【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
推荐试题
【单选题】
"413.☆假币收缴过程监控录像保存时间应不少于()个工作日。___
【单选题】
"414.☆打印《假币收缴凭证》后,在收缴凭证上加盖“假币收缴专用章”应使用()色印油,上下联统一___
【单选题】
"415.☆上海地区各营业机构对于一次性发现假人民币()张(含)以上的,要立即报公安机关___
【单选题】
"416.☆当面收缴假币时,柜员应告知持币人如对被收缴的货币真伪有异议可以自收缴之日起()个工作日内,持收缴凭证第二联,直接或通过我行向中国人民银行当地分支机构或中国人民银行授权的当地鉴定机构提出书面鉴定申请。___
【单选题】
"417.☆()申请人民币冠字号码查询。___
A. 在我行开立账户的个人和单位客户
B. 未在我行开立账户的个人和单位客户
C. 两者都可以
D. 两者都不可以"
【单选题】
"418.☆☆☆人民币涉假纠纷冠字号码查询,取款发生在离行式自助机具的,受理单位应为()___
A. 我行任一营业机构
B. 该机具的直接管理机构
C. 客户或我行客户服务中心指定的营业机构。
D. 现金中心"
【单选题】
"419.☆☆☆人民币涉假纠纷冠字号码查询,对于柜面发生的取款,查询受理单位应如下处理()___
A. 进行冠字号码查询
B. 调阅对应的监控录像
C. 审查柜员操作是否规范
D. 以上都是"
【单选题】
"420.☆查询人应自办理取款业务之日起()个工作日内(含取款当日),向查询受理单位申请冠字号码查询。___
【单选题】
"421.☆网点如遇特殊情况需应急领现,可直接由()通过电话与所辖金库联系并提出申请。___
A. 网点运营经理
B. 网点负责人
C. 派驻团队负责人
D. 分行运营管理部负责人"
【单选题】
"422.☆寄存金库的库箱内不得存放与库箱无关的装有电子标签的相关物品,包括()。___
A. 空账包
B. 空封包
C. 空假币包
D. 以上都是"
【单选题】
"423.☆残缺污损人民币能辨别面额,票面剩余()以上(含)应全额兑换。___
A. 五分之三
B. 四分之三
C. 五分之四
D. 三分之二"
【单选题】
"424.☆下列残缺污损人民币,按原面额一半兑换的是()___
A. 能辨别面额,票面剩余四分之三
B. 能辨别面额,票面剩余四分之一
C. 能辨别面额,票面剩余三分之一
D. 纸币呈正十字形缺少四分之一"
【单选题】
"425.☆发生长款时账务处理会计分录()。___
A. 借:101-001贷:277-001-001
B. 借:177-001-001贷:101-001
C. 借:101-001贷:277-001-003
D. 借:177-001-003贷:101-001"
【单选题】
"426.☆发生短款时账务处理会计分录()。___
A. 借:101-001贷:277-001-001
B. 借:177-001-001贷:101-001
C. 借:101-001贷:277-001-003
D. 借:177-001-003贷:101-001"
【单选题】
"427.☆对于自()起算,达到使用年限的带有反假鉴伪功能的现金业务机具,应立即进行报废更新___
A. 生产日期
B. 购买日期
C. 启用日期
D. 以上皆可"
【单选题】
"428.☆现金业务机具使用年限:人民币点钞机()外币点钞机()纸币清分机()___
A. 3,3,3
B. 3,5,3
C. 3,5,5
D. 3,3,5"
【单选题】
"429.☆营业网点负责人应()组织一次对简易库房制度执行情况的检查。___
【单选题】
"430.☆简易库房内辅币、一元硬币的存放额度,必须报经()核定。___
A. 分行运营管理部门
B. 总行运营管理部门
C. 总行事务部安全保卫部
D. 无须核定"
【单选题】
"431.☆网点柜员现金长短款挂账由()进行审核。___
A. 总行运营管理部
B. 分行运营管理部
C. 网点负责人
D. 指定授权人员"
【单选题】
"432.☆人民币现金收付业务金额在()以上,须经主管授权审核,卡准捆、把数___
A. 5万元(含)
B. 10万元(含)
C. 20万元(含)
D. 20万元(不含)"
【单选题】
"433.☆上解库房的钞券做到“一条龙”,是指十把钞券腰条的边章必须与大封签上()私章一致。___
A. 封包员
B. 复核员
C. 封包员、复核员中的任一人
D. 主管"
【单选题】
"434.☆营业终了,一般柜员须将百元成把券全数上解汇总柜员,尾款总额不得超过()。___
A. 5万元
B. 10万元
C. 15万元
D. 20万元"
【单选题】
"435.☆网点通过新柜面系统打印的“现金库存登记簿”须留存定期装订归档,保管期限()。___
A. 2年
B. 5年
C. 10年
D. 15年"
【单选题】
"436.☆柜员发生现金长、短款差错,金额在等值人民币()以上的,应立即向上级单位报告,各单位应在24小时之内口头上报总行运营管理部。___
A. 1,000元(含)
B. 5,000元(含)
C. 10,000元(含)
D. 50,000元(含)"
【单选题】
"437.☆隔年发生且未处理的自助机具长短款差错,单笔超过人民币1,000元以及年累计超过10,000元的,需通过OA运维申请报()申请核销。___
A. 网点派驻团队
B. 分行运营管理部门
C. 总行运营管理部门
D. 总行现金中心"
【单选题】
"438.☆各营业机构应()不定时进行库存检查,对营业机构所有的库存现金(含自助机具钞箱现金)进行清点核对,并做好查库记录。___
A. 每周
B. 每两周
C. 每月
D. 每季度"
【单选题】
"439.☆我行影像交换系统目前处理的全国支票限定金额为()(含)以下。___
A. 10万元
B. 30万元
C. 50万元
D. 100万元"
【单选题】
"440.☆☆提回票据票面金额与票据磁码金额不符,应作退票处理,在下一场交换按()退原提出行。___
A. 票据磁码金额
B. 票面金额
C. 客户确认金额
D. 原提出行确认金额"
【单选题】
"441.☆☆同城票据交换的托收票据不包括()。___
A. 贷记凭证
B. 支票
C. 汇票
D. 本票"
【单选题】
"442.☆☆定期开户申请书上预留私章为代理人章的,还需提供()。___
A. 代理人身份证件
B. 经办人身份证件
C. 法定代表人授权书
D. 单位授权书"
【单选题】
"443.☆☆验印环节,若是支付密码户,支付密码正确,但单位财务专用章与预留印鉴内容不符,选择()。___
A. 验印通过
B. 印鉴形式审核不通过退票
C. 印鉴与预留印鉴不符退票
D. 支付密码未通过退票"
【单选题】
"444.☆中国人民银行规定的全国支票的回执返回期为()。___
A. T+0
B. T+1
C. T+2
D. T+3"
【单选题】
"445.☆“重要信息系统”是指,()的信息系统,其信息安全和系统服务安全关系公民、法人和组织的权益或社会秩序和公共利益,甚至影响国家安全的信息系统。___
A. 重要业务的所有业务环节所依赖
B. 重要业务的关键业务环节所依赖
C. 重要业务所依赖
D. 重要业务最主要的一个环节所依赖"
【单选题】
"446.☆根据监管规定,全面的业务影响分析应至少()开展一次。___
【单选题】
"447.☆业务恢复时间目标和重要业务恢复点目标的英文缩写为业务()___
A. RTO和RPO
B. RPO和RTO
C. BTO和BPO
D. BPO和BTO"
【单选题】
"448.☆☆原则上重要业务恢复时间目标不得大于(),重要业务恢复点目标不得大于()。___
A. 2小时、1小时
B. 3小时、1小时
C. 4小时、半小时
D. 以上都不对"
【单选题】
"449.☆纳入全行业务连续性管理的重要业务演练应()全覆盖。___
A. 三年内
B. 二年内
C. 四年内
D. 以上都不对"
【单选题】
"450.☆☆在业务服务时段导致全行重要业务全面停顿,或两个(含)以上省(自治区、直辖市)重要业务无法正常开展达()(含)以上,或一个省(自治区、直辖市)重要业务无法正常开展达()(含)以上为特别重大运营中断事件___
A. 1、3
B. 2、5
C. 3、6
D. 3、5"
【单选题】
"451.☆()预案用于在发生运营中断事件后,规范、指导运营中断事件处置过程中常面临的危机管理和保障性行动措施,包括安全保卫、监管沟通、媒体公关、应急所需资金、后勤保障、法律事务等方面。___
A. 支持保障
B. 信息系统
C. 业务
D. 专项"
【单选题】
"452.☆发生运营中断事件,事发单位应在()分钟内完成向本级综合管理部门、业务连续性主管部门、相关职能部门的口头报告,并原则上在()小时内提交书面正式报告___
A. 15、2
B. 30、2
C. 30、1
D. 15、1"