【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
推荐试题
【填空题】
16. 三级保密资格单位保密委员会主任___由___担任。
【填空题】
17. 保密委员会和保密工作领导小组实行___制度。一级保密资格单位应当设置___保密管理工作的职能部门。
【填空题】
18. 一级保密资格单位涉密人员___人以下的,可不设立___部门,但应当确定一个部门履行___。
【填空题】
19. 二级保密资格单位涉密人员___人以下的,可不设立___部门,但应当确定一个部门履行___。
【填空题】
20. 三级保密资格单位应当确定负责保密管理工作的___,在保密委员会___领导下___保密管理职能。
【填空题】
21. 一级保密资格单位,涉密人员 1000 人___以上的,专职保密工作人员配备不得少于___人;
【填空题】
22. 一级保密资格单位,涉密人员 500 人___以上1000 人以下的,专职保密工作人员不得少于___人;100 人
【填空题】
___以上至 500 人以下的,专职保密工作人员不得少于___人; 100 人以下的,专职保密工作人员不得少于___人。
【填空题】
23. 二级保密资格单位涉密人员 1000 人___以上的,专职保密工作人员配备不得少于___人,200 人___以上1000 人以下的,专职保密工作人员不少于___人,200 人以下的,专职保密工作人员不得少于___人。
【填空题】
24. 三级保密资格单位涉密人员 100 人___以上的,专职保密工作人员不得少于___人;100 人以下的,配备___保密工作人员。
【填空题】
25. 保密委员会成员应当每年向___报告履职情况。
【填空题】
26. 一级保密资格单位涉密人员超___人___的部门,应当配备___名专职保密工作人员。100 人以下的,配备___保密工作人员。
【填空题】
27. 专职保密工作人员___人___以上的,应当配备___名保密技术管理人员。
【填空题】
28. 保密工作机构人员应当经过保密知识技能___。
【填空题】
29. 一级保密资格单位,保密制度分为___制度和___制度。
【填空题】
30. 二级保密资格单位,保密制度分为___制度和___制度。
【填空题】
31. 保密制度应当___、___,具有___,并根据实际情况及时修订。
【填空题】
32. 保密制度应当包括保密责任___,___,___,___,___,___,___,信息系统、信息设备和存储设备,新闻宣传,涉密会议,协作配套,涉外活动,外场试验,___,___,___等方面基本要求。
【填空题】
33. 单位应当明确定密程序,制定《___》,并根据情况变化及时调整。
【填空题】
34. 单位对产生的国家秘密事项应当及时确定___、___和___ 。
【填空题】
35. 法定代表人或者主要负责人对单位定密工作___。
【填空题】
36. ___应当接受定密培训,经考核具备上岗能力。
【填空题】
37. 定密责任人在职责范围内承担有关国家秘密___、___和___工作。
【填空题】
38. 单位应当每年组织对本单位产生的国家秘密事项进行审核,做好国家秘密___和___工作。
【填空题】
39. 涉密岗位和人员的涉密等级分为___、___和___三个等级。
【填空题】
40. 进入涉密岗位的人员应当通过___和___,签订___,并定期组织复审。
【填空题】
41. 一级保密资格单位应当对在岗涉密人员进行保密教育培训,每人每年度不少于___学时。
【填空题】
42. 二级保密资格单位应当对在岗涉密人员进行保密教育培训,每人每年度不少于___学时。
【填空题】
43. 三级保密资格单位应当对在岗涉密人员进行保密教育培训,每人每年度不少于___学时。
【填空题】
44. 涉密人员严重违反保密制度的,应当及时___涉密岗位。
【填空题】
45. 单位应当根据涉密人员___,给予相应的___。
【填空题】
46. 单位应当及时将___在公安机关出入境管理机构备案。
【填空题】
47. 挂职返聘借调、学习实习人员从事涉密工作以及临时参与___的,由用人单位按照___进行管理。
【填空题】
48. 涉密人员离岗离职,应当与单位签订___,并按照有关规定对其实行___管理。
【填空题】
49. 国家秘密载体应当相对集中管理,建立台账,做到账物相符,追溯期限不少于___年。
【填空题】
50. 国家秘密载体应当按照有关规定做出国家秘密标志,标明___和___。
【填空题】
51. 制作、收发、___、使用、___、保存、维修和___国家秘密载体,应当符合有关规定。
【填空题】
52. 国家秘密载体的管理和使用,禁止非法获取、___国家秘密载体。
【填空题】
53. 国家秘密载体的管理和使用,禁止非法___、___、___国家秘密。
【填空题】
54. 国家秘密载体的管理和使用,禁止通过___、___等无保密措施的渠道传递国秘密载体。