【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
推荐试题
【单选题】
液硫泵采用___?
A. 离心泵
B. 螺杆泵
C. 往复泵
D. 齿轮泵
【单选题】
为了防止液硫凝固,液硫管线应用___。
A. 岩棉管壳保温
B. 拌热管线拌热
C. 夹套管拌热或者电伴热
D. 不保温
【单选题】
停重沸器时要注意___。
A. 可以快速停冷热源
B. 先停热源再停冷源,而且速度要缓慢
C. 热源快停,冷源慢停
D. 随便先停哪个
【单选题】
以下那个阀门表示截止阀___。
A. Z41H-25DN50
B. H44H-25DN50
C. J41H-16DN50
D. Q41F-16DN50
【单选题】
溶剂再生富液过滤器属于以下哪种过滤器___
A. Y型过滤器
B. 自动反冲洗过滤器
C. 篮式过滤器
D. T型过滤器
【单选题】
以下哪项不是硫封罐的作用___
A. 防止气体从液硫线进液硫池
B. 保护风机
C. 不使装置憋压
D. 提高操作压力
【单选题】
硫化氢是无色、有___气味,是一种强烈的神经毒物。
【单选题】
硫化氢在低浓度时,臭鸡蛋味的增强与浓度的升高成正比,但浓度超过___左右之后,浓度继续升高而臭鸡蛋味反而减弱,以至不能察觉。
A. 10mg/m3
B. 100mg/m3
C. 500mg/m3
D. 1000mg/m3
【单选题】
我国卫生标准规定空气中硫化氢的最高容许浓度为___。
A. 10mg/m3
B. 20mg/m3
C. 30mg/m3
D. 50mg/m3
【单选题】
用火化验分析标准中,爆炸下限小于4%的可燃气体,其可燃物含量小于或等于___为合格;爆炸下限大于或等于4%的可燃气体,其可燃物含量小于或等于( )为合格。
A. 0.2% 0.5%
B. 0.3% 0.5%
C. 0.5% 0.5%
D. 0.5% 0.2%
【单选题】
用火作业时,乙炔气瓶、氧气瓶与火源间的距离不得少于___米。
【单选题】
用火作业时,乙炔气瓶与氧气瓶之间的距离不得少于___米。
【单选题】
气体测爆仪测定的是可燃气体的___。
A. 爆炸下限
B. 爆炸上限
C. 爆炸极限范围
D. 浓度
【单选题】
用火作业点周围___范围内禁止排放各类可燃气体
【单选题】
用火作业点周围___范围内禁止排放各类可燃物体
【单选题】
在卧室内听到外面发生火灾的报警后,如感觉房门发热,这时正确的做法是___
A. 迅速打开房门,快速冲出逃生
B. 用衣物等封堵门缝,设法从窗户逃生或等待救援
C. 藏到壁橱中以避烟气
D. 打开房门和窗户,等待救援
【单选题】
某容器中的混合气体含有甲烷、乙烷。甲烷的爆炸下限为5.0%,上限为15.0%;乙烷的爆炸下限为2.9%,上限为13.0%。动火环境中可燃气体的浓度最高不得超过___
A. 2%
B. 1%
C. 0.5%
D. 0.2%
【单选题】
石油化工装置检维修涉及大量动火作业,为确保动火作业安全,应落实有关安全措施。下列关于动火作业安全措施的说法中,错误的是___
A. 动火地点变更时应重新办理审批手续
B. 高处动火要落实防止火花飞溅的措施
C. 停止动火不超过2小时不需要重新确认现场安全措施
D. 特殊动火分析的样品要保留到动火作业结束
【单选题】
下列不属于进受限空间作业监护人职责的是___
A. 熟悉作业区域的环境和工艺情况
B. 处理异常情况的能力
C. 清点出入受限空间作业人数
D. 对装置进行定时巡回检查
【单选题】
下列关于进设备作业监护人的职责论述中,不正确的是___。
A. 监护人应熟悉作业区域的环境、工艺情况及作业内容,有判断和处理异常情况的能力,懂急救知识。
B. 监护人在作业人员进设备(受限空间)作业前,负责对安全措施落实情况进行检查,发现安全措施未完全落实或安全措施不完善时,可要求边施工边整改。
C. 监护人应控制、清点出入设备(受限空间)人数,并与作业人员确定联络信号,在出入口处保持与作业人员的联系,发现异常情况时,应及时制止作业,并立即采取救护措施。
D. 监护人要携带《进设备作业许可证》,按时检查各项安全措施落实情况,做好相应的记录。
【单选题】
在设备内进行检修作业,要求有足够的照明,设备内照明电压应不大于___,在潮湿容器,狭小容器内作业应小于等于( ),灯具及电动工具必须符合防潮,防爆等安全要求。
A. 36V、12V
B. 24V、24V
C. 36V、36V
D. 42V、12V
【单选题】
正常情况下,空气呼吸器气瓶工作压力为30MPa,最小应为___MPa,使用时间约40-50分钟。
【单选题】
使用空气呼吸器应急处置时,气瓶压力过低发生报警,还可以使用___时间。
A. 1至2 分钟
B. 3至5分钟
C. 8至10分钟
D. 10至20分钟
【单选题】
高处作业是指___
A. 高层建筑的作业;
B. 可能发生坠落的作业;
C. 坠落基准面2米以上的作业;
D. 2米高度以上的作业
【单选题】
急性中毒现场抢救的第一步是___。
A. 迅速报警
B. 迅速拨打急救电话
C. 迅速将患者转移至空气新鲜处
D. 迅速做人工呼吸
【单选题】
按安全色的使用规定,红色表示什么意思?___
A. 指令、必须遵守
B. 停止、禁止
C. 注意、警告
D. 指示、告知
【多选题】
催化剂装填催化剂上下面需要装填一定厚度的瓷球,是起___作用。
A. 均匀分布
B. 保护
C. 增加压降
D. 减慢气速
【多选题】
下列关于引燃料气进装置的说法正确的是___。
A. 引燃料气前先用蒸汽将系统吹扫干净
B. 吹扫干净后用氮气置换系统,系统中氧含量应小于0.5%
C. 吹扫干净后用氮气置换系统,系统中氧含量应小于1.0%
D. 瓦斯系统氮气置换完毕后,关闭各放空阀,系统保持微正压,准备瓦斯引进装置
【多选题】
溶剂发泡时,采取措施正确的是___。
A. 添加适量的消泡剂
B. 加强溶剂过滤
C. 检查储罐氮封是否完好,防止空气漏入
D. 加水置换
【多选题】
瓦斯带水的工艺现象___。
A. 炉膛火焰发红
B. 炉膛压力上升
C. 炉膛出口温度急剧下降
D. 如带水过多火焰熄灭
【多选题】
原料水罐顶部阻火器堵的工艺现象是___。
A. 罐顶气流量无
B. 焚烧炉温度上升
C. 原料水罐氧含量下降
D. 阻火器前压力上升
【多选题】
贫液空冷器坏,操作上正确的处理方法是___。
A. 提高溶剂循环量
B. 适当降低急冷塔顶温度
C. 降低再生塔底温度
D. 降低溶剂浓度
【多选题】
酸性污水中氨存在的形式主要有___。
A. 铵盐态固定铵
B. 游离氨
C. NH4-
D. NH3-
【多选题】
停循环水工艺现象___
A. 氨一级分液罐温度升高
B. 氨二级分液罐温度升高
C. 氨精制塔温度减低
D. 循环水流量指示为零
【多选题】
停工检修过程防止硫化亚铁自燃的措施,以下哪些是正确的___。
A. 使用除臭剂清洗硫化亚铁
B. 注意DCS内设备温度是否上升
C. 注意在人孔边准备好水皮带
D. 用动力风吹扫
【多选题】
硫封罐进口液硫管线堵塞主要判断方法有___。
A. 观察硫封罐溢流口液硫流动情况
B. 检查管线伴热情况
C. 观察系统压力是否有升高现象
D. 观察硫冷器是否有剧烈震动现象
【多选题】
尾气焚烧炉联锁自保后重新点炉前需做的工作是___。
A. 联锁复位
B. 空气吹扫炉膛
C. 蒸汽吹扫炉膛
D. 瓦斯引入炉膛
【多选题】
蒸汽发生器烧干的现象是___。
A. 蒸汽流量下降。
B. 烟气出口温度升高
C. 烟气出口温度降低
D. 汽包无液位
【多选题】
气动薄膜调节阀工作不稳定,产生振荡,是因为___。
A. 调节器输出信号不稳定
B. 管道或基座剧烈振动
C. 阀杆摩擦力大,容易产生迟滞性振荡
D. 执行机构刚度不够,会在全行程中产生振荡;弹簧预紧量不够,会在低行程中发生振荡
【多选题】
单参数控制系统中,调节阀的气开为+A,气关阀为-A,调节阀开大被调参数上升为+B,下降为-B,则___。
A. A*B=+,调节器选正作用
B. A*B=+,调节器选反作用
C. A*B=-,调节器选正作用
D. A*B=-,调节器选反作用
