【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
推荐试题
【单选题】
石料应为不风化或轻微风化的、坚硬的、有棱角和不会冻结而破裂的岩石,其容重不应小于___。
A. 1.0t/m³
B. 1.5t/m³
C. 2.0t/m³
D. 2.5t/m³
【单选题】
浆砌片石护坡适用于河水流速___,受主流冲刷及波浪作用剧烈的河砌体,砌体厚0.3~0.6m,视冲刷与波浪剧烈而定。
A. 2~6m/s
B. 4~8m/s
C. 6~10m/s
D. 8~12m/s
【单选题】
浆砌片石护坡适用于河水流速4~8m/s,受主流冲刷及波浪作用剧烈的河砌体,砌体厚___,视冲刷与波浪剧烈而定。
A. 0.1~0.4m
B. 0.2~0.5m
C. 0.3~0.6m
D. 0.4~0.7m
【单选题】
基础应埋人冲刷线以下___,否则须有防止冲刷基础措施。
A. 0~0.5m
B. 0.5~1.0m
C. 1.0~1.5m
D. 1.5~2.0m
【单选题】
浆砌片石护坡墙身部分每隔___设10×10cm或孔径10cm的泄水孔一个。
A. 2~3m
B. 2~4m
C. 2~5m
D. 2~6m
【单选题】
浆砌片石护坡沿护坡及墙身长度每隔___处设沉降缝一道;基底土质有变化,亦需设置。缝宽2cm,缝内填塞沥青麻筋或沥青浸制木板。
A. 5~10m
B. 10~20m
C. 20~30m
D. 30~40m
【单选题】
沿护坡及墙身长度每隔10~20m处设沉降缝一道;基底土质有变化,亦需设置。缝宽___,缝内填塞沥青麻筋或沥青浸制木板。
A. 5cm
B. 4cm
C. 3cm
D. 2cm
【单选题】
浆砌片石护坡两种不同的脚墙基础连接时,可在___范围内逐渐变化连接。
【单选题】
抛石防护适用于水流方向较平顺,无严重冲刷地段或已被水浸的路堤和水流速度不大于___河岸处。
A. 3m/S
B. 4m/S
C. 5m/S
D. 6m/S
【单选题】
抛石防护适用于水流方向较平顺,无严重冲刷地段或已被水浸的路堤和水流速度不大于3m/S河岸处。所用石块尺寸一般不得小于___。
A. 0.6m
B. 0.5m
C. 0.4m
D. 0.3m
【单选题】
抛石防护抛石厚度一般为位径的___倍,用大粒径时,至少不得小于粒径的2倍。同时应在抛石背后设反滤层。
A. 2~3
B. 3~4
C. 4~5
D. 5~6
【单选题】
抛石防护抛石厚度一般为位径的3~4倍,用大粒径时,至少不得小于粒径的___倍。同时应在抛石背后设反滤层。
【单选题】
地面排水侧沟、天沟、排水沟的横断面应有足够的过水能力。除需按流量计算外,可采用底宽为___,深度为0.6m。
A. 0.4m
B. 0.5m
C. 0.6m
D. 0.7m
【单选题】
地面排水侧沟、天沟、排水沟的横断面应有足够的过水能力。除需按流量计算外,可采用底宽为0.4m,深度为___。
A. 0.4m
B. 0.6m
C. 0.8m
D. 1.0m
【单选题】
地面排水边坡平台截水沟尺寸可采用底宽___,深0.2~0.4m。
A. 0.2m
B. 0.4m
C. 0.6m
D. 0.8m
【单选题】
地面排水边坡平台截水沟尺寸可采用底宽0.4m,深___。
A. 0.8~1.0m
B. 0.6~0.8m
C. 0.4~0.6m
D. 0.2~0.4m
【单选题】
地面排水侧沟边坡,靠线路一侧可采用___,外侧与路堑边坡相同,当有侧沟平台时,外侧边坡采用1:1。
A. ’1:1
B. ’1:2
C. ’1:3
D. ’1:4
【单选题】
地面排水侧沟边坡,靠线路一侧可采用1:1,外侧与路堑边坡相同,当有侧沟平台时,外侧边坡采用___。
A. ’1:0.5
B. ’1:1
C. ’1:1.5
D. ’1:1
【单选题】
地面排水在砂类土中,两侧边坡可采用___。
A. 1:1~1:3.5
B. 1:1~1:2.5
C. 1:1~1:2
D. 1:1~1:1.5
【单选题】
地面排水需按流量设计的侧沟、天沟、排水沟,其横断面应按I/2洪水频率流量计算确定,并加安全高度___。
A. 0.5m
B. 0.4m
C. 0.3m
D. 0.2m
【单选题】
地面排水设施的纵坡,不宜小于2‰水沟纵坡一般不宜小于___。
A. 2‰~3‰
B. 3‰~4‰
C. 4‰~5‰
D. 5‰~6‰
【单选题】
不同底宽的两段水沟相连时,为了使水流较顺畅地汇流,其会合处宜设计成面向下游约为___的锐角。
A. 30°~55°
B. 35°~60°
C. 35°~65°
D. 35°~70°
【单选题】
路堑侧沟的水流,一般不得流经隧道排出。当排水困难且隧道长度小于___,洞外路堑的水量较小,含泥量少时,经研究比较可经隧道引排。
A. 100 m
B. 200 m
C. 300 m
D. 400 m
【单选题】
紧靠路堤护道外侧的取土坑,若条件适宜,可用以排水。这时,取土坑底都宜作成自两侧向中部倾斜的___的横坡,以防水流侵蚀护道和坑壁。
A. 2%~4%
B. 3%~4%
C. 3%~5%
D. 4%~5%
【单选题】
急流槽的主体部分应每隔___设置一个防滑平台,嵌人基底内。
A. 2~5m
B. 3~5m
C. 2~4m
D. 3~4m
【单选题】
沟壁渗水孔常用长方形或正方形,沟槽内深度小于___时可设置一排。
A. 0.5m
B. 1.0m
C. 1.5m
D. 2.0m
【单选题】
沿浆砌沟槽纵向每隔10~15m或通过软硬岩层分界处应留宽___的伸缩缝或沉降缝一道,用沥青麻筋填塞。
A. 1.0cm
B. 1.5cm
C. 2.0cm
D. 2.5cm
【单选题】
渗沟断面通常采用矩形。其宽度不小于___,其深度视边坡潮湿土层的厚度而定。
A. 1.2 ---1.4m
B. 1.3 ---1.4m
C. 1.3 ---1.5m
D. 1.2 ---1.5m
【单选题】
凡曲线内股,累计缩短量超过标准缩短轨缩短量___的时候即布置一根缩短轨。
A. 四分之一
B. 一半
C. 一倍
D. 两倍
【单选题】
钢轨垂直磨耗在钢轨顶面宽___测量。
A. 2/3处(距钢轨外侧)
B. 1/2处(距钢轨外侧)
C. 1/3处(距钢轨外侧)
D. 1/4处(距钢轨外侧)
【单选题】
钢轨垂直磨耗在钢轨___宽2/3处(距钢轨外侧)测量。
【单选题】
钢轨总磨耗等于垂直磨耗与___之和。
A. 侧磨磨耗
B. 1/2侧面磨耗
C. 1/3侧面磨耗
D. 1/4侧面磨耗
【单选题】
不同类型的钢轨互相联结时,应使用___。
A. 鱼尾型夹板
B. 平直夹板
C. 双头式夹板
D. 异性夹板
【单选题】
___不会引起线路爬行。
A. 钢轨在车轮作用下的波浪形弯曲
B. 钢轨温度变化
C. 列车制动
D. 钢轨轨距误差超限
【单选题】
线路设备状态评定时,是以___为单位。
【单选题】
各作业单位在施工结束前务必做到___。
A. 人员出清
B. 工具出清
C. 物料出清
D. 工完、料尽、场地清
【单选题】
道岔设备修理分为___三大层次。
A. 经常保养、维修和大修
B. 临时抢修、维修和大修
C. 临时抢修、巡检和维修
D. 巡检、维修和大修
【单选题】
___的检查,是轨道动态质量检查的主要手段。
A. 轨道检测车
B. 人工添乘
C. 添乘仪
D. 钢轨打磨车
【单选题】
按照___的原则,运营分公司授权工务中心直接对委外单位(人员)进行管理。
A. 一般
B. 部门规定
C. 中心规定
D. 谁使用、谁管理、谁考核
