【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
推荐试题
【多选题】
目前,IMS被认为是下一代网络的核心技术,也是解决移动与固网融合,引入()、()、()三重融合等差异化业务的重要方式___
A. 语音
B. 数据
C. 视频
D. 有线电视
E.
F.
【多选题】
目前GPRS集团客户主要有以下哪2种连接方式()___
A. GRE隧道终结在局端VPN板卡
B. GRE隧道终结在客户端VPN板卡
C. GRE隧道终结在客户端路由器
D. GRE隧道终结在局端路由器
E.
F.
【多选题】
目前ONU设备安装方式有:( )。 ___
A. 桌面安装方式
B. 壁挂安装方式
C. 室外多媒体箱安装方式
D. 室内多媒体箱安装方式
E.
F.
【多选题】
目前PTN技术采用两大技术标准是:( )___
A. PBB
B. PBT
C. MPLS
D. T-MPLS/MPLS-TP
E.
F.
【多选题】
起用了STP的二层交换网络中,交换机的端口可能会经历下面哪些状态( )___
A. Disabled
B. Blocking
C. Listening
D. Learning
E.
F.
【多选题】
缺省路由可以来源于( )___
A. 手工配置
B. 路由器本身就有的
C. 动态路由协议产生的
D. 链路层协议产生的
E.
F.
【多选题】
如果设备温度过高,应该检查____、____,应该如何处理____。___
A. 传输设备的防尘网
B. 风扇电源
C. 清洗防尘网和确保风扇电源的正常运行
D.
E.
F.
【多选题】
如何查询F5负载均衡器序列号.( )___
A. 从设备前面板处获得
B. 通过/config/bigip.license文件,获取设备的序列号
C. 从/config/base.conf文件中获取
D. 从/config/license.dat文件中获取
E.
F.
【多选题】
若一个子网掩码为255.255.255.224,以下那个ip地址可被分配到主机(可用的IP地址)( )___
A. 16.23.16.159
B. 134.178.16.96
C. 192.168.18.56
D. 92.11.178.93
E.
F.
【多选题】
实现服务器负载均衡有多种方法,常见的方法有( )___
A. 基于DNS 轮询的方法
B. 基于应用软件的实现方法
C. 采用专门的负载均衡器作地址转换(NAT)来实现
D. 基于代理方式的负载均衡算法
E.
F.
【多选题】
网络资源可以划分为哪几种类型:( )___
A. 网络结构资源
B. 网络关系资源
C. 网络节点资源
D. 网络性能资源
E.
F.
【多选题】
网页问题处理时需使用httpwatch抓包分析,该软件可以直接查看DNS解析的()信息___
A. A.时间
B. B.其他三个选项都不对
C. C.端口
D. D.连接地址
E.
F.
【多选题】
下列板卡中具备背板VC12总线处理能力的是哪个___
A. P240EOS
B. P240FE
C. ESW-2GE
D. EOP-FE8E1
E.
F.
【多选题】
下列关于 OSPF 的描述正确的是( )___
A. 支持无类域间路由 CIDR
B. 使用链路状态算法
C. 使用触发式更新,若网络拓扑结构发生变化,立即发送更新报文,并使这一变化在自治系统中同步
D. 支持以组播地址发送协议报文
E.
F.
【多选题】
下列关于IP城域网设备重大故障定义说法正确的是:( )___
A. IP城域网SR单节点发生故障退出服务历时60分钟,定义为重大故障
B. IP城域网SR双节点发生故障退出服务历时60分钟,定义为重大故障
C. IP城域网SR与CMNET省网设备链路连接中断30分钟,定义为重大故障
D. IP城域网BRAS设备发生故障退出服务历时60分钟,定义为重大故障
E.
F.
【多选题】
下列哪些ONU设备属性是枚举类型()___
A. 厂家名称
B. 生命周期状态
C. 覆盖范围
D. 入网时间
E.
F.
【多选题】
下列哪些会造成IMS设备无法正常通话( )___
A. 代理地址配置错误
B. 网络中断
C. 电话线断线
D. IMS账号密码错误
E.
F.
【多选题】
下列哪种情况为IP承载网重大故障( )___
A. 由于各种原因,造成IP专用承载网CR、BR单节点发生故障退出服务,且设备故障历时超过60分钟。造成IP专用承载网CR、BR双节点发生故障退出服务,且设备故障历时超过15分钟
B. 由于各种原因,造成IP专用承载网AR单节点发生故障退出服务,且设备故障历时超过60分钟。造成IP专用承载网AR双节点发生故障退出服务,且设备故障历时超过30分钟
C. 由于各种原因,造成IP专用承载网RR双节点发生故障退出服务,且设备故障历时超过30分钟。
D. 由于各种原因,造成IP专用承载网CS/PS/IMS业务系统CE双节点发生故障退出服务,且设备故障历时超过60分钟
E.
F.
【多选题】
下列属于以太网交换机生成树协议的是( )___
A. STP
B. VTP
C. MSTP
D. PVST
E.
F.
【多选题】
下面关于IP城域网中互联网专线重大故障的判断标准说法正确的是( )___
A. 同一故障造成5条以上AAA级互联网专线业务中断超过2小时的
B. 同一故障造成10条以上AA级互联网专线业务中断超过2小时的
C. 单条AAA级互联网专线业务中断超过4小时的
D. 由于线路劣化等原因,造成单条AAA级互联网专线业务性能明显劣化,影响客户使用(如丢包率大于1%或频繁瞬断(1小时内出现5次及以上)超过12个小时的。
E.
F.
【多选题】
下面关于光纤特性说法正确的是?( )___
A. 衰耗具有累积性
B. 色散具有累积性
C. 受激拉曼效应具有累积性
D. 四波混频效应具有累积性
E.
F.
【多选题】
下面关于路由器的功能描述正确的是( )___
A. 能把不同类型的网络互联在一起
B. 将报文分段以便于报文的转发
C. 将报文从一个网络转发到另一个网络
D. 寻址
E.
F.
【多选题】
下面关于指针调整的说法,正确的是( )。___
A. 从2M信号适配成VC12直至合成STM-1整个过程,可能产生TU指针调整
B. 支路板检测到的TU指针调整都是AU指针调整转化过来的
C. 光板上报AU指针调整是因为上游网元发送信号的AU指针发生了改变
D. 在时钟不同步的情况下,VC12业务,点对点组网不会上报AU指针调整
E.
F.
【多选题】
下面有关BGP 协议描述,正确的是( )___
A. BGP 协议属于边界路由协议,这里的边界指路由区域的边界
B. BGP 协议着重于发现和计算路由,同时还负责控制路由的传播和选择最优路由
C. BGP 协议以TCP 作为传输层协议
D. BGP 协议支持CIDR 和路由聚合
E.
F.
【多选题】
一个IS-IS 路由器想和其它区域的路由器形成邻居关系,它可以是( )___
A. Level-1 路由器
B. Level-2 路由器
C. Level-1-2 路由器
D. 类型没有限制
E.
F.
【多选题】
一个IS-IS路由器可以配置多个Area ID,其作用是( )___
A. 支持区域的平滑合并
B. 支持区域的平滑分割
C. 支持区域的平滑转换
D. 支持向其他的路由协议平滑转换
E.
F.
【多选题】
一台能在网上运行的阿卡7750 SR-7必须含有哪些组成部分 ___
A. 机架、电源、交换矩阵和处理模块
B. 路由软件
C. IOM模块, MDA模块及小型可插拔式光接口
D. 高级业务卡
E.
F.
【多选题】
假设网管工作站的SNMP参数与上述配置一致,则下面的说法中不正确的是( )___
A. Network manager可以向路由器查询某些参数如IP地址
B. 路由器可以主动向SNMP manager报告关键事件
C. 属于团体public的用户可以通过SNMP配置路由器的某些参数
D. 属于团体private的用户可以通过SNMP配置路由器的某些参数
E.
F.
【多选题】
以下对路由优先级的说法,正确的是( )___
A. 仅用于 RIP 和 OSPF 之间
B. 用于不同路由协议之间
C. 是路由选择的重要依据
D. 直连路由的优先级缺省为 0
E.
F.
【多选题】
以下关于 OSPF 骨干区域的描述正确的是( )___
A. 骨干区域号的 Area ID 是 0.0.0.0
B. 所有区域必须与骨干区域相连
C. 骨干区域负责在非骨干区域之间发布由 ABR 汇总的路由信息
D. 每个区域边界路由器 ABR 连接的区域中至少有一个是骨干区域
E.
F.
【多选题】
以下关于 OSPF 网络中 DR 的说法正确的是( )___
A. 一个 OSPF 区域中必须有一个 DR
B. DR 必须是经过路由器之间按照协议规定协商产生
C. 只有网络中 priority 最大的路由器才能成为
D. R D.只有 NBMA 或广播网络中才会选择 DR
E.
F.
【多选题】
以下关于 OSPF 协议的说法正确的是( )___
A. 是内部网关路由协议
B. 由于 OSPF 通过收集到的链路状态用最短路径树算法计算路由,从算法本身保证了区域内部不会生成自环路由
C. 支持对协议报文的认证功能,增加了安全性
D. 支持到同一目的地址的多条等值路由
E.
F.
【多选题】
以下关于 OSPF 协议中区域的概念说法不正确的是( )___
A. 如果没有手工配置, AREA 缺省为骨干区域, AREA ID 为 0
B. OSPF 支持多区域划分
C. 每个区域都用一个 32 位的 AREA ID 标识
D. 区域的 AREA ID 必须向相关的国际组织申请,不可自行指定
E.
F.
【多选题】
以下关于 OSPF 中路由器类型的说法不正确的是( )___
A. ABR 可以同时是 ASBR
B. 连接任意两个区域的路由器为 ABR ,可以在两个区域之间传递路由信息
C. 区域内路由器不可以为 ASBR
D. 一台路由器可以属于两个或两个以上的区域,但是最多只能作为一个区域的 ABR
E.
F.
【多选题】
以下关于BGP 协议的描述正确的是( )___
A. BGP 是一种自治系统内的动态路由发现协议,它的基本功能是在自治系统内自动交换无环路的路由信息
B. 通过携带AS 路径信息,可以解决路由循环问题
C. BGP-4 不支持无类别域间路由CIDR
D. 路由更新时,BGP 只发送增量路由,大大减少了BGP 传播路由所占用的带宽,适用于于在Internet上传播大量的路由信息
E.
F.
【多选题】
以下关于IS-IS 协议和OSPF 描述正确的是( )___
A. 无环路
B. 收敛快
C. 都支持大规模的网络应用
D. 都采用TLV 结构,可以非常方便地支持IPv6
E.
F.
【多选题】
以下关于IS-IS 协议邻接关系描述正确的是( )___
A. 通过Hello 报文来建立邻接关系
B. 邻接关系建立后不再发送Hello 报文
C. 只有同一层次路由器才可能成为邻接体
D. 当两端接口IP 地址不在同一网段时,不能建立邻居关系
E.
F.
【多选题】
以下哪些IS之间可能建立Level-2 邻接关系.( )___
A. Level-1 路由器和Level-2 路由器
B. Level-1-2 路由器和Level-1-2 路由器
C. Level-1-2 路由器和Level-2 路由器
D. Level-2 路由器和Level-2 路由器
E.
F.
【多选题】
以下哪些是DNS服务器中常见的资源记录类型( )___
A. A记录
B. ADDR记录
C. NS记录
D. SOA记录
E.
F.
【多选题】
以下哪些属于防火墙的缺点( )___
A. 防外不防内
B. 不能防范全部的威胁,特别是新产生的威胁
C. 在提供深度检测功能以及防火墙处理转发性能上需要平衡
D. 当使用端-端加密时,即有加密隧道穿越防火墙的时候不能处理
E.
F.
