【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
推荐试题
【判断题】
施工现场装有2台以上塔式起重机时,高位起重机最高部件与低位起重机最低部件之间垂直距离不得小于2m
【判断题】
低架物料提升机应当设置安全停靠装置、断绳保护装置、上极限限位器、下极限限位器、吊笼安全门和信号装置等安全保护装置
【判断题】
物料提升机司机应经专门培训,人员要相对稳定,每班开机前,应对卷扬机、钢丝绳、地锚、缆风绳进行检验,并进行空车运行
【判断题】
脚手架纵向水平杆接长宜采用对接扣件连接,也可采用搭接,搭接长度不应小于500mm
【判断题】
纵向水平杆的对接扣件应交错布置:两根相邻纵向水平杆的接头宜设置在同步或同跨内;不同步或不同跨两个相邻接头在水平方向错开的距离不应小于500mm
【判断题】
作业层端部脚手板探头长度应取150mm,其板长两端均应与支承杆可靠地固定
【判断题】
连墙件应均匀布置且宜靠近主节点,偏离主节点的距离不应大于500mm
【判断题】
高度在24m以上的单、双排脚手架,均必须在外侧立面的两端各设置一道剪刀撑,并应由底至顶连续设置,中间每道剪刀撑的净距不应大于15m
【判断题】
双排脚手架横向水平杆的靠墙一端至墙装饰面的距离不宜大于100mm
【判断题】
拆除脚手架时,连墙件必须随脚手架逐层拆除,严禁先将连墙件整层或数层拆除后再拆脚手架
【判断题】
凡在坠落高度基准面2m以上(含2m)有可能坠落的高处进行的作业均称为高处作业
【判断题】
凡是进行高处作业施工的,应使用脚手架、平台、梯子、防护围栏、档脚板、安全带和安全网等
【判断题】
基坑周边、尚未装栏板的阳台、料台与各种平台周边、雨蓬与挑檐边、无外脚手架的屋面和楼层边,以及水箱与水塔周边等处,都必须设置防护栏杆
【判断题】
对邻近的人与物有坠落危险性的竖向孔、洞口,均应予以设盖板或加以防护,并有固定其位置的措施
【判断题】
在施工现场与场地通道附近的各类洞口与深度在2m以上的敞口等处,除设置防护设施与安全标志外,夜间还应设红灯示警
【判断题】
进行混凝土浇筑,当浇筑离地面高度2m以上的框架、过梁、雨蓬和小平台等,需搭设操作平台,操作人员不能站在模板上或支撑杆件上操作
【判断题】
建筑施工中的攀登作业、独立悬空作业如搭设脚手架、吊装混凝土构件、钢构件及设备等,都属于高处作业,操作人员都应佩戴安全带
【判断题】
悬挑式钢平台的搁支点与上部拉结点,宜设置在脚手架等施工设施上
【判断题】
制作钢操作平台时,吊点上需设置四个经过验算的合格的吊环,吊环用Q235钢制作。钢平台两侧,要按规定设置固定的防护栏杆
【判断题】
结构施工自二层起,凡人员进出的通道口宜视情况搭设安全防护棚,高度超过24m的层次必须搭设安全防护棚
【判断题】
安全带应高挂低用,防止摆动和碰撞;安全带上的各种部件不得任意拆掉
【判断题】
暴风雪及台风暴雨后,应对高处作业安全设施逐一加以检查。发现有松动、变形、损坏或脱落等现象,应立即修理完善
【判断题】
防护棚搭设与拆除时,应设警戒区,并应派专人监护,可以上下同时拆除
【判断题】
进行高处作业前,应逐级进行安全技术教育及交底,落实所有安全技术措施和人身防护用品,未经落实时不得进行施工
【判断题】
井架与施工用电梯和脚手架等与建筑物通道的两侧边,必须设防护栏杆
【判断题】
施工现场用电工程的二级漏电保护系统中,漏电保护器可以分设于分配电箱和开关箱中
【判断题】
PE线的重复接地不应少于三处,应分别设置于供配电系统的首端、中间、末端处,每处重复接地电阻值不应大于4Ω
【判断题】
配电箱和开关箱中的隔离开关可采用普通断路器
【判断题】
总配电箱总路设置的漏电保护器必须是3极4线型产品
【判断题】
需要三相四线制配电的电缆线路可以采用四芯电缆外加一根绝缘导线替代
【判断题】
用电设备的开关箱中设置了漏电保护器以后,其外露可导电部分可不需连接PE线
【判断题】
施工现场一般场所开关箱中漏电保护器的额定漏电动作电流应不大于30mA,额定漏电动作时间不应大于0.1 s
【判断题】
施工现场电缆敷设应采用埋地或架空两种方式,严禁沿地面明设,以防机械损伤和介质腐蚀
【判断题】
交流电焊机除应设置一般漏电保护以外,还应配装二次空载降压保护器
【判断题】
手持式电动工具的负荷线应采用耐气候型橡皮护套铜芯软电缆,并且不得有接头
【判断题】
照明装置的安装高度:一般220V灯具室外不低于3m,室内不低于2.4m;碘钨灯及其它金属卤化物灯安装高度宜在2.8m以上
【判断题】
在建工程不得在外电架空线路正下方施工、搭设作业棚、建造生活设施,但可堆放构件、架具、材料及其它杂物等
【判断题】
电焊机的一次、二次接线端应有防护罩,且一次接线端需用绝缘带包裹严密;二次接线端必须使用线卡子压接牢固
【判断题】
电焊机的外壳必须有可靠的接零或接地保护
