【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
推荐试题
【判断题】
地市级及以上电网经营企业的电能计量技术机构是本网的电能计量技术监督部门,负责对发、供电企业电能计量装置管理工作的技术监督、指导和帮助。
【判断题】
供电企业对检举、查获窃电或违约用电的有关人员应给予奖励。
【判断题】
电力企业的运行部门和电力用户负责电能计量装置日常监护。
【判断题】
供电方案答复期限:除居民客户外的其他低压电力客户不超过7个工作日。
【判断题】
电能计量装置资产档案应有可靠的备份和用于长期保存的措施。
【判断题】
各类电能计量装置的设计方案应经有关的电能计量人员审查通过。
【判断题】
根据国家电网公司供电服务奖惩规定中规定,对受到表彰的先进单位,原则上不进行物质奖励,只颁发奖牌、奖状或锦旗等。
【判断题】
发生重大故障、差错供电企业应安排专业人员填写《电能计量重大设备故障、重大人为差错快报》,经本供电企业领导审核后按规定时限上报。
【判断题】
经报废的电能计量器具应进行销毁,并在资产档案中及时销帐(注明报废日期)。
【判断题】
对检举、查获窃电或违约用电的有关人员奖励办法由省电网经营企业规定。
【判断题】
生产控制大区与管理信息大区之间可以直接连通。
【判断题】
电能计量信息管理的技术资料管理应做到内容全、版本新、检索方便和保管妥善。
【判断题】
电能计量故障、差错的调查处理必须以事实为依据,坚持“实事求是、尊重科学、公正合理”的原则。
【判断题】
依据《国家电网公司供电服务奖惩规定》,特别重大供电服务质量事件是指给客户或企业造成30万元及以上直接经济损失的供电服务质量事件。
【判断题】
电能计量发生故障、差错后,负责电能计量装置运维的供电企业应按资产或管理关系及时上报。
【判断题】
仪器的测量不确定度由所用测量仪器或测量系统引起的测量不确定度的分量。
【判断题】
电力调度数据网划分为逻辑隔离的实时子网和非实时子网,分别连接控制区和非控制区。
【判断题】
在信息安全等级保护中,第三级信息系统和第四级信息系统都具有强制性。
【判断题】
等级保护二级应用系统,需要应用系统的通信双方中的一方在一段时间内未作任何响应,另一方应能够自动结束会话。
【判断题】
当客户有违约用电及窃电行为时,应立即报告用电检查人员处理。
【判断题】
电能计量一般设备故障、一般人为差错的组织与调查,调查组根据工作需要,可委托专业技术机构进行技术鉴定
【判断题】
对发生电能计量故障、差错的供电企业,视其情节和性质追究有关领导责任。
【判断题】
《供电服务规范》规定,“95598”客户服务热线的服务内容包括电力故障报修、服务质量投诉、用电信息查询、咨询、业务受理等。
【判断题】
《供电服务规范》规定,行为举止应做到自然、文雅、端庄、大方。站立时,抬头挺胸收腹,双手下垂置于身体两侧或双手交叠自然下垂,双脚并拢,脚跟相靠,脚尖微开,不得双手抱胸、叉腰
【判断题】
按其性质、差错电量、经济损失及造成的影响大小,设备故障分为重大设备故障、一般设备故障、障碍
【判断题】
抄表收费服务规范中指出:确需调整抄表时间的,应事先通知客户。
【判断题】
当电力供应不足或因电网原因不能保证连续供电的,应执行政府批准的有序用电方案
【单选题】
___的方向规定由高电位点指向低电位点。
【单选题】
三相电动势到达最大的顺序是不同的,这种达到最大值的先后次序,称三相电源的相序,相序为U-V-W-U,称为___。
【单选题】
电路的作用是实现能量的传输和转换、信号的___和处理。
【单选题】
电阻器反映导体对电流起阻碍作用的大小,简称___。
A. 电动势
B. 功率
C. 电阻率
D. 电阻
【单选题】
___反映了在不含电源的一段电路中,电流与这段电路两端的电压及电阻的关系。
A. 欧姆定律
B. 楞次定律
C. 部分电路欧姆定律
D. 全欧姆定律
【单选题】
并联电路中的总电流等于各电阻中的___。
A. 倒数之和
B. 相等
C. 电流之和
D. 分配的电流与各电阻值成正比
【单选题】
串联电路中流过每个电阻的电流都___。
A. 电流之和
B. 相等
C. 等于各电阻流过的电流之和
D. 分配的电流与各电阻值成正比
【单选题】
___的一端连在电路中的一点,另一端也同时连在另一点,使每个电阻两端都承受相同的电压,这种联结方式叫电阻的并联。
A. 两个相同电阻
B. 一大一小电阻
C. 几个相同大小的电阻
D. 几个电阻
【单选题】
___的电阻首尾依次相连,中间无分支的联结方式叫电阻的串联。
A. 两个或两个以上
B. 两个
C. 两个以上
D. 一个或一个以上
【单选题】
电流流过负载时,负载将电能转换成___。
A. 机械能
B. 热能
C. 光能
D. 其他形式的能
【单选题】
电功的数学表达式不正确的是___。
A. W=Ut/R2t
B. W=UIt
C. W=U2t/Rt
D. W=I2Rt
【单选题】
测量电压时,电压表应与被测电路___。