【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
推荐试题
【多选题】
使用华为BCManagereBackup进行数据备份时,备份数据可以通过以下哪些类型的网络从生产存储发送到备份存储?___
A. 承载FCSAN的FC网络
B. 承载IP SAN的IP网络
C. 承载生产网络的IP网络
D. 承载FusionStorage的IB网络
【多选题】
FusionCompute虚拟机创建内存快照失败,以下哪些情况可能引起此故障? ___
A. 虚拟机操作系统不支持创建内存快照
B. 当前主机上有其他虚拟机正在创建内存快照
C. 虚拟机所在集群的“主机内存复用”已禁用
D. 该虚拟机绑定了共享磁盘
【多选题】
华为BCManager eBackup可以针对以下哪些对象进行备份? ___
A. 被保护环境中的虚拟机
B. 被保护环境中的虚拟机磁盘
C. 被保护环境中的LUN
D. 被保护环境中的主机磁盘
【多选题】
FusionStorageBlock告警提示,“存储池故障, 存储池中有数据不可访问”。以下哪些是可能的___
A. 存储池中短时间内多个硬盘故障
B. 三副本数据中的最后一个副本所在硬盘或Cache发生不可读故障
C. 存储网络异常
D. 硬盘空间不够
【多选题】
对FusionSphere OpenStack中的Swift项目,以下哪些是它的特点?___
A. 大规模线性扩展
B. 无状态的接入控制节点,处理海量用户请求
C. 高成本
D. 跨多站点的数据同步和访问
【多选题】
在FuisonSphere OpenStack对接KVM场景中,以下关于存储的描述些是正确的?___
A. 对接OceanStor V3存储的最小粒度是存储池
B. 对接FusionStorage的最小粒度是存储池,每个卷对应一个云硬盘
C. cinder-volume角色部在计算节点上
D. cinder-volume角色与IPSAN控制器通过iSCSI协议进行交互
【多选题】
FustionStorage Blok创建控制集群失败,以下哪些是可能导致此故的原因? ___
A. 主备FusionStorage Manager之间网络异常
B. SSL证书无效
C. 各个主机节点时间不同步
D. FusionStorage Manager有残留MDC进程
【多选题】
关于FusionAccess桌面虚拟机类型,以下哪些说法是不正确的? ___
A. 链接克隆母卷最多为128个
B. 完整复制虚拟机上用户数据的变更不可以保存,支持关机还原和一锁式还原功能
C. 快速封装虚拟机比完整复制虚拟机发放速度更快,是因其在创建时,没有解封装过程 ,并且已经提前加域
D. 全内存虚拟机是指整个虚拟机都运行在内存中
【多选题】
FusionSphere服务器虚拟化场景中,以下那些承载业务网络平面的物理交换机端口典型配置?___
A. LACP负载均衡
B. 端口模式配置为ACCESS
C. 端口配置限速
D. 端口模式配置为TRUNK
【多选题】
FusionSphere统安装工具无法发现主机, 以下哪些情况可能引起此故障? ___
A. 本地PC机与主机安装平面不在同一个网段,且未配置DHCP中继
B. 主机网卡未启动PXE功能
C.
D. HCP地址池中没有空闲IP
【多选题】
关于FusionCompute集群创建的描述,以下哪些是正确的? ___
A. 集群开启HA后,集群内的虚拟机才可以开启HA
B. 集群开启IMC模式,可以避免因CPU不兼容而导致的虚拟机迁移失败
C. 集群开启主机内存复用后,主机上创建的虚拟机内存总数可以超过主机物理内存
D. 集群开启GuestNUMA后,集群内的虚拟机需重启才能生效
【多选题】
誉天 计划构建云数据中心,把现有办公系统切换到云计算环境上运行,规划存储总容量时,以下哪些属于需要考虑的因素?___
A. RAID
B. LUN
C. IOPS
D. 硬盘容量
【多选题】
如下哪些属于FusionCompute支持HA场景?___
A. 主机故障后HA
B. 存储链路中断后HA
C. 网络连接中断后HA
D. 虚拟机蓝屏后HA
【多选题】
以下哪些是华为全内存桌面的使用模式?___
A. Copy Mode
B. Share Mode
C. Link Mode
D. Pool Mode
【多选题】
在FusionCompute中, CNA主机与VRM心跳连接异常的原因包括以下哪些?___
A. CNA主机离线
B. CNA主机处于维护模式
C. CNA主机管理网口异常
D. CNA主机进程异常
【多选题】
在使用Rainbow迁移时,关于文件级迁移和块级迁移适用场景的描述,以下哪些正确的? ___
A. 文件级迁移适用于需要对目的端磁盘扩容或减容的场景
B. 块级迁移适用于源端包含大量小文件的主机
C. 块级迁移适用于源端磁盘使用率低的主机
D. 块级迁移的目的端分区结构与源端需要保持致
【多选题】
FusionCompute主机添加数据存储失败,以下哪些属于可能的故障原因? ___
A. 数据存储挂载目录被占用
B. 主机无法访问存储
C. 主机管理网络异常
D. 首次添加某个LUN为虚拟化数据存储时,未选择格式化
【多选题】
在使用Rainbow迁移时,关于Windows在线文件级迁移方式的描述,以下哪些是正确的?___
A. 速度快
B. 支持分区大小调整
C. 速度相对较慢
D. 分区结构必须与源端保持一致
【多选题】
在FusionSphere OpenStack中,使用哪些网络平面地址可以登陆CPS界面? ___
A. Internal Base
B. External Base
C. External OM
D. External API
【多选题】
ManageOneOperationCenter通过以下哪些方式从下层管理系统同步警告数据?___
A. FTP
B. SNMP Trap
C. 定时查询(HTTPS)
D. SMTP
【多选题】
在ManageOne ServiceCenter上创建虚拟机失败,使用ssh登录FusionSphere OpenStack后台查看日志,以下哪些路劲日志是应该查看的?___
A. /var/fusionsphere/operate/nova-api
B. /var/log/fusionsphere/componen t/nova -api
C. /var/fusionsphere/operate/cinder -api
D. /var/log/fusionsphere/component/cinder-api
【多选题】
FusionSphere 服务器虚拟化场景中,用户业务单独组网,计算节点主机必须连接到以下哪些网络平面?___
A. 业务平面
B. 管理平面
C. 存储平面
D. VIMS控制平面
【多选题】
以下哪些华为桌面云组件在生产环境中不建议采用节点部署方式?___
A. ITA
B. HDC
C. TCM
D. WI
【单选题】
1:客户风险等级分类工作应当遵循的原则中哪个为基本原则___。
A. 了解你的客户原则
B. 审慎性原则
C. 持续性原则
D. 信息保密原则
【单选题】
2:各营业网点在分析客户风险等级时,对于风险级别介于相邻等级之间的,原则上应归入___客户进行管理。
A. 较低等级风险类
B. 较高等级风险类
C. 中等等级风险类
【单选题】
3:故意隐瞒身份、拒绝提供有效身份证件或者其他身份证明文件的客户,其风险等级可以调整为___客户。
A. 高风险
B. 中风险
C. 低风险
D. 无风险
【单选题】
4:对以开立账户形式新建立业务关系的客户,网点柜员应于业务关系建立后的___个工作日内,根据客户的基本信息中有关“国籍”、“行业”、“职业”等重要信息和其他资料信息,完成客户洗钱风险等级划分工作,并在反洗钱系统中选定该客户的风险等级标识。
【单选题】
5:营业网点柜员在对经分析认定为高风险等级的个人及单位客户,应在高风险客户的账户开立___个工作日内完整填写《高风险个人客户认定表》或《高风险单位客户认定表》经支行主管会计初审和支行行长复核后,交总行反洗钱牵头管理部门负责人批准。
【单选题】
6:高风险等级客户基本信息审核频率为___
A. 自评定风险等级后,每三个月审核一次
B. 自评定风险等级后,每半年审核一次
C. 自评定风险等级后,每年审核一次
D. 自评定风险等级后,每两年审核一次
【单选题】
7:低风险等级客户基本信息审核频率为___
A. 自评定风险等级后,每三个月审核一次
B. 自评定风险等级后,每半年审核一次
C. 自评定风险等级后,每年审核一次
D. 自评定风险等级后,每两年审核一次
【单选题】
8:中风险等级客户基本信息审核频率为___
A. 自评定风险等级后,每三个月审核一次
B. 自评定风险等级后,每半年审核一次
C. 自评定风险等级后,每年审核一次
D. 自评定风险等级后,每两年审核一次
【单选题】
9:当中低风险等级客户调整为高风险等级客户或高风险等级客户调整为中低风险等级客户时,经主管会计及支行行长批准同意后,还需报本行___批准。
A. 反洗钱牵头管理部门反洗钱联络员
B. 反洗钱牵头管理部门负责人
C. 反洗钱钱牵头管理部门分管领导
D. 本行行长
【单选题】
10:有权机关直接到各支行进行查询、冻结、扣划时,有权机关查询、冻结、扣划完成后,支行于___日内向反洗钱牵头管理部门提交( ),经反洗钱牵头管理部门负责人批准后,在反洗钱系统内将该客户等级调为高风险。
A. 15、《建议调整申请表》
B. 10、《建议调整申请表》
C. 15、《高风险个人客户认定表》或《高风险单位客户认定表》
D. 10、《高风险个人客户认定表》或《高风险单位客户认定表》
【单选题】
11:《高风险个人客户认定表》、《高风险单位客户认定表》以及调整为高风险客户的《客户风险等级建议调整申请表》等资料的保管期限为应自认定或调整为高风险客户当年起算,至少___年。
A. 5年
B. 10年
C. 15年
D. 20年
【单选题】
12:大额交易报告是指:凡交易金额在规定金额以上的交易,不论是否异常,都要由营业网点于交易发生后___个工作日内在反洗钱系统中上报。
【单选题】
13:当日单笔或者累计人民币交易___万元以上(含)、外币等值( )万美元以上(含)的现金缴存、现金支取、现金结售汇、现钞兑换、现金汇款、现金票据解付及其他形式的现金收支,应当通过反洗钱系统提交大额交易报告。
A. 5、1
B. 10、2
C. 10、1
D. 20、1
【单选题】
14:自然人客户银行账户与其他的银行账户之间发生当日单笔或者累计交易人民币___万元以上(含)、外币等值( )万美元以上(含)的境内款项划转,应当通过反洗钱系统提交大额交易报告。
A. 20、1
B. 20、5
C. 50、10
D. 50、5
【单选题】
15:系统未提取到,按照规定应上报而未上报的大额交易,本行各营业机构应在交易发生后的___个工作日内通过手工方式增加大额交易。
【单选题】
16:本行各营业机构在以开立账户等方式与客户建立业务关系或客户为他人提供交易金额单笔人民币___万元以上或外币等值( )美元以上的现金汇款(含无卡、无折存现业务)、现钞兑换、票据兑付等一次性金融服务时,应通过以联网核查为主的方式核对、登记客户身份证件或其他身份证明文件并留存复印件、登记客户联系方式。
A. 2、1000
B. 1、1000
C. 2、2000
D. 1、2000
【单选题】
17:遵循___的原则,针对具有不同洗钱或者恐怖融资风险特征的客户、业务关系或者交易,本行各营业机构应采取相应的措施,了解客户及其交易的目的和交易性质,了解实际控制客户的自然人和交易的实际受益人。
A. 认识你的客户
B. 熟悉你的客户
C. 了解你的客户
D. 见过你的客户
