【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
推荐试题
【单选题】
当天内第二次出境的旅客,出境时没有最近一次入境申报外币数额记录的,可携带不超过___等值外币现钞出境,不需申领〈〈携带外汇出境许可证〉〉〉海关予以放行。
A. 500美元
B. 1000美元
C. 3000美元
D. 5000美元
【单选题】
___禁止携带进出境
A. 鱼肚
B. 牛黄
C. 犀牛角
D. 羚羊角
【单选题】
个人携带 进境,每人每次 ,海关予以免税验放.___
A. 成套历史小说;5套
B. 单碟音乐光盘;5盘
C. 单行本科技图书;20册
D. 成套历史电影光盘;5套
【单选题】
个人携带 进境,每人每次 ,海关按进口货物办理相关手续。___
A. 成套儿童图书;5套
B. 单碟瑜伽光盘;50盘
C. 单行本童话小说;40册
D. 成套地球纪录片光碟;20套
【单选题】
某旅客携带自用单行本图书35册进境,海关应___
A. 对全部图书予以免税放行
B. 对全部图书予以征税放行
C. 按照进口货物依法办理相关手续
D. 对超出规定数量的部分予以征税放行
【单选题】
某旅客携带自用单行本书籍60册进境,海关应___
A. 对全部书籍予以征税放行
B. 对全部书籍按照进口货物办理手续
C. 对于超出规定数量的部分予以征税放行
D. 对超出规定数量的部分按照进口货物办理手续
【单选题】
外国一记者应某学校邀请短期来华访问,经审核该校无担保资质。记者携运采访器材进境时,应向进境地海关提交___出具的担保函或者缴纳税款等值的保证金。
A. 国家教育行政主管部门
B. 经海关认可的银行或者非银行金融机构
C. 中华全国新闻工作者协会
D. 国家新闻出版行政主管部门
【单选题】
来大陆采访的台湾记者携带采访器材进境时,无须向海关提交___
A. 邀请函
B. 担保函
C. 采访器材清单
D. 器材通关批准书
【单选题】
旅客携带进境的药用羚羊角超出50克,海关凭___征税放行
A. 进出口许可证
B. 入境货物通关单
C. 自动进口许可证
D. 濒危物种进出口管理办公室批件
【单选题】
旅客携运卫星电视接收设备进境并向海关申报,海关予以___
A. 免税放行
B. 限期退运
C. 征税放行
D. 移交没收
【单选题】
旅客申报携运出境秘密级国家秘密文件,应向海关交验___
A. 保密部门出具的介绍信
B. 国家秘密载体出境许可证
C. 加盖保密部门印章的证明书
D. 出境人员所在保密单位工作证
【单选题】
非法携运国家秘密文件出境的,海关应予处罚,并扣留文件移交查扣地___处理
A. 边防检查部门
B. 地市级以上公安机关
C. 地市级以上档案管理部门
D. 地市级以上政府保密工作部门
【单选题】
个人携运自用无线电发射设备入境,向海关申报时应交验___
A. 机电产品进口证明书
B. 机电产品进口登记表
C. 无线电设备进关审查批件
D. 无线电发射设备型号核准证
【单选题】
___不属于国家规定应当征税的“20种商品”
A. 手机
B. 家具
C. 照相机
D. 游戏机
【单选题】
进境居民旅客携带在境外获取的个人自用进境物品,总值在___人民币以内的,海关予以免税放行。
A. 10000元
B. 8000元
C. 6000元
D. 5000元
【单选题】
旅检现场行邮X光机机检量是指经行邮X光机查验的___
A. 旅客人数
B. 案件数量
C. 开箱次数
D. 行李件数
【单选题】
中国的封建社会前后延续了___。
A. 两千多年
B. 三千多年
C. 四千多年
D. 五千多年
【单选题】
中国封建社会政治的基本特征是高度中央集权的___。
A. 封建君主专制制度
B. 封建宗法等级制度
C. 君主立宪制
D. 宗族家长制
【单选题】
中国封建社会的文化思想体系以___为核心。
A. 道家思想
B. 儒家思想
C. 法家思想
D. 墨家思想
【单选题】
标志世界进入资本主义时代的事件是___。
A. 15世纪地理大发现
B. 14-15世纪欧洲出现资本主义萌芽
C. 1640年英国资产阶级革命
D. 1840年英国发动鸦片战争
【单选题】
中国进入近代社会的标志性事件是___。
A. 15世纪前期郑和下西洋阶
B. 1644年清兵入关,清王朝建立
C. 1840年鸦片战争爆发
D. 19世纪六七十年代中国资本主义产生
【单选题】
认识___是认识中国近代一切社会问题和革命问题的最基本的依据。
A. 中国近代社会的性质
B. 中国近代社会的主要矛盾
C. 中国近代社会的主要任务
D. 近代社会的阶级结构
【单选题】
鸦片战争成为中国近代史的起点,这是因为随着西方列强的入侵,___。
A. 中国逐步成为半殖民地半封建国家
B. 中国社会主要矛盾的变化
C. 中国逐渐开始了反帝反封建的资产阶级民主革命
D. 中国革命属于世界无产阶级革命的组成部分
【单选题】
中国近代第一个不平等条约是___。
A. 《南京条约》
B. 黄埔条约
C. 《望厦条约》
D. 北京条约
【单选题】
鸦片战争后法国强迫清政府签订的不平等条约是___。
A. 《南京条约》
B. 黄埔条约
C. 《望厦条约》
D. 北京条约
【单选题】
鸦片战争后美国强迫清政府签订的不平等条约是___。
A. 《南京条约》
B. 黄埔条约
C. 《望厦条约》
D. 北京条约
【单选题】
近代中国的社会性质是___。
A. 封建社会
B. 半殖民地半封建社会
C. 资本主义社会
D. 旧民主主义社会
【单选题】
鸦片战争后,外国资本主义的入侵对中国经济的影响不包括___。
A. 封建地主土地所有制迅速瓦解
B. 自给自足的自然经济基础遭到破坏
C. 卷入世界资本主义经济体系和世界市场之中
D. 中国出现了资本主义生产关系
【单选题】
近代中国最革命的阶级是___。
A. 地主阶级
B. 工人阶级
C. 农民阶级
D. 资产阶级
【单选题】
中国民主革命的主力军是___。
A. 地主阶级
B. 工人阶级
C. 农民阶级
D. 资产阶级
【单选题】
中国工人阶级最先出现于___中。
A. 19世纪四五十年代外国资本主义在华企业
B. 19世纪60年代洋务派创办的军用企业
C. 19世纪70年代官僚买办资本家企业
D. 19世纪70年代民族资本家企业
【单选题】
中国民族资本主义企业产生于___。
A. 18世纪60年代
B. 19世纪70年代
C. 19世纪80年代
D. 19世纪90年代
【单选题】
在中国近代,在政治上表现出两面性的阶级是___。
A. 地主阶级
B. 工人阶级
C. 农民阶级
D. 资产阶级
【单选题】
近代中国社会最主要的矛盾是___。
A. 帝国主义和中华民族的矛盾
B. 地主阶级和农民阶级的矛盾
C. 封建主义和人民大众的矛盾
D. 工人阶级和资产阶级的矛盾
【单选题】
近代中国人民的斗争,主要是以___为出发点。
A. 捍卫中华文明
B. 挽救中华民族的危亡
C. 把外国侵略者赶出中国
D. 推翻封建统治制度
【单选题】
革命与现代化的关系是___。
A. 革命与现代化水火不相容
B. 革命和现代化互为前提
C. 革命为现代化开辟道路
D. 现代化是革命后的必然结果
【单选题】
在近代中国,侵占中国领土最多的国家是___。
【单选题】
1895年,日本强迫清政府签订___,割去台湾全岛及所有附属岛屿和澎湖列岛。
A. 《南京条约》
B. 《北京条约》
C. 《马关条约》
D. 《辛丑条约》
【单选题】
规定外国军队有权在中国领土上驻兵的条约是___。
A. 《南京条约》
B. 《北京条约》
C. 《马关条约》
D. 《辛丑条约》
