【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
推荐试题
【判断题】
境内机构开立的经常项目外汇账户只能用于经常项目支出,不能用于经外汇局批准的 资本项目支出
【判断题】
金融机构同业外汇存款账户的开立适用《境内外汇账户管理规定》
【判断题】
具有外交豁免权的外国使领馆、国际组织驻华代表机构在境内外汇账户的开立,适用 《境内外汇账户管理规定》
【判断题】
金融机构在为客户办理继承财产转移购付汇业务时,应当审核被继承人生前户籍所在地外汇局的核准件,当继承人从不同被继承人处继承财产,提交其中一个被继承人生前户籍所在地外汇局的核准件
【判断题】
实施外商投资企业资本金意愿结汇政策的,结汇待支付账户内人民币资金可以购汇划回 资本金账户。
【判断题】
银行在办理境外直接投资企业利润汇回业务时,为查询企业是否已办理境外投资登记情 况,需审核业务登记凭证。
【判断题】
银行在办理境外直接投资企业利润汇回业务时,无需审核境外企业的相关财务报表及利 润处置决议等境内投资主体获得境外企业利润的相关真实性证明材料。
【判断题】
银行在办理境外直接投资企业利润汇回业务后应及时完成国际收支申报手续。
【判断题】
境外直接投资企业汇回利润可保留在企业的经常项目外汇账户或直接结汇。
【判断题】
境外直接投资企业汇回利润不允许直接结汇,只有进入经常项目外汇账户后方可结汇。
【判断题】
外汇指定银行为外国投资者办理前期费用基本信息登记时,进行登记的主体是外国投资者。
【判断题】
企业在外汇局办理境外放款额度登记后,银行在审核业务登记凭证后,可根据企业申请直接办理开户。
【判断题】
银行应在办理境外放款专用账户开立或注销业务后及时向外汇局资本项目信息系统报送 有关信息。
【判断题】
实施外商投资企业资本金意愿结汇政策的,外商投资企业同名“结汇待支付账户”间 的资金可以相互划转。
【判断题】
境内机构境外直接投资资金需要汇出的,企业只能按照外汇局资本项目系统中的登记 币种汇出。
【判断题】
境内机构开展境外直接投资可以在外汇局资本项目信息系统已登记的总额度内,分别 在多家银行汇出境外直接投资资金。
【判断题】
境外资产变现账户的开立和关户均需要外汇局批准。
【判断题】
境内机构境外直接投资资金为境外自筹解决的,也需要到银行办理境内机构境外直 接投资登记。
【判断题】
境内机构对境外投资企业减资的资金,如需调回境内,减资所得资金应汇入境内资产 变现账户。
【判断题】
外汇资本金账户内资金结汇时,银行既不需要审核开户主体提交的该笔结汇对应的出 资确认登记表也不需要银行入账登记信息。
【判断题】
资本金账户利息可凭银行出具的利息清单直接办理结汇。
【判断题】
石油类对外合作项目的资本金结汇,可凭企业提交的结汇计划,进行真实性审核后直 接办理。
【判断题】
未办理出资确认或入账登记的外商投资企业资本金可以办理付汇业务。
【判断题】
外商投资企业资本金结汇所得人民币资金不可以向任何单位发放委托贷款。
【判断题】
单一企业每月备用金(含意愿结汇和支付结汇)支付累计金额不得超过等值20万美元。
【判断题】
如果外汇局资本项目信息系统中的“外汇局批件号/备案表号/业务编号”填写错, 但其他关联条件能满足,国际收支数据不会滞留。
【判断题】
境外机构在境内设立的分支、代表机构和境外个人将因未购得退回的人民币购房款购 汇汇出时,经办银行无需审核其原结汇凭证。
【判断题】
境外机构在境内设立的分支、代表机构和境外个人转让境内商品房所得资金购付汇时, 一套商品房出售所得资金可分次汇出。
【判断题】
未办理入账登记的外商投资企业资本金可以办理付汇业务。
【判断题】
境内再投资专用账户应以接收境内外汇再投资或股权转让对价外汇资金的主体名义开 立。
【判断题】
保证金专用外汇账户划出资金,银行应审核交易真实性、合法性证明材料。
【判断题】
31境内机构按支付结汇原则结汇所得人民币资金不得通过结汇待支付账户进行支付。
【判断题】
32结汇待支付账户内的人民币资金可用于转存定期或购买银行保本理财产品。
【判断题】
外商投资企业可在不同银行开立多个外汇资本金账户。
【判断题】
资本金账户接收到的境内原币划转资金,银行应与开户主体核对资金来源和用途是否 与账户收入范围相符,对于与收入范围不符的资金应原路汇回。
【判断题】
35依法终止的外商投资企业,按照国家有关规定进行清算、纳税后,属于外方投资者所有的人民币,可以向经营结汇、售汇业务的金融机构购汇汇出。
【判断题】
在办理外商投资企业清算所得资金分次汇出时,首次经办银行应在税务登记凭证上加 注已汇出金额,无需留存复印件。
【判断题】
外商投资企业减资所得资金可分笔办理汇出。
【判断题】
外商投资企业减资所得资金若分笔汇出只能在同一家银行办理。