【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
推荐试题
【单选题】
根据区管中心业务通告,管制员在发布管制指令和检查机组复诵时,对于部分容易混淆的数字英文发音要引起足够的重视,以下哪些数字是需要着重区分___
A. 2,3,6
B. 2,3,7
C. 2,3,8
D. 2,3,9
【单选题】
凡PLC负责电话移交的动态,完成移交后在标牌OPDATA栏输入字母“ ”___
【单选题】
以上通话,管制员接下来合理的指令是___
A. negative
B. negative,climb and maintain 10100 metres
C. affirmative,CSN3101,climb and maintain 10100 metres.
D. negative, CSN3101,climb and maintain 10100 metres.
【单选题】
对于正在接受空中交通管制服务的航空器,空中交通管制员一旦收到该航空器已收到机载防撞系统告警并已开始采取防止碰撞的机动飞行的通知,则管制员___。
A. :A.立即利用雷达观察空中活动,给飞机提供防止相撞的指令
B. :B.不对航空器和其它航空器或障碍物之间的间隔负责,但应提供空中活动通报
C. :C.根据具体情况让飞机改变高度或航向
D. :D.A、A.B和C
【单选题】
区域管制中心内部各扇区之间管制移交水平间隔不得小于 千米。___
【单选题】
管制员在对空指挥过程中,应当主动地控制一句管制指令中所包含的管制指令的内容。一般情况下,管制员发布的一句管制指令中,包含的管制内容不应当超过___项
【单选题】
当观察到两个或多个雷达位置指示符相近,或观察到在同时作相似的移动以及遇到其它引起对目标怀疑的情况时,管制员应当___。
A. :A.根据进程单和现有雷达信息仍可以提供雷达管制服务
B. :B.向移交方了解是否是航空器的原因
C. :C.应当采用两种以上识别方法进行识别直至确认为止
D. :D.首先报告领班主任
【单选题】
TCAS告警过程中,管制员应当___。
A. :A.管制员应重视驾驶员通报的TA(TRAFFIC ALERT) 情况和提出的请求,保持相关的航空器之间的间隔
B. :B.当管制员得知航空器正在按RA(RESOLUTION ADVISORY)进行机动飞行时,不得向航空器发布与RA相抵触的指令
C. :C.只要情况许可,管制员应当向受机动飞行影响的航空器提供相对活动信息
D. :D.A、A、B和C
【单选题】
当雷达显示器上出现7600编码时,在确认该航空器的无线电接收机还具有接收能力后,雷达管制员___。
A. :A.应当指挥航空器就近着陆
B. :B.应当停止提供雷达管制服务
C. :C.可以继续提供雷达管制服务
D. :D.以上都可以
【单选题】
关于区管中心冲突解脱指引:优先调配的因素和原则应包含以下中的①飞行员 ②航空器 ③相对位置 ④飞行状态 ⑤避让方向 ⑥航空器目的地 ⑦水平和高度相结合___
A. 1234567
B. 123456
C. 123457
D. 12345
【单选题】
关于区管中心冲突解脱指引:在避让方向上,应考虑的因素___①限制区②危险区③禁区④陆地和海洋 ⑤军航活动区⑥危险天气⑦高空风
A. A.①②③④⑤⑥⑦
B. B.①②③⑤⑥⑦
C. C.①②③④⑤⑥
D. D.①②③④⑤⑦
【单选题】
关于区管中心冲突解脱指引:当出现发出的指令被干扰、飞行员复述错误等情况时,管制员应___
A. A.听天由命
B. B.排查波道干扰因素
C. C.重新综合预估判断,并视情况修改调配方案
D. D.盲目发送同一指令
【单选题】
关于区管中心冲突解脱指引:解决飞行冲突最快捷有效的方法是改变航空器的 ___
A. A.航向和高度
B. B.高度和速度
C. C.航向和速度
D. D.航向
【单选题】
关于区管中心冲突解脱指引:对于两冲突航空器,通过改变高度可以尽快达到安全的垂直间隔,同时还要注意防止出现高度反复穿越。以下方法正确的是___ ①如果两冲突航空器已经保持相同高度,应尽快让其中一架航空器快速上升,另一架则快速下降(即加速穿越)。②两冲突航空器之间垂直间隔已小于规定间隔,接近于穿越状态,应指挥两机沿之前的接近方向加速穿越并尽快形成安全垂直间隔(即加速穿越)。③两冲突航空器之间垂直间隔足够大,则应指挥高高度航空器尽快上升,低高度航空器尽快下降,形成安全垂直间隔(即终止穿越)。
A. A.①②③
B. B.①③
C. C.①②
D. D.②③
【单选题】
关于区管中心冲突解脱指引:当航迹夹角为α,且0°<α≤135°,两冲突航空器均未过交叉点时应采取___
A. A.指挥两冲突航空器均向外侧作适当角度的改航。
B. B.指挥两冲突航空器均向内侧作适当角度的改航。
C. C.基于判断,采取航向避让时,两航空器均不会冲过交叉点,指挥两冲突航空器均向外侧作至少90°的改航。
D. D.基于判断,采取航向避让时,两航空器均不会冲过交叉点,指挥两冲突航空器均向内侧作至少90°的改航。
【单选题】
关于区管中心冲突解脱指引:以下停止下降(上升)例句,正确的是___
A. A.南方3501,有冲突!立即停止下降(上升)。
B. B.南方3501,有冲突!立即停止下降(上升),立即停止下降(上升)。
C. C.南方3501,立即停止下降(上升)。有冲突!
D. D.南方3501,立即停止下降(上升),立即停止下降(上升)。有冲突!
【单选题】
在A461航路上执行PBN航路运行的航空器,当地面雷达失效后说法正确的是___
A. 继续按照PBN程序飞行,为其提供程序管制服务
B. 终止PBN导航,按照传统的导航程序,提供程序管制服务
C. 通知航空器雷达失效,建议其就近机场备降
D. 继续按照PBN程序飞行,使用雷达间隔提供管制服务
【单选题】
当空中航空器报告应答机完全故障时,管制员应当___?
A. 如果有一次雷达航迹显示,经重新识别后,可继续提供雷达管制服务
B. 如果没有任何雷达航迹显示,应为该航空器提供程序管制服务,与其他航空器之间配备程序间隔
C. 对于RVSM空域内运行的航空器,如果证实该航空器仍然具备满足RVSM运行能力,可以允许其继续在RVSM空域内运行
D. A、A.B、B.C均正确
【单选题】
射期间,原则上航空器在炮射区边界 千米以外通过___
【单选题】
用于洋区和偏远地区航路的导航规范是___
A. RNP 10和RNP 4
B. RNP 4和RNAV 5
C. RNP 10和RNAV5
D. RNP 4和RNAV2
【单选题】
RNAV 2 导航规范主要用于___
A. 洋区或偏远地区航路
B. 陆上航路阶段
C. 初始进近阶段
D. 中间进近阶段
【单选题】
在TCAS发生RA事件后,在下列情况下,管制员恢复向所有受影响的航空器提供间隔的责任:___
A. 管制员雷达上看到飞机已经解除冲突后
B. 管制员未确认飞行员己恢复原来的空中交通管制许可
C. 管制员确认飞行员正在恢复当前空中交通管制许可后,发出更改的许可,并被驾驶员确认
D. 管制员认为没有影响时
【单选题】
TCAS发生TA告警的预留时间是___
A. 20-35秒
B. 35-45秒
C. 20-30秒
D. 35-40秒
【单选题】
TCAS II提供___
A. TA告警
B. 垂直方向RA告警
C. TA和垂直方向RA告警
D. 提供TA告警和垂直、水平两个方向的RA告警
【单选题】
TCAS发生RA告警的预留时间是___
A. 20-35秒
B. 25-35秒
C. 35-45秒
D. 20-30秒
【单选题】
ACAS/TCAS使用的防相撞的基础理论:利用Dr John S Morrell导出的距离/距离变化率的概念,此概念基于到达两架航空器最接近点所需的________。___
【单选题】
在遵守公司经批准的运行程序的情况下,当航空器到达指定高度的 ______范围之内时,飞行员应限制垂直速度不大于每分钟______,这将有利于减少不必要的RA发生的可能性。___
A. 1500英尺,1000英尺
B. 2000英尺,1500英尺
C. 1500英尺,500英尺
D. 1000英尺,500英尺
【单选题】
A461航路实施PBN运行规范为___
A. RNAV 5
B. RNP 4
C. RNAV 2
D. RNAV 1
【单选题】
下列PBN的说法中,正确的是___
A. PBN是指基于性能的导航
B. PBN是指基于飞行员的导航
C. PBN是指区域导航
D. PBN是指所需性能导航
【单选题】
R343航路实施PBN运行规范为___
A. RNAV 5
B. RNP 4
C. RNAV 2
D. RNAV 1
【单选题】
B213航路实施PBN运行规范为___
A. RNAV 5
B. RNP 4
C. RNAV 2
D. RNAV 1
【单选题】
PBN运行的三个基础要素是___
A. 导航规范、机载设备、机组程序
B. 导航规范、导航应用、导航设施
C. 导航设施的位置、频率、呼号
D. 空域概念、程序设计、程序验证
【单选题】
按照区管应急程序,如果航空器被劫持情况属实,考虑到该航空器可能采取的机动飞行措施,应迅速指挥其它航空器避让。避让的原则为:以被劫持航空器为基准点,在其飞行方向前方___公里、后方___公里、左右各___公里建立净空空域。___
A. 50、 10、0 20
B. 100、 50、 20
C. 100、 100、 40
D. 50、 100、 40
【单选题】
按照区管应急程序,意识到遭受炸弹威胁航空器在飞行过程中可能会紧急上升或下降高度,立即指挥其他航空器避让遭受炸弹威胁的航空器。避让的原则为:以被劫持航空器为基准点,在其飞行方向前方 ()公里、后方 () 公里、左右各 () 公里建立净空空域:___
A. 80.60.30
B. 80.40.20
C. 100.50.20
D. 160.80.30
【单选题】
“欧洲猫-X”系统,在系统功能上,协调席PLC与管制席EC的差别在于___
A. 协调席PLC没有电子接收(ACC)的功能
B. 协调席PLC不能创建RAD TAG
C. 协调席PLC没有人工关联(MCOU)功能
D. 协调席PLC 与管制席EC在功能上没有差别
【单选题】
飞行进程单控制盒当处于T1时段打印后,进入什么状态?___
A. 仍是T1
B. DIRECT状态
C. 关闭状态
D. 实时状态
【单选题】
“欧洲猫-X”系统,当FDP降级时,___
A. 每个席位的雷达屏幕上航空器的关联不再一致
B. 区管扇区内的航空器关联保持一致,但与进近不一致
C. 同一科室的关联保持一致,科室间不一致
D. 同一分组内的各个扇区的关联保持一致
【单选题】
飞行进程单控制盒实时打印的进程单是___
A. 对应EC位置处于preactive状态下的航班
B. 对应PLC位置处于preactive状态下的航班
C. 对应EC位置处于announced状态下的航班
D. 对应PLC位置处于announced状态下的航班
【单选题】
“欧洲猫-X”系统,在飞行计划窗口 ( FPW-- flight plan window )的右下角显示的“NOT CURRENT”是什么意思?___
A. 系统提示管制员该航班FDR收到电报
B. 系统提示管制员该航班FDR的数据已改变,现在窗口显示的数据已经不是最新的
C. 系统提示管制员该航班FDR的状态已改变,现在窗口显示的状态已经不是最新的
D. 系统提示管制员对FDR人工输入的时间错误
【单选题】
“欧洲猫-X”系统,目前雷达航迹的更新周期是多少秒___