【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
推荐试题
【判断题】
抵质押物品收据单上的抵押人与借款人必须为同一人。
【判断题】
抵押贷款额度最高不得超过不动产抵押物确值的70%。
【判断题】
抵、质押品是指根据国家有关法律、法规,由债务人或第三人为担保全权实现而抵押或质押给债权人的财产或权利。
【判断题】
U、银承维护交易不能在银承签发日操作保证金追加减业务。
【判断题】
保证金追加业务中,当选择“国际业务”,要求系统中已存在国结锁定记录,当选择“其他业务”时,票据流水号不允许与已存在的记录重复。
【判断题】
T、柜员根据信贷部门提供的《绍兴银行保证金锁定调整通知书》,审核无误后在柜面保证金置款中进行操作。
【判断题】
保证金追加后该笔票据总的锁定金额应小于等于票据金额。
【判断题】
追减金额不能大于锁定登记簿中汇总锁定金额之和。
【判断题】
保证金修改功能既可以用于保证金追加,也可以用于保证金追减。
【判断题】
当选择“其他业务”时(如国内证业务),可以针对不指定的业务进行保证金锁定,不需手工锁定和解锁。
【判断题】
保证金是指用于核算存入银行等金融机构各种保证金性质的存款.
【判断题】
保证金存款按存入日相对应的活期存款利率计付利息。
【判断题】
人民法院依法可以对银行承兑汇票保证金采取冻结措施,但不得扣划。
【判断题】
完成保证金的追加(追减)维护后,打印二联通用空白凭证,一联作主凭证,调整通知书作附件,一联给客户作回单.
【判断题】
四十、保函业务是本行根据主合同债务人(即保函申请人)的申请,以保函的形式为主合同项下义务向受益人出具的,承诺在一定时期内当保函申请人未按主合同约定履行义务时,本行代为履行义务或按约定承担赔偿责任的书面保证。
【判断题】
四十一、“保函开立冲账”后,系统将自动对保函手续费进行冲销。
【判断题】
四十二、履约保函付款时,履约付款金额必须等于合同金额。
【判断题】
四十三、保函业务冲账可对隔日进行的保函开立/注销/履约付款进行冲账。
【判断题】
开立保函时,保证金锁定金额应大于等于保证金可用余额。
【判断题】
开立保函时手续费收取可通过联动交易收取,也可以直接到2903交易收取。
【判断题】
3401开出保函时,保证金账户非必输,若输入,那么锁定金额也必须输入。交易成功后对保证金锁定金额止付。
【判断题】
3403交易选择“履约付款”时,输入履约付款金额、申请人账号,回显户名。转入收益科目默认为“26200502”,转入收益户名默认为“保函国内证暂挂账户”,不可以修改。
【判断题】
“保函开立冲账”后,如已收取手续费的应在“2912冲账”交易做手续费冲账。
【判断题】
做3403保函注销及履约付款交易时,业务类型选择“注销”,注销金额即是合同金额。
【判断题】
履约付款时,申请人账号为活期账户,保证金本息与申请人账户可用余额应足以支付履约金额。余额不足时产生垫款。
【判断题】
履约付款时,履约付款金额应小于等于合同金额,如实际履约付款小于合同金额时,表外销的仍是合同金额。
【判断题】
履约付款时先支付保证金再支付结算帐户,若保证金销户时金额小于履约付款金额,则剩余部分返回申请人账户。
【判断题】
涉及企业注册资本及股本性投资相关事项的保函我行不受理。
【判断题】
我行同意赔付时,若保证金账户和其他存款账户资金不足以支付保函担保的债务,不足部分由我行垫付,并于垫付当日转入垫款,计收罚息。
【判断题】
选择“履约付款”时,输入履约付款金额、申请人账号,回显户名。转入收益科目默认为“26200502”,转入收益户名默认为“保函国内证暂挂账户”,且可以修改。
【判断题】
履约付款时先支付保证金再支付结算帐户,若保证金销户时金额大于履约付款金额,则剩余部分返回申请人账户。
【判断题】
非减值贷款归还欠款顺序为先还息再还本,减值贷款归还顺序为选还本再还息。
【判断题】
欠款顺序的调整可以由客户提出申请,不需要信贷系统审批通过。
【判断题】
贷款维护是指对已审批的贷款借据进行维护修改。
【判断题】
利率维护后当天晚上批处理EOD时生效。
【判断题】
当天做过提前还本,当天可以再进行变更自主还款计划。
【判断题】
还款账号可作变更/新增/删除,一个贷款最多可关联两个还款账号。
【判断题】
当天做过提前还本,当天不能变更自主还款计划。自主还款计划变更后当天可做提前还本,有欠款情况下允许自主还款计划变更。
【判断题】
按揭还款方式变更支持等额本息按月与等额本金按月互换,等额本息按季与等额本金按季互换。但在变更前如有欠款,也无需先将欠款归还。
