【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
推荐试题
【单选题】
判断题实验证明,在纯电容电路中,交流电的频率越高,容抗就越大。___
【单选题】
单选题通过电磁感应现象可以知道,线圈中磁通变化的频率越快,线圈的感应电动势___。
【单选题】
判断题变电所运行中,如交接班时发生事故,应由接班人员负责处理。___
【单选题】
判断题工作许可人(运行值班负责人)应负责审查工作票所列安全措施是否正确完善,是否符合现场条件,并负责落实施工现场的安全措施。___
【单选题】
单选题电力电缆中,将线芯与大地以及不同相的线芯间在电气上彼此隔离的为___。
【单选题】
单选题继电保护的()是指发生了属于它该动作的故障,它能可靠动作而在不该动作时,它能可靠不动。___
【单选题】
判断题系统是指电源中性点直接接地,而设备的外露可导电部分经各自的线分别直接接零线的三相四线制低压供电系统。___
【单选题】
单选题运行中的断路器日常维护工作包括对___的定期清扫。
A. 不带电部分
B. 绝缘部分
C. 二次控制回路
【单选题】
判断题接地系统的单相触电比不接地系统的单相触电危险性大。___
【单选题】
判断题接地线接地刀闸与检修设备之间不得连有断路器(开关)或熔断器。___
【单选题】
单选题断路器的缺点之一是,气体在电弧的作用下分解的()气体有毒。___
【单选题】
判断题操作要按操作顺序填写,一张操作票只能填写一个操作任务。___
【单选题】
单选题下列()属于基本安全用具。___
A. 绝缘棒绝缘夹钳
B. 绝缘手套绝缘靴
C. 携带型接地线临时遮栏
【单选题】
判断题变压器的额定电流大小等于绕组的额定容量除以该绕组的额定电压及相应的相系数(单相为,三相为√)。___
【单选题】
判断题远方对装置进行信号复归属于及以下线路保护测控装置在信息方面的主要功能。___
【单选题】
判断题电流继电器的返回电流除以动作电流,叫做电流继电器的返回系数。___
【单选题】
判断题在防雷装置中用以接受雷云放电的金属导体称为消雷器。___
【单选题】
判断题为了保证电压质量合乎标准,往往需要装设必要的有功补偿装置和采取一定的调压措施。___
【单选题】
判断题以电气回路为基础,将继电器和各元件的线圈触点按保护动作顺序,自左而右自上而下绘制的接线图,称为展开图。___
【单选题】
判断题电力系统中危及电气设备绝缘的电压升高即为过电压。___
【单选题】
单选题两个电阻串联接入电路,当两个电阻阻值不相等时,则___。
A. 电阻大的电流大
B. 电阻小的电流小
C. 两电阻的电流相等
【单选题】
单选题当验明设备确已无电压后,应立即将检修设备三相短路并___。
【单选题】
判断题良好的摇表,在摇表两连接线()短接时,摇动手柄,指针应在“”处。___
【单选题】
判断题对于没有总降压变电所和高压配电所的用电区变电所或小型用户降压变电所,在变压器高压侧必须配置足够的高压开关设备以便对变压器控制和保护。___
【单选题】
判断题在供电要求中,对一类负荷中的特别重要负荷,除由两个独立电源供电外,还应增设应急电源,并可以将其他负荷接入应急供电系统。___
【单选题】
判断题电力电缆铠装和护套是用来保护电缆防止外力损坏的。___
【单选题】
判断题钳表在测量的状态下转换量程开关有可能会对测量者产生伤害。___
【单选题】
判断题当电压互感器二次断线时,备自投装置不应动作。___
【单选题】
判断题变压器额定容量的大小与电压等级也是密切相关的,电压低的容量较大,电压高的容量较小。___
【单选题】
86.单选题值班人员巡视时,发现高压带电设备接地,在室内人员不得接近故障点___。
【单选题】
判断题悬式绝缘子具有良好的电气性能和较高的机械强度,按防污性能分为普通型和防污型两种。___
【单选题】
单选题发生短路时,电力系统从正常的稳定状态过渡到短路的稳定状态,一般需___秒。
【单选题】
判断题在磁体内部,磁力线的方向是由极到达极。___
【单选题】
判断题倒闸操作先在一次系统模拟图上模拟操作,模拟操作完毕后,应检查操作票上所列项目的操作是否正确。___
【单选题】
判断题当电路发生短路或严重过负荷时,熔断器能自动切断故障电路,从而使电器设备得到保护。___
【单选题】
判断题临时遮栏设置在可能发生人体接近带电体的巡视通道和检修设备的周围。___
【单选题】
单选题在电阻并联的电路中,电路的电流等于___。
A. 各并联支路电流的平均值
B. 各并联支路的电流
C. 各并联支路的电流之
【单选题】
单选题高压开关柜巡视检查项目包括开关柜的___所在位置正确。
【单选题】
判断题三相交流对称电路中,如采用三角形接线时,线电流等于相电流的根号倍。___
【单选题】
判断题中小容量高压电容器普遍采用零序电流保护作为相间短路保护。___
