【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
推荐试题
【单选题】
除不可抗力等因素外,省(区、市)连续( ) 次或 1 年内出现( ) 次未及时足额将应付款划拨至省(区、市)结算账户,影响全国联网工作正常运行的,由部联网中心向行业进行通报。 ___
A. 3 5
B. 2 3
C. 3 4
D. 2 4
【单选题】
由于本省收费公路经营管理单位原因造成本省通行费损失的,( )。 ___
A. 由本省过失方事后追缴通行费弥补损失
B. 由本省过失方自行承担损失
C. 有系统直接追缴通行费差额并对过失方追责"
D. 各损失单位自行承担
【单选题】
内部稽核不包括( )。 ___
A. 系统流水稽核
B. 发行稽核
C. 运营管理稽核
D. 收费行为稽核
【单选题】
"37、客户全额补交完成后,系统自动解除追缴黑名单,补费系统前端提示客户“追缴黑名单将在( ) 小时内解除”并向客户提供补费确认单据。 ___
【单选题】
争议交易处理周期自争议交易发布次日起不超过( )个自然日。 ___
【单选题】
无入口信息车辆,如后台系统无法获取计费信息,根据客户提供的入口、通行路径等信息,按全网可达( )收费。 ___
A. 最短路径
B. 实际路径
C. 司机自选路径
D.
【单选题】
"40、ETC 通行交易、其他交易数据应实时逐级上传至部联网中心,最晚不超过 ( )个自然日。其中收费方应实时上传交易数据至省中心,最晚不超过( ) 个自然日;省中心应实时上传交易数据至部联网中心,最晚不超过()个自然日。___
A. 7 5 3
B. 7 5 2
C. 5 4 3
D. 5 4 1
【单选题】
三类交易的定义:( )。 ___
A. 由 ETC 门架系统或收费车道生成的 ETC 车辆交易流水或通行凭证。
B. 通过车辆预约平台预约通行的车辆,由收费方省中心校核无误的交易流水。
C. 经收费方辅以车牌图像识别信息核实的拟合路径信息, 由收费方省中心生成的交易流水
D. 经收费方校核且结果无误的车辆抓拍图片和车牌信息, 由收费方省中心生成的交易流水。
【单选题】
绿通车辆预约成功后,自预约运输起始时间起( )内未驶入高速公路,当次预约自动失效。 ___
A. 6小时
B. 12小时
C. 18小时
D. 24小时
【单选题】
对于查验结果不合格或假冒绿通车辆,查验整体过程的录像记录资料在本地保存期不低于( )年。___
【单选题】
2020年实行的绿通政策属于免费的是( ) ___
【单选题】
ETC通行交易其中收费方应实时上传交易数据至省中心,最晚不超过几个自然日 ___
【单选题】
从什么时候开始对未安装ETC的绿通车不予以免费 ___
A. 2020.1.1
B. 2019.12.1
C. 2020.2.1
D. 2020.3.1
【单选题】
2020.1.1开始对车辆实行车型收费,以下分类错误的是 ___
A. 三轴货车三类
B. 四轴货车四类
C. 五轴货车五类
D. 二轴货车二类
【单选题】
预约平台收到客户退费申请后,由出口查验省份省中心完成退费审核每月第( ) 个自然日前完成上月退费申请审核,审核通过的生成退费申请;审核不通过的,告知客户退费审核不通过。___
【单选题】
收费站进行查验时,原则上应不少于( ) 人完成检查及确认工作。对跨省运输车辆应由当班班长级别(含)以上人员进行复核确认。各收费公路经营管理单位需设立专职人员通过监控设施监督查验过程并进行事后核查。 ___
【单选题】
收费站查验人员应通过事件记录仪、摄像机、照相机等设备做好查验整体过程的影像记录,供投诉取证及事后稽核工作使用,影像记录资料保存期限不应低于( ) 个月。 ___
【单选题】
新版《鲜活农产品品种目录》中将生姜归于以下哪一类? ___
A. 甘蓝类
B. 薯芋类
C. 水芹类
D. 根菜类
【单选题】
以下不属于调整后新版《鲜活农产品品种目录》原则的是? ___
A. 入口吃
B. 易腐败
C. 粗加工
D. 不耐放
【单选题】
新收费运营规程对于收费车辆斩收费业务应收未收、长短款等情况,由( )负责 ___
A. ETC发行方
B. 收费方
C. 入口所
D. 驾驶员
【单选题】
以下哪种车辆驶入ETC车辆车辆判定不通过 ___
A. 有入口信息
B. OBU和ETC卡车牌号码不一致
C. 不在追缴黑名单 内
D. 双片式OBU车辆的ETC卡正常插入
【单选题】
ETC/MTC混合出口车道判断ETC车辆无入口信息且无CPC卡,收费员输入实际车牌、车型和车种发起计费信息和入口信息查询,按()进行处理。 ___
A. ETC车辆
B. 黑名单车辆
C. 非ETC车辆
D. ETC卡损坏车辆
【单选题】
绿通车未预约,车辆通行高速公路将按正常车辆计费扣费,如查验结果合格,客户可凭查验码通过预约平台申请通行费退费,预约平台收到客户退费申请后,由出口查验省份省中心什么 时候完成退费审核: ___
A. 每月第 6 个自然日前完成上月退费申请审核
B. 每月第7个自然日前完成上月退费申请审核
C. 每月第8个自然日前完成上月退费申请审核
D. 每月第9 个自然日前完成上月退费申请审核
【单选题】
调整后的《鲜活农产品品种目录》中生姜属于哪一类: ___
A. 葱蒜类
B. 豆类
C. 瓜类
D. 薯芋类
【单选题】
集装箱运输车辆通行高速公路享受优惠需: ___
A. 预约平台预约
B. 不需要预约
C. APP预约
D. 入口车道预约
【单选题】
无法读写或电量低于多少的复合通行卡不得进行调拨: ___
A. 0.08
B. 0.09
C. 0.1
D. 0.11
【单选题】
收费站多卡超过多少倍的卡必须及时回收,点卡入箱: ___
A. 1.1倍
B. 1.2倍
C. 2倍
D. 3倍
【单选题】
绿通影像记录资料保存期限不应低于() ___
A. 2个月
B. 6个月
C. 12个月
D. 24个月
【单选题】
对于查验结果为不合格或假冒绿通车的车辆,应对不合格或假冒具体情况进行拍照取证,查验整体过程的影像记录资料在本地保存期限宜不低于() ___
【单选题】
持ETC单卡客户,ETC卡仅作支付使用,不作为通行介质使用,入出口均按( )车辆处理。___
A. MTC
B. 非MTC
C. ETC
D. 非ETC
【单选题】
如实际车牌或车型与纸质通行券上的车牌或车型不符,收费员以出口实际( )、车型和车种发起计费请求,根据获取到的计费信息进行收费。 ___
【单选题】
由于发行服务机构原因出现大车小标、车种不符等情况造成通行费损失的,应由( )先行垫付损失通行费,再由发行服务机构自行追缴漏收通行费。 ___
A. 公路管理单位
B. 银行
C. 市级发行服务机构
D. 省级发行服务机构
【单选题】
扣款账户变更实时生效,变更生效后产生的交易从新的扣款账户扣款,扣款账户变更前的交易在( )个自然日内扔可从原扣款账户扣款。扣款账户变更前的争议交易在( )个自然日内仍可在原扣款账户扣款 ___
A. 6,15
B. 3,7
C. 7,15
D. 6,10
【单选题】
无法读写或电量低于( )的CPC卡不得进行调拨或在车道发放 ___
A. 0.03
B. 0.05
C. 0.08
D. 0.1
【单选题】
各省中心应自交易发生之时起( )个自然日内完成单省 其他 交易 、单省 ETC 交易 拆分 ,并上传发票基础数据 至部联网中心。 ___
【单选题】
下面哪个不是收费业务 的评价指标( ) ___
A. 车牌识别率
B. 车牌准确率
C. CPC 卡补充率
D.
E. TC 通行成功率
【单选题】
以下不属于内部稽核是( ) ___
A. 发行稽核
B. 收费行为稽核
C. 运营管理稽核
D. 服务稽核
【单选题】
追缴黑名单管理考核指标,不包括( ) ___
A. 当月追缴率
B. 追缴黑名单车辆处理有理投诉率
C. 追缴黑名单车辆信息录入错误率
D. 追缴黑名单车辆逃费金额追缴率
【单选题】
关于绿色通道政策判别释义错误的是?( ) ___
A. 冷冻是指通过低温使肉品可以较长时间保存,其物理形态是坚硬的.
B. 冷藏是指通过较低的温度来保证肉品短期内的新鲜,其物理形态与鲜肉不一致的,享受“绿色通道”政策
C. 腐烂是指由于微生物的滋生而使
【单选题】
以下不属于CPC 卡调拨管理是( ) ___
A. 跨省调拨
B. 省内调拨
C. 收费站内调拨
D. 跨路段调拨
