【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
推荐试题
【单选题】
秘密级文件、资料及其他物品,可以由___传递。
【单选题】
绝密级文件、资料在哪种情况下可以携带___。
A. 本单位办公室负责人批准,且两人同行,共同负责
B. 本单位主管领导人批准,且两人同行,共同负责
C. 本单位主管领导人批准,一人携带并负责
【单选题】
为境外的机构、组织、人员窃取、刺探、收买、非法提供国家秘密或者情报的,情节较轻的,处___有期徒刑、拘役、管制或者剥夺政治权利。
【单选题】
为境外的机构、组织、人员窃取、刺探、收买、非法提供国家秘密或者情报的,情节特别严重的,处___或者无期徒刑。
A. 二十年以上有期徒刑
B. 十五年以上有期徒刑
C. 十年以上有期徒刑389.行政机关应当建立健全政府信息发布(B),明确审查的程序和责任。A.定人定责机制 B.保密审查机制 C.领导审查机制
【单选题】
行政机关在公开政府信息前,应当依照《中华人民共和国保守国家秘密法》以及其他法律、法规和国家有关规定对拟公开的政府信息进行___。
【单选题】
国家秘密文件、资料及其他物品,应当存放在有利于安全保密的地方,并配备必要的___。
A. 安全保卫人员
B. 保密防范设施
C. 监控设施
【单选题】
国家秘密文件、资料应当按照___的规定定期清查、清退。
【单选题】
任用管理国家秘密文件、资料及其他物品的专职人员,应当遵循___的原则,并在上岗前进行保密教育。
A. 先审查后使用
B. 先使用后审查
C. 边使用边审查396.在销毁国家秘密过程中,以下哪种做法不对(A)。A.将解密的国家秘密文件作为废品出售B.销毁秘密文件应当在销毁前登记造册并经领导批准C.销毁国家秘密应当二人以上监销并以不能恢复为标准
【单选题】
公开出版发行的报刊、书籍、影视作品,不得涉及___。
【单选题】
发生向境外机构、组织、人员泄露国家秘密的,有关机关、单位应当在发现后的___向相应的保密工作部门或机构报告。
A. 12 小时之内
B. 24 小时之内
C. 48 小时之内
【单选题】
国家秘密事项变更密级不能标明密级的,有关单位应当及时将变更密级的决定通知___的人员。
A. 接触范围内
B. 机关单位内
C. 行政区域内402.下列属于密件的是(B)。A.发至省军级的国务院文件B.标明了密级的未公布的县级领导班子调整意见C.党内有关资料、材料、党刊、工作简报
【单选题】
一国家机关工作人员违反保密规定,携带秘密文件回家,途中文件不慎被盗不能追回。此人的行为属于___。
A. 故意泄露国家秘密行为
B. 过失泄露国家秘密行为C.故意和过失泄露国家秘密行为
【单选题】
《保密法》第三章规定,在有线、无线通信中传递国家秘密的,___。A.必须经有关领导批准 B.必须采取保密措施 C.必须经过保密部门批准408.不属于《保密法》调整范围的是(B).
A. 国家秘密
B. 工作秘密
C. 科学技术中的国家秘密事项
【单选题】
有权给予泄密责任人行政纪律处分的是___.
A. 责任人所在的机关、单位
B. 同级保密工作部门
C. 同级国家安全工作部门410.凡是向国际互联网的站点提供或发布信息,都必须经过(A)。A.保密审查批准 B.保密部门批准 C.上级机关批准
【单选题】
涉及国家秘密的计算机信息系统,不得___与国际互联网或其它公共信息网络相连接,必须实行物理隔离。
【单选题】
在管理曾经存储处理过国家秘密信息的计算机媒体的过程中,下列做法不正确的是___。
A. 没有降低密级使用
B. 不能使用时可以自行销毁
C. 需要维修时应保证所存储的国家秘密信息不被泄露
【单选题】
涉密计算机信息系统选用的硬件设备,应尽量选用国产机型,必须使用国外产品时,在安装和启用前,应当由___进行保密性能检查。
A. 所在地同级保密工作部门
B. 自治区国家保密局
C. 本单位保密工作部门415.涉密计算机信息系统经过(C)后方可投入使用。A.保密检查 B.保密测试 C.申报审批
【单选题】
行政机关对政府信息不能确定是否可以公开时,应当依照法律、法规和国家有关规定报有关主管部门或者___确定。
A. 上级保密工作部门
B. 同级保密工作部门
C. 自治区国家保密局
【单选题】
___同志曾指出:“必须十分注意保守秘密,九分半不行,九分九也不行,非十分不可。”
【单选题】
个人参加会议带回的涉密文件资料应___。
A. 由个人妥善保管
B. 交保密室登记、管理
C. 自行销毁
【单选题】
《中华人民共和国刑法》规定:违反保守国家秘密法规,故意或过失泄露国家军事秘密,情节特别严重的,处___以下有期徒刑。
【单选题】
汇编涉密文件资料,其密级___进行标识。
A. 应按多数文件的密级
B. 至少应按机密级
C. 应按所采用文件资料的最高密
【单选题】
中央保密委员会《党政领导干部保密工作责任制的规定》中所指的党政领导干部是指在党和国家机关担任___的干部。
A. 县处级以上含县处级
B. 县处级以上不含县处级
C. 司局级以上含司局级
【单选题】
国家秘密是关系国家的安全和利益,依照___确定,在一定时间内只限一定范围的人员知悉的事项。
A. 法律规定
B. 法定程序
C. 有关法规规章
【单选题】
《印刷、复印等行业复制国家秘密载体暂行管理办法》中所指的国家秘密载体,特指依法确定为国家秘密事项,标有密级的___。
A. 文件、资料、图表、书刊
B. 文件、资料、图表、书刊及电磁信息载体C.文件、资料、图表、书刊及音像制品
【单选题】
《保密法》规定:一切国家机关、武装力量、政党、社会团体、企业事业单位和公民都有保守___的义务。
A. 党和国家工作秘密
B. 国家秘密
C. 企业商业秘密
【单选题】
某国家机关工作人员,未经批准,私自留存国家秘密文件,他的行为属于___行为。
A. 违反保密规定的
B. 非法持有国家秘密的犯罪C.违反国家机关工作人员职业道德的
【单选题】
国家秘密事项的密级需要变更时,一般___。A.只能由确定密级的机关、单位及时变更 B.只能由上级机关直接变更C.由原确定密级和保密期限的机关、单位决定,也可以由其上级机关决定433.泄密案件查处工作的基本程序包括(A)。
A. 立案、调查和处理
B. 立案、处理和执行
C. 调查、处理和检查
【单选题】
根据《行政机关公务员处分条例》的相关规定,泄露国家秘密、工作秘密,或者泄露因履行职责掌握的商业秘密、个人隐私,造成不良后果且情节严重的,给予___。
A. 警告、记过或者记大过处分
B. 降级或者撤职处分
C. 开除处分
【单选题】
根据《关于国家秘密载体保密管理的规定》,制作秘密载体,应当依照有关规定标明密级和保密期限,注明发放范围及制作数量,___。
A. 绝密级、机密级、秘密级的都应编排顺序号
B. 绝密级、机密级的应编排顺序号
C. 秘密级的应编排顺序号
【单选题】
紧急情况下,传递国家秘密信息___。
A. 可以使用普通传真机
B. 可以使用经国家密码管理委员会批准使用的商用密码传真机
C. 不能使用普通传真机或商用密码传真机
【单选题】
某文件标明“绝密★”,表示密级为绝密,保密期限为___。
【单选题】
在任何情况下,都禁止将___级秘密载体携带出境。
【单选题】
我市某单位有一份涉密文件要寄往贵阳,应通过___传递。
【单选题】
对外经济合作中所提供资料的保密工作,由___具体负责。
A. 业务主管机关
B. 对外经济合作项目的主办单位
C. 保密工作部门
【单选题】
国家秘密载体保密管理的原则是___。
A. 领导负责进行管理
B. 各处室严格进行保管
C. 严格管理、严密防范、确保安全、方便工作
【单选题】
新闻、出版工作者工作中接触的国家秘密事项,非经___同意,不得擅自公开发表。
A. 保密部门
B. 主管部门
C. 同级人民政府444.新闻出版保密审查,实行(C)的制度。A.送审 B.自审 C.自审与送审相结合
【单选题】
涉密会议的保密工作,主要包括会议保密工作方案的制订,会议过程中各项保密措施的落实,对会议有关人员的保密管理,以及会议___的选择等。
