行业金融机构社会责任的意见》,此银行高管的看法是否正确?
【判断题】
根据《商业银行压力测试指引》规定,商业银行应当指定专门的部门或团队负责压力测试管理,压力测试的管理职能应当相对独立于业务条线
【判断题】
根据《商业银行压力测试指引》规定,商业银行应对快速发展的新产品和新业务以及存在潜在重大风险的业务领域进行专项压力测试
【判断题】
根据《商业银行压力测试指引》规定,在进行情景分析时,可以不用考虑不同风险因子之间的相关性
【判断题】
根据《商业银行压力测试指引》规定,商业银行必须使用多个承压指标来反映压力测试的结果和对银行稳健程度的影响
【判断题】
根据《商业银行压力测试指引》规定,反向压力测试是从已知的压力测试结果出发,反向寻找银行资产质量、盈利、资本和流动性可能承受的极端压力情景
【判断题】
根据《商业银行压力测试指引》规定,商业银行应当为压力测试工作顺利开展提供必 要的保障与支持,包括数据、系统和人力资源等
【判断题】
根据《商业银行压力测试指引》规定,商业银行应具备相应的数据管理能力,为压力 测试提供质量较高、颗粒度较细的数据,确保数据的完整性和准确性
【判断题】
根据《商业银行压力测试指引》规定,商业银行应确定独立的验证部门或团队对压力测试体系进行持续有效的评估并出具验证评估报告,原则上不低于两年一次
【判断题】
根据《商业银行压力测试指引》规定,评估相关部门是否采取了必要的改进措施并有效实施是内部审计的部门应该履行的职责
【判断题】
根据《商业银行压力测试指引》规定,监管部门应定期对商业银行压力测试体系进行监督检查,评估银行的压力测试是否与其规模、业务复杂程度和风险状况相适应
【判断题】
根据《商业银行压力测试指引》规定,商业银行的高级管理层应当审议压力情景设定,定期组织开展压力测试,评估压力测试结果对银行的影响,制定和落实风险改进措施,将压力测试结果运用到银行的各项经营管理决策中
