【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
推荐试题
【多选题】
在新的历史条件下,加强和改进党的建设 ___
A. 一定要高举邓小平理论伟大旗帜,认真贯彻“三个代表”要求,保证党的路线方针政策全面反映人民的利益和时代发展的要求
B. 一定要坚持党要管党、从严治党的方针,进一步解决提高党的领导水平和执政水平,提高拒腐防变和抵御风险能力这两大历史性课题,始终保持党同人民群众的血肉联系
C. 一定要准确的把握当代中国社会前进的脉搏,改革和完善党的领导方式和执政方式、领导体制和工作制度,使党的工作充满活力
D. 一定要把思想建设、组织建设、作风建设有机结合起来,把制度建设贯穿其中,既立足于经常性工作,又抓紧解决存在的突出问题
E. 一定要加强对权力的制约和监督,扩大党员和群众对干部选拔任用的知情权、参与权、选举权和监督权
【多选题】
党的先进性是具体的历史的,理解党的先进性必须 ___
A. 放到推动当代中国先进生产力的发展中去考察
B. 放到推动当代中国先进文化的发展中去考察
C. 放到维护和保持社会稳定、人民团结的局面中去考察
D. 放到维护和实现最广大人民的根本利益的斗争中去考察
E. 要看党在推动历史前进中的实际作用
【多选题】
党的十六大报告指出:贯彻“三个代表”重要思想,必须使全党始终保持与时俱进的精神状态。与时俱进,就是党的全部理论和工作要 ___
A. 体现时代性
B. 把握规律性
C. 富于创造性
D. 提高自觉性
E. 坚持科学性
【多选题】
“三个代表”重要思想形成的社会历史条件是 ___
A. 当代世界的新变化是“三个代表”重要思想形成的时代背景
B. 社会主义兴衰成败的经验教训是“三个代表”重要思想形成的历史依据
C. 国情和党情的新变化是“三个代表”重要思想形成的现实依据
D. 反映了当代世界和中国的发展变化对党和国家工作的新要求
E. 科学判断党的历史方位的基础上提出来的
【多选题】
马克思列宁主义、毛泽东思想、邓小平理论和“三个代表”重要思想是一脉相承的科学思想体系,是因为它们都 ___
A. 面对着同样的历史任务
B. 贯穿着辩证唯物主义和历史唯物主义的世界观和方法论
C. 是同中国革命和建设实践相结合的产物
D. 代表着最广大人民的根本利益
E. 是中国共产党集体智慧的结晶
【多选题】
在对待马克思主义的态度上,江泽民同志始终强调有两点是要坚定不移,不能含糊的,这两点是 ___
A. 必须坚持马克思主义的立场、观点和方法,坚持马克思主义基本原理
B. 必须贯彻解放思想、实事求是的思想路线
C. 必须实现马克思主义中国化
D. 必须坚持马克思主义作为党的指导思想
E. 必须高举邓小平理论的伟大旗帜
【多选题】
要坚持以实际问题为中心研究马克思主义的方法,以我们正在做的事情为中心 ___
A. 着眼于马克思主义理论的运用
B. 着眼于不断创造新的理论
C. 着眼于先进生产力的发展
D. 着眼于对实际问题的理论思考
E. 着眼于新的实践和新的发展
【多选题】
江泽民同志指出:“三个代表”重要思想是发展的,前进的,这要求我们必须在 ___
A. 思想上不断有新解放
B. 理论上不断有新发展
C. 实践上不断有新创造
D. 改革上不断有新思路
E. 各项工作上不断有新举措
【多选题】
始终推动我国先进生产力发展和社会全面进步的根本力量是 ___
A. 工人阶级
B. 广大农民
C. 私营企业主
D. 知识分子
E. 民营科技企业工作者
【多选题】
“三个代表”是统一的整体,相互联系、相互促进的表现是___
A. 发展先进的生产力,是发展先进文化,实现最广大人民根本利益的基础条件
B. 人民群众是先进生产力和先进文化的创造主体,也是实现自身利益的根本力量
C. 不断发展先进生产力和先进文化,归根到底都是为了满足人民群众日益增长的物质文化生活需要,不断实现最广大人民的根本利益
D. 发展先进生产力是实现最广大人民的根本利益的目的
E. 发展先进生产力的目的是为了发展先进文化
【多选题】
总结中国共产党历史得出的基本经验是(或党80年实践得出的启示是___
A. 必须始终坚持马克思主义基本原理同中国具体实际相结合
B. 必须始终紧紧依靠人民群众
C. 必须始终自觉地加强和改进党的建设
D. 必须始终坚持解放生产力、发展生产力
E. 必须始终坚持解放思想、实事求是的思想路线
【判断题】
贯彻“三个代表”重要思想,必须把经济作为党执政兴国的第一要务,不断开创现代化建设的新局面。
【判断题】
“三个代表”重要思想创造性地回答了建设什么样的党、怎样建设党的问题
【判断题】
贯彻“三个代表”重要思想,核心是坚持党的领导。
【判断题】
“三个代表”重要思想的本质是保持党的先进性
【判断题】
中国共产党第16次全国代表大会的历史性贡献是提出了全面推进党的建设的新的伟大工程
【判断题】
贯彻“三个代表”思想,关键在坚持群众路线
【判断题】
始终做到“三个代表”,是我们党的立党之本、执政之基、力量之源。这里的“本”、“基”、“源”,是指人民群众的支持和拥护
【判断题】
江泽民在2003年“七一”讲话中指出,实现人民的愿望,满足人民的需要,维护人民的利益,是“三个代表”思想的灵魂
【判断题】
十六大党章关于党的指导思想的表述是 马克思列宁主义为指导思想
【判断题】
“三个代表”重要思想是在 科学判断党的历史方位的基础上提出来的
【判断题】
中国共产党坚持先进性增强创造力的决定性因素是 坚持党的基本路线不动摇
【判断题】
贯彻“三个代表”重要思想,必须使全党始终保持与时俱进的精神状态,与时俱进就是 党的全部理论和工作要体现时代性,把握规律性,富于创造性
【判断题】
中国共产党能否始终做到与时俱进决定着 党能否始终保持党的先进性
【判断题】
十六大实现的我们党指导思想上的又一个与时俱进是 将“三个代表”重要思想确立为党必须长期坚持的指导思想
【单选题】
当前我国发展的阶段性特征,是___在新世纪新阶段的具体表现。
A. 社会主义初级阶段基本路线
B. 社会主义初级阶段基本国情
C. 社会主义初级阶段基本纲领
D. 社会主义初级阶段基本形势
【单选题】
党的十七大,是我们党在___关键阶段召开的一次十分重要的代表大会。
A. 改革发展
B. 改革调整
C. 开放巩固
D. 改革开放
【单选题】
确定科学发展观的根本依据是___
A. 社会主义初级阶段的基本国情
B. 社会主义和谐社会的内在要求
C. 新世纪新阶段的阶段性特征
D. 全球化时代的国际环境
【单选题】
___伟大旗帜,是当代中国发展进步的旗帜,是全党全国各族人民团结奋斗的旗帜。
A. 中国特色社会主义
B. 有中国特色社会主义
C. 中国现代化
D. 社会主义
【单选题】
科学发展观的第一要义是___。
A. 科教兴国
B. 要用新的发展思路实现更快更好地发展
C. 发展
D. 发展战略
【单选题】
科学发展观的基本要求是___。
A. 发展
B. 全面协调可持续
C. 统筹兼顾
D. 以人为本
【单选题】
科学发展观的内涵极为丰富,其基本要求是___
A. 以人为本
B. 执政为民
C. 全面协调可持续
D. 统筹兼顾
【单选题】
以人为本,体现了马克思主义基本原理中的___。
A. 历史唯物论
B. 辩证唯物论
C. 实践论
D. 认识论
【单选题】
科学发展观的出发点和落脚点是___
A. 全面的发展
B. 协调的发展
C. 可持续的发展
D. 促进经济社会和人的全面发展
【单选题】
科学发展观的实质是___
A. 速度至关重要
B. 以人为本
C. 要实现经济社会又好又快的发展
D. 全面协调可持续
【单选题】
___是科学发展的受益者,也是科学发展的实践者和推动者。
A. 人民群众
B. 领导干部
C. 知识分子
D. 公务员
【单选题】
全面发展是科学发展观的基本要求之一,就是要以___为中心,全面推进经济、政治、文化建设,实现经济发展和社会全面进步。
A. 经济建设
B. 科学文化发展
C. 人民群众的素质
D. 改革开放的深度
【单选题】
必须坚持把___作为党执政兴国的第一要务。
A. 科教兴国
B. 科学发展
C. 执政兴国
D. 人民幸福
【单选题】
深入贯彻落实科学发展观,要始终坚持以___为中心,以发展为主题。
A. 政治建设
B. 文化建设
C. 经济建设
D. 社会建设
【单选题】
构建社会主义和谐社会的领导核心和依靠力量是___
A. 坚持以人为本
B. 坚持科学发展
C. 坚持正确处理改革发展稳定的关系
D. 坚持在党的领导下全社会共同建设
