【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
推荐试题
【单选题】
凡机车停在接触网下,在未接到___的停电命令和挂好接地线前,严禁登上车顶。
A. 列车调度员
B. 供电调度员
C. 车站值班员.
【单选题】
电流通过人体的途径中___是最危险的电流路径。
A. 从左手到前胸
B. 从右手到脚
C. 从右手到左手.
【单选题】
1211灭火器灭火率比二氧化碳灭火器高___倍。
【单选题】
登上车顶作业,必须采取安全措施和配戴___。
【单选题】
禁止带电接触高压导线和各种有电设备的___。
【单选题】
柴油机发生抱缸或差示压力计作用时,在未判明原因前,不应立即进入___,不可马上进行检查,以防灼伤或其他危险。
【单选题】
在___作业时,必须执行呼唤应答制度,禁止身体各部位跨、靠制动系统和其他部件。
【判断题】
隔离开关操作前,操作人必须按规定穿戴好绝缘靴和绝缘帽,确认开关及其操作机构正常,接地线良好,方准按程序操作。
【判断题】
遇雷雨天气时,禁止操作隔离开关。严禁带负荷操作隔离开关。
【判断题】
电气化铁路区段,当列车在运行途中发生故障,机车司机需上车顶作业时,严格按照相关规定办理停电手续并做好安全防护措施后,方能作业。.
【判断题】
绝缘靴、绝缘手套等安全用品,应每年进行一次绝缘耐压试验,并存放在阴凉干燥、防尘处所。
【判断题】
绝缘靴和绝缘手套使用前用干布擦试,并进行外观检查,发现有漏气、裂损等现象禁止使用。.
【判断题】
为保证电气化铁路沿线有关人员人身安全,防止触电伤亡事故,特制订《电气化铁路安全规则》。
【判断题】
隔离开关开闭作业时,必须执行一人操作两人监护制度。
【判断题】
机车、动车及各种车辆上方的接触网设备未停电并办理安全防护措施前,禁止任何人员攀登到车顶或车辆装载的货物上。
【判断题】
距牵引供电设备带电部分不足2m的燃着物体,使用水或灭火器灭火时,牵引供电设备必须停电。
【判断题】
除牵引供电专业人员按规定作业外,任何人员及所携带的物件、作业工器具等须与回流线、架空地线、保护线保持2m以上距离,距离不足时,牵引供电设备须停电。
【判断题】
国家铁路工作人员必须严格遵守和执行《铁路技术管理规程》的规定,在自己的职责范围内,以对国家和人民负责的态度,保证安全生产。.
【判断题】
不准在高处随意投递材料、工具;不准在列车、车列、机车、车辆上向车外抛掷杂物。
【判断题】
严格遵守劳动纪律和作业纪律,认真执行保休制度,班前充分休息,严禁班前、班中饮酒。
【判断题】
遇有动车、直达、特快旅客列车通过时,严禁对相邻线路的列车进行现场技术作业。.
【判断题】
作业前穿戴好相应的个人防护用品,着装要“三紧”:领口紧,袖口紧,下摆紧。
【判断题】
各种电动机具要安装触电保护器,除定期检查绝缘电阻外,每次使用前无须再检查。
【判断题】
机车受电弓升起时,禁止进入高压室,变压器室。
【判断题】
禁止使用明火照明检查机车,动力室、高压室内严禁烟火。
【判断题】
进入动力室检查巡视时,必须呼唤后经司机同意后方可进入。
【填空题】
1.发现牵引供电设备断线及其部件损坏,不得与之接触,应立即通知附近车站,在牵引供电设备___到达未采取措施以前,任何人员应距已断线索10m以外。.
【填空题】
2.除牵引供电专业人员按规定作业外,任何人员及所携带的物件、作业工器具等须与回流线、架空地线、___保持1m以上距离。
【填空题】
3.除牵引供电专业人员按规定作业外,任何人员及所携带的物件、作业工器具等须与___高压带电部分保持2m以上的距离。
【填空题】
4.电气化区段上水、保洁、施工等作业,不得将___向供电线路方向喷射,站车保洁不得采用向车体上部喷水方式洗刷车体。
【填空题】
5.在电气化区段运行的机车、动车、车辆及自轮运转设备可以攀登到车顶或作业平台的梯子、天窗等处所,均应有“___”的警告标志。
【填空题】
6.通过道口车辆上部或其货物装载高度___超过___通过平交道口时,车辆上部及装载货物上严禁坐人。.
【填空题】
7.牵引供电设备故障时,与牵引供电设备相连接的支柱、___、综合接地线等可能出现高电压,未采取安全措施前,禁止与其接触,并保持安全距离。
【填空题】
8.隔离开关操作前,操作人必须按规定穿戴好___和绝缘手套,确认开关及其操作机构正常,接地线良好,方准按程序操作。
【填空题】
9.站内和行人较多的地段,牵引供电设备支柱在距轨面2.5m高处均要设白底黑字“高压危险”并有___符号的警示标志。
【填空题】
10.牵引供电设备支柱及各部接地线损坏,___与钢轨或扼流变连接脱落时,禁止非专业人员与之接触。
【填空题】
11.机车___时,不得在外部站立或从事修理工作。
【填空题】
12.禁止在机车、车辆走行中进入钩档内作业。禁止___地沟。.
