【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
推荐试题
【判断题】
按照《武器装备科研生产单位保密资格评分标准》规定,涉密信息系统未通过国家保密行政管理部门设立或者授权测评机构的系统测评并存储、处理涉密信息的,中止审查或者复查
【判断题】
涉密信息设备或者信息存储设备连接公共信息网络的,中止审查或者复查
【判断题】
处理涉密信息的信息设备连接国际互联网或者其他公共信息网络的,中止审查或者复查
【判断题】
使用连接国际互联网或者其他公共信息网络的信息设备处理涉密信息的,中止审查或者复查
【判断题】
将手机和传真机接入涉密计算机和涉密信息系统,就破坏了物理隔离
【判断题】
涉密会议正在进行,麦克风出现问题,服务人员马上取来一支无线麦克风,使会议继续进行
【判断题】
由上级单位宣传部门通知的涉及军品科研生产事项的新闻媒体采访,可以不履行审批手续
【判断题】
涉密军工单位内部的新闻宣传专栏、刊物登载的新闻宣传材料不需要进行保密审查
【判断题】
张某 2007 年 5 月从一所二级保密资格高校退休,2007 年 8 月他把自己工作期间从事军品研究的成果写成专著准备出版,张某认为他已退休,其专著属于个人成果,不需要再由单位进行保密审查
【判断题】
涉密会议应当在具备安全保密条件的场所召开,重要涉密会议应当在内部场所召开。重要涉密会议主办部门应制定保密方案,落实保密措施,必要时保密工作机构应当派人监督和检查
【判断题】
王某参加涉密会议时,为了便于发言和整理相关资料,他带一台具有无线上网功能的便携式计算机进入会场,会议主办方也没有提出异议
【判断题】
甲公司为某项涉密武器装备外场试验任务牵头单位,另有 3 家公司参加。因此,试验现场的保密管理工作由甲公司负责组织协调
【判断题】
分包涉密项目,必须选择具有保密资格的单位
【判断题】
《武器装备科研生产许可目录》之外的应急或者短期生产机密级、秘密级项目,选择非保密资格单位的,分包单位应当按照有关保密规定和程序对承制方进行保密审查,签订保密协议,提出保密要求,履行保密监管责任
【判断题】
分包涉密项目,没有选择相应保密资格的单位,加重扣分
【判断题】
按照《武器装备科研生产单位保密资格评分标准》规定,选择的协作配套单位不具有相应保密资格的,应当中止审查或者复查
【判断题】
军工单位在对外交流、合作和谈判等外事活动应当制定保密方案,明确保密事项,采取相应的保密措施,执行保密提醒制度
【判断题】
对外交流内容、谈判口径、提供资料和产品应当经过保密审查;涉及国家秘密的,应当按照有关规定履行审批程序
【判断题】
涉密部门和涉密人员应当每月进行保密自查,自查及整改情况报单位保密工作机构
【判断题】
保密委员会年度内应当组织对单位负责人的保密检查
【判断题】
单位发生泄密事件应当按照有关规定及时报告和采取补救措施,并报告查处情况
【判断题】
保密工作责任落实情况应当纳入绩效考核,严格执行保密工作责任追究
【判断题】
专项保密工作经费用于保密防护设施的建设和设备的配备
【判断题】
专项保密工作经费应当列入单位年度财务预算,根据工作需要足额开支
【判断题】
保密管理工作经费用于单位日常保密管理工作
【判断题】
保密工作档案由保密工作机构和业务部门按照职责分工分别建立
【判断题】
保密工作档案保存期限一般不少于 2 年
【判断题】
按照《武器装备科研生产单位保密资格评分标准》的规定,达不到重点项要求的,加重扣分
【判断题】
按照《武器装备科研生产单位保密资格评分标准》的规定,达不到重点项要求的,中止审查或者复查
【判断题】
按照《武器装备科研生产单位保密资格评分标准》的规定,达不到基本项要求的,应当中止审查或者复查
【填空题】
1.《武器装备科研生产单位保密资格标准》包括___、___、___、___、___和___等 6 个方面的内容。
【填空题】
2.《武器装备科研生产单位保密资格标准》的实施要求之一为___谁主管,___谁负责,促进保密工作与业务工作相融合。
【填空题】
3.《武器装备科研生产单位保密资格标准》的实施要求之一为业务工作谁主管,保密工作谁负责,促进保密工作与业务工作相___。
【填空题】
4.《武器装备科研生产单位保密资格标准》的实施,要求规范定密,严格按照___控制国家秘密的知悉范围。
【填空题】
5.法定代表人或者主要责任人应当为单位保密工作提供___、财力、___等条件保障。
【填空题】
6.法定代表人或者主要负责人对本单位保密工作负___责任。
【填空题】
7.分管保密工作负责人对本单位保密工作负___责任。
【填空题】
8.其他负责人对分管业务范围内的保密工作负___责任。
【填空题】
9.涉密部门或者项目负责人对本部门或者本项目的保密工作负___责任。
