【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
推荐试题
【判断题】
按照《中国银监会办公厅关于加强银行业基层营业机构管理的通知》规定,商业银行应严格执行前台经办人员与后台授权人员岗位分离制度,加强柜员号和密码管理,除人手不够或当班柜员临时请假外,严禁交叉使用
【判断题】
A银行营业机构由于人员轮休导致人手不足,根据《中国银监会办公厅关于加强银行业基层营业机构管理的通知》的规定,该支行行长要求后台授权人员同时办理前台的工作,缓解柜面压力,满足客户需求
【判断题】
A银行信贷客户经理由于家庭经济压力较大,利用工作“八小时”外的时间在该银行授信客户大地公司从事财务工作。该情况经同事反映给该支行行长,该行长认为此员工是为了缓解家庭经济压力且是利用工作外的时间,因此根据《中国银监会办公厅关于加强银行业基层营业机构管理的通知》的规定,没有将该情况作为排查情况上报
【判断题】
《商业银行信息披露办法》适用于在中华人民共和国境内依法设立的商业银行,包括中资商业银行、外资独资银行、中外合资银行、外国银行分行。适用于农村合作银行、农村信用社、村镇银行、贷款公司、城市信用社,本办法或银监会另有规定的除外
【判断题】
按照《商业银行信息披露办法》规定,商业银行应在会计报表附注中说明会计报表中重要项目的明细资料,其中表外项目应披露其年初余额、年末余额及其他具体情况
【判断题】
按照《商业银行信息披露办法》规定,商业银行应披露会计师事务所出具的审计报告。商业银行在会计师事务所出具审计报告前,应与会计师事务所、银行业监督管理机构进行双边会谈
【判断题】
按照《商业银行信息披露办法》规定,财务情况说明书应当对本行经营的基本情况、利润实现和分配情况以及对本行财务状况、经营成果有重大影响的其他事项进行说明
【判断题】
按照《商业银行信息披露办法》规定,外国银行分行的信息由主报告行汇总后披露;外国银行分行应将其总行所披露信息摘要译成中文后披露
【判断题】
《商业银行信息披露办法》没有规定的,但若遗漏或误报某个项目或信息会改变或影响信息使用者的评估或判断时,商业银行应将该项目视为关键性项目予以披露
【判断题】
按照《商业银行信息披露办法》规定,商业银行应确保股东及相关利益人能及时获取年度报告,但不应将年度报告置放在商业银行的主要营业场所
【判断题】
按照《商业银行信息披露办法》规定,商业银行的行长应当保证所披露的信息真实、准确、完整,并就其保证承担相应的法律责任
【判断题】
按照《商业银行信息披露办法》规定,资产总额低于10亿元人民币或存款余额低于5亿元人民币的商业银行,按照《商业银行信息披露办法》规定进行信息披露确有困难的,经说明原因并制定未来信息披露计划,报中国银监会批准后,可免于信息披露
【判断题】
某商业银行就其资本构成在季度报表中披露如下:2014年9月30日总资本净额为392亿元,风险加权资产为3232亿元;2013年12月31日总资本净额325亿元,风险加权资产为2703亿元。 从以上数据我们可以看到该商业银行已依照《商业银行信息披露办法》充分披露了资本净额、加权资产合计数据,因此该商业银行就资本构成已符合披露要求。------
【判断题】
因经济下行,某地区的法人型银行不良贷款数额及比例出现大幅充上升,其核心资本充足率为此受到较大影响。该行经研究担心披露下降的核心资本充足率将影响其股价及储户对该银行的信赖。为此决定对外披露资本充足率,但不披露核心资本充足率。这一决定是为了社会稳定,也符合对外年资本充足率的管理要求。------
【判断题】
按照《中国银监会办公厅关于加强银行业客户投诉处理工作的通知》规定,银行业金融机构应及时对客户投诉作出回应并展开调查,按照业务的复杂程度在不同时限要求内妥善解决并最终给予答复,不能按预定时间处理完毕的,需向客户说明原因
【判断题】
按照《中国银监会办公厅关于加强银行业客户投诉处理工作的通知》规定,银行业金融机构应定期向高级管理层报告投诉处理情况,对于重大的投诉问题要及时向银行业监管机构报告
【判断题】
按照《中国银监会办公厅关于加强银行业客户投诉处理工作的通知》规定,银监会和行业协会不能公开银行业金融机构客户投诉的信息
【判断题】
按照《中国银监会关于完善银行业金融机构客户投诉处理机制切实做好金融消费者保护工作的通知》规定,银行业金融机构应当及时受理各项投诉并登记,受理后应当通过短信、电话、电子邮件或信函等方式告知客户受理情况、处理时限和联系方式
【判断题】
按照《中国银监会关于完善银行业金融机构客户投诉处理机制切实做好金融消费者保护工作的通知》规定,对于涉及金融消费者权益保护的热点、难点问题,银监会及其派出机构可以向有关金融机构发出监管建议,并要求其在一定期限内采取预防或纠正措施;发现违法违规行为的,应当依法予以查处
【判断题】
按照《中国银监会关于完善银行业金融机构客户投诉处理机制切实做好金融消费者保护工作的通知》规定,银行业金融机构给金融消费者造成损失的,应按照有关法律规定或合同约定向金融消费者进行赔偿或补偿
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》规定,银行业金融机构应当严格遵守国家关于金融服务收费的各项规定,披露收费项目和标准,不得随意增加收费项目或提高收费标准
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》规定,银行业金融机构应当设立或指定专门部门负责银行业消费者权益保护工作,该部门相关工作经分管行领导审定后上报董事长、行长
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,消费者有权拒绝银行在发放贷款时强制捆绑、搭售理财产品、保险、基金等其他金融产品
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,银行业金融机构应当了解消费者的风险偏好和风险承受能力,提供相应的产品和服务,不得提供消费者风险承受能力不相符合的产品和服务
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,银行业金融机构在制定格式合同和协议文本时,不得出现误导、欺诈消费者的条款
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,银行业金融机构应当定期总结消费者权益保护工作开展情况,必要时可向社会披露相关工作情况
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,银行业金融机构特别要关怀老弱病残孕,以及因出国、意外事件等特殊原因,无法办理须由本人亲自办理的金融服务需求
【判断题】
依据《中国银监会关于印发银行业消费者权益保护工作指引的通知》(银监发〔2013〕38号)规定,银行业金融机构必须树立起以消费者为中心的服务理念,坚持以人为本,坚持服务至上
【判断题】
依据《中国银监会办公厅关于做好特殊消费者群体金融服务工作的通知》(银监办发〔2013〕289号)规定,银行业金融机构应当统一建立为特殊消费者群体提供金融服务的管理制度
【判断题】
依据《中国银监会办公厅关于做好特殊消费者群体金融服务工作的通知》(银监办发〔2013〕289号)规定,银行业金融机构应当建立起以银行业消费者服务满意度为导向的考核评价体系,分解细化工作落实和责任承载主体,增强服务意识,改进服务作风,提升服务能力
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,金融机构有充分证据证明持有人未向金融机构交付凭证所记载的款项的,人民法院应当认定持有人与金融机构间存在存款关系
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,持有人以在样式、印鉴、记载事项上有别于真实凭证,但无充分证据证明系伪造或变造的瑕疵凭证提起诉讼的,持有人应对瑕疵凭证的取得提供合理的陈述
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,以存单为表现形式的借贷,属于合法借贷
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,如以存单为表现形式的借贷行为确已发生,即使金融机构向出资人出具的存单、进账单、对账单或与出资人签订的存款合同存在虚假、瑕疵,或金融机构工作人员超越权限出具上述凭证等情形,亦不影响人民法院按规定对案件进行处理
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,在以存单为表现形式的借贷中,公款私存的,人民法院在查明款项的真实所有人基础上,应通知款项的真实所有人为权利人参加诉讼
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,存单纠纷案件中,金融机构向出资人出具的存单或进账单、对账单或与出资人签订的存款合同,会直接影响金融机构与出资人间委托贷款关系的成立
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,在对存单纠纷案件中存在的委托贷款关系和信托贷款关系的认定上,委托贷款协议和信托贷款协议应当用书面形式
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,构成委托贷款的,金融机构出具的存单或进账单、对账单或与出资人签订的存款合同不作为存款关系的证明,借款方不能偿还贷款的风险应当由金融机构承担
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,委托贷款中约定的利率超过人民银行规定的部分无效
【判断题】
按照《最高人民法院关于审理存单纠纷案件的若干规定》规定,接受虚假存单质押的当事人如以该存单质押为由起诉金融机构,要求兑付存款优先受偿的,人民法院应当判决驳回其诉讼请求,并告知其可另案起诉出质人
