【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
推荐试题
【单选题】
党的十九大报告指出,确保到___,我国现行标准下农村贫困人口实现脱贫,贫困县全部摘帽,解决区域性整体贫困,做到脱真贫、真脱贫。
A. 2020年
B. 2025年
C. 2030年
D. 2035年
【单选题】
党的十九大报告指出,旗帜鲜明___是我们党作为马克思主义政党的根本要求。
A. 讲学习
B. 讲政治
C. 当先锋
D. 做实事
【单选题】
全党同志一定要团结带领全国各族人民决胜全面建成小康社会,奋力夺取___中国特色社会主义伟大胜利。
A. 新时期
B. 新阶段
C. 新世纪
D. 新时代
【单选题】
党的十八大以来的五年,我们党深入贯彻___的发展思想,一大批惠民举措落地实施,人民获得感显著增强。
A. 以和谐为中心
B. 以稳定为中心
C. 以人民为中心
D. 以改革为中心
【单选题】
坚定不移走中国特色社会主义法治道路,完善以___为核心的中国特色社会主义法律体系。
A. 党的领导
B. 宪法
C. 制度建设
D. 强化立法
【单选题】
中国特色社会主义是改革开放以来党的全部理论和实践的主题,是党和人民历尽千辛万苦、付出巨大代价取得的___。
A. 根本成就
B. 辉煌成就
C. 重大成就
D. 一切成就
【单选题】
发展社会主义___就是要体现人民意志、保障人民权益、激发人民创造活力,用制度体系保障人民当家作主。
A. 民主协商
B. 民主决策
C. 民主政治
D. 政治制度
【单选题】
___是激励全党全国各族人民奋勇前进的强大精神力量。
A. 中国特色社会主义道路
B. 中国特色社会主义理论体系
C. 中国特色社会主义制度
D. 中国特色社会主义文化
【单选题】
经过长期努力,中国特色社会主义进入了新时代,这是我国发展新的___。
A. 历史时期
B. 历史方位
C. 历史阶段
D. 历史特点
【单选题】
十八大以来的五年,我们统筹推进“____”总体布局、协调推进“____”战略布局,“十二五”规划胜利完成,“十三五”规划顺利实施,党和国家事业全面开创新局面___。
A. 五位一体、四个全面
B. 四位一体、五个全面
C. 五个全面、四位一体
D. 四个全面、五位一体
【单选题】
坚持反腐败无禁区、全覆盖、零容忍,坚定不移“打虎”、“拍蝇”、“猎狐”,____的目标初步实现,____的笼子越扎越牢,____的堤坝正在构筑,反腐败斗争压倒性态势已经形成并巩固发展。___
A. 不敢腐 不能腐 不想腐
B. 不能腐 不敢腐 不想腐
C. 不想腐 不敢腐 不能腐
D. 不敢腐 不想腐 不能腐
【单选题】
发展是解决我国一切问题的基础和关键,发展必须是科学发展,必须坚定不移贯彻___的发展理念。
A. 创新、协调、绿色、开放、共享
B. 创造、协调、生态、开放、共享
C. 创新、统筹、绿色、开放、共享
D. 创造、统筹、生态、开放、共享
【单选题】
___是一个国家、一个民族发展中更基本、更深沉、更持久的力量。
A. 道路自信
B. 理论自信
C. 制度自信
D. 文化自信
【单选题】
必须统筹国内国际两个大局,始终不渝走和平发展道路、奉行___的开放战略。
A. 互利共赢
B. 互相合作
C. 包容互信
D. 开放共赢
【单选题】
中共中央政治局2019年6月24日召开会议,审议____和________。中共中央总书记习近平主持会议。___
A. 《中国共产党机构编制工作条例》和《中国共产党农村工作条例》
B. 《中国共产党干部工作条例》和《中国共产党农村工作条例》
C. 《中国共产党干部工作条例》和《中国共产党乡村振兴战略工作条例》
D. 《中国共产党机构编制工作条例》和《中国共产党乡村振兴战略工作条例》
【单选题】
“中国式奇迹”是党的___届三中全会以来坚持不懈推进改革开放的结果。
【单选题】
社会主义社会的基本矛盾仍然是生产关系和生产力之间、___和经济基础之间的矛盾。
A. 经济能力
B. 政治
C. 生产力
D. 上层建筑
【单选题】
党的十一届三中全会以后,以___为主要代表的中国共产党人,团结带领全党全国各族人民,深刻总结我国社会主义建设正反两方面经验。
A. 邓小平
B. 胡锦涛
C. 江泽民
D. 李先念
【单选题】
从社会主义制度基本确立到1978年党的十一届三中全会,这是我国社会建设与社会治理曲折前进发展时期。___
【单选题】
结合当前我国社会主义的主要矛盾,毛泽东认为:___
A. 应该将革命进行到底
B. 采取对抗的方式解决矛盾
C. 党和国家的工作重心需要转到技术革命和社会主义建设上来
【单选题】
我国政治生活中的两类矛盾不对的是:___
A. 敌我矛盾
B. 资本主义与社会主义的矛盾
C. 人民内部矛盾
【单选题】
民内部矛盾需要用民主的方法来解决。___
【单选题】
社会主义民主的特点和优势不包括:___
A. 选举民主选出合格的优秀的领导人
B. 协商民主发挥集中民智、凝聚共识、化解矛盾的作用
C. 参与的民众人数更多
D. 日程社会生活中,都有民主
【单选题】
我国的民主的特点和优势在于能够真正实现人民当家作主。___
【单选题】
民主是指多数人的权益获得保护,这必然建立在牺牲少数人权益的基础之上。___
【单选题】
恩格斯:《论权威》中阐述巴黎公社短命政权的原因是:___
A. 武器落后
B. 缺乏集中和权威
C. 缺乏经济支持
D. 领导能力低下
【单选题】
把生态文明建设纳入中国特色社会注意事业总体布局的是___。
A. 党的十八大
B. 党的十八届三中全会
C. 党的十九大
【单选题】
___是深化行政体制改革的核心,实质上要解决的是政府应该做什么、不应该做什么,重点是政府、市场、社会的关系。
A. 精简机构
B. 转变政府职能
C. 提高行政效率
【单选题】
___是坚持党的领导、人民当家作主、依法治国有机统一的根本制度安排。
A. 人民代表大会制度
B. 中国共产党领导的多党合作和政治协商制度
C. 基层群众自治制度
D. 少数服从多数
【单选题】
在五大新发展理念中,最能体现坚持以人民为中心的发展思想的是___。
A. 创新理念
B. 开放理念
C. 共享理念
D. 绿色理念
【单选题】
___是社会主义民主政治的本质特征。
A. 党的领导
B. 人民当家作主
C. 依法治国
【单选题】
实现“一国两制”的前提是___
A. 港、澳、台享有高度自治权
B. 国家的主体坚持社会主义制度
C. 国家主权统一于中华人民共和国
D. 港、澳、台保持原有的资本主义制度长期不变
【单选题】
1997年7月1日,中国政府对香港恢复行使主权,香港特别行政区成立。香港特别行政区基本法开始实施。香港进入“一国两制”、“港人治港"、高度自治的历史新纪元。香港特别行政区的高度自治权是___
A. 特别行政区的完全自治
B. 中央授权之外的剩余权力
C. 特别行政区本身固有的权力
D. 中央授予的地方事务管理权
【单选题】
实现两岸和平统一的前提是___
A. 实现两岸三通
B. 坚持一个中国的原则
C. 发展两岸经贸关系
D. 促进两岸关系良性互动
【单选题】
解决国际国内问题,实现国家统一的基础是集中力量搞好___
A. 经济建设
B. 军事建设
C. 政治建设
D. 文化建设
【单选题】
从“一国两制”的构想延伸下去,邓小平进一步提出了解决某些国际争端的新思想___
A. 主权第一,共同开发
B. 搁置主权,共同治理
C. 主权第一,和平共处
D. 搁置主权,共同开发
【单选题】
澳门特别行政区的高度自治权的授于者是___
A. 全国人民代表大会
B. 国家主席
C. 《中华人民共和国宪法》
D. 国务院
【单选题】
我国实行“一国两制”不会改变人民民主专政国家的社会主义性质,这是因为___
A. 特别行政区只是中华人民共和国的一个行政区域
B. 特别行政区是在中华人民共和国中央人民政府的统一领导下
C. 特别行政区享有内地一般地方行政区所没有的高度自治权
D. 两种制度地位不同,社会主义制度是主体
