【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
推荐试题
【单选题】
信息提供者向征信机构提供个人不良信息,应当( )。但是,依照法律、行政法规规定公开的不良信息除外。
A. 事先告知信息主体本人
B. 事先告知到信息主体本人
C. 事后告知信息主体本人
D. 事先或事后告知到信息主体本人或其直系亲属
【单选题】
向征信机构查询个人信息的,应当取得( )并约定用途。但是,法律规定可以不经同意查询的除外。
A. 信息主体本人的口头同意
B. 信息主体本人的书面同意
C. 信息主体本人或其直系亲属的口头同意
D. 信息主体本人或其直系亲属的书面同意
【单选题】
根据《征信业管理条例》规定,下列说法正确的是( )。
A. 征信机构可以采集法律、法规禁止采集的企业信息
B. 征信机构或者信息提供者,信息使用者采用格式合同条款取得个人信息主体同意的,应当在合同中做出足以引起信息主体注意的提示,不需要按照信息主体的要求作出明确说明
C. 向征信机构查询个人信息的,应当取得信息主体本人的书面同意并约定用途。但是,法律规定可以不经同意查询的除外
D. 信息主体需要查询个人信用报告的,即使不在商业银行办理业务,也可以通过商业银行查询个人信用报告
【单选题】
个人信息主体有权每年( )次免费获取本人的信用报告。
【单选题】
《征信业管理条例》规定,信息主体认为征信机构采集、保存、提供的信息存在错误、遗漏的,有权向征信机构或者信息提供者提出( ),要求更正。
【单选题】
《征信业管理条例》规定,征信机构对( )的保存期限,自不良行为或者事件终止之日起为5年。
A. 征信信息
B. 不良信息
C. 个人不良信息
D. 企业不良信息
【单选题】
按照《征信业管理条例》规定,以下( )是正确的。
A. 信息提供者向征信机构提供个人不良信息,不需告知信息主体本人
B. 征信机构对个人不良信息的保存期限,自不良行为或者事件终止之日起为7年
C. 向征信机构查询个人信息的,应当取得信息主体本人的口头同意并约定用途
D. 征信机构或者信息提供者、信息使用者采用格式合同条款取得个人信息主体同意的,应当在合同中作出足以引起信息主体注意的提示,并按照信息主体的要求作出明确说明
【单选题】
农商银行采集个人信息和企业信贷信息应当经( )同意。
A. 信息主体
B. 机构(部门)负责人
C. 分管领导
D. 法定代表人
【单选题】
农商银行查询个人征信信息的,应当取得( )并约定用途。
A. 信息主体的口头授权同意
B. 信息主体或其直系亲属的口头授权同意
C. 信息主体的书面授权同意
D. 信息主体或其直系亲属的书面授权同意
【单选题】
对征信用户,要按照( )原则赋予权限。
A. “最小授权”
B. “最大授权”
C. “用户自愿”
D. “领导授意”
【单选题】
征信工作人员离职、离岗后,要在( )个工作日内停用相关用户,并于( )个工作日内向当地人民银行备案。
A. 1、2
B. 2、2
C. 2、5
D. 5、10
【单选题】
电子版信用报告的查询、下载、转移均要在( )进行。
A. 本机构内部网络
B. 本机构外部网络
C. 本机构内部网络或外部网络
D. 互联网
【单选题】
征信异议要在规定期限内处理完毕,( )异议申请人。
A. 口头答复
B. 书面答复
C. 当面答复
D. 电话答复
【单选题】
《中国人民银行征信中心关于贷款卡发放核准行政审批取消后征信系统应对措施的通知》中指出,在二代征信系统上线前,中国银行银行征信中心在技术上仍保留贷款卡编码用于征信系统采集企业信用信息,名称改为( )。
A. 贷款卡号
B. 中征码
C. 机构信用代码
D. 统一社会信用代码
【单选题】
中国人民银行征信中心于2016年7月3日对企业征信系统(企业信用信息基础数据库)的展示功能进行了优化,其中优化了中征码配发和查询机制,实现通过机构信用代码系统自动配发中征码,不再由商业银行配发中征码。优化完成后,中征码的配发机制为( )。
A. 企业向中国人民银行分支机构提出申请,由中国人民银行分支机构为其配发中征码
B. 企业的基本户开户行在机构信用代码系统为企业申请机构信用代码时,机构信用代码系统同步生成中征码,并同步至企业征信系统
C. 企业向任一商业银行提出申请,由商业银行为其配发中征码
D. 企业向工商管理部门提出申请,由工商管理部门为其配发中征码
【单选题】
结息方式为( )的产品是不允许延后起息。
A. 定月定日周期结息
B. 贷放日结息
C. 定日结息
D. 期初付息
【单选题】
下列还款方法( )不支持贷款延期。
A. 定期结息,到期还本
B. 等额本息
C. 等比递增
D. 等额递减
【单选题】
在新一代信贷管理系统中仅对客户资料进行移交,用( )功能。
A. 客户资料移交
B. 贷款业务交接
C. 跨机构业务转移
D. 贷款账户转移
【单选题】
( )可以查询客户在全省所有网点的额度信息。
A. 额度树下
B. 授信信息
C. 客户信息
D. 表内用信
【单选题】
( )功能是指可以通过收取手续费的方式,期初不计收客户利息,从约定的起息日开始计收贷款利息。
A. 小微贷
B. 延后起息
C. 约定结息
D. 灵活还款
【单选题】
信e贷当天未放款自动注销,或贷款结清后( )天注销。
【单选题】
合同调整时,主担保方式不能从非信用改为( )。
【单选题】
以下可以作为家庭成员的证件类型是( )。
A. 香港身份证
B. 台湾身份证
C. 澳门身份证
D. 护照
【单选题】
购房按揭贷款合同签订后,受托支付信息中的( )允许修改。
A. 受托人名称
B. 受托人账号
C. 受托支付日期
D. 上述都是
【单选题】
贸易融资表外业务一个合同建立( )个借据。
【单选题】
同一网点内一客户经理向另一客户经理交出客户名下信贷业务的功能为( )。
A. 客户资料移交
B. 贷款业务交接
C. 跨机构业务转移
D. 贷款账户交接
【单选题】
客户管理是客户经理在信贷业务活动中收集到的各类客户信息在( )农商行范围内统一管理,形成统一的客户信息库和客户视图。
【单选题】
待删除家庭成员查询功能是由( )担任,查询并审批客户要删除的家庭成员信息。
A. 风险部经理
B. 基层行行长
C. 公司部经理
D. 总行分管行长
【单选题】
贷审委秘书可通过( )进行查看并督促委员尽快完成投票。
A. 意见汇总
B. 电话询问
C. 流程进度
D. 待处理流程
【单选题】
( )符合统一授信的要求,将客户一定时期内的多种贷款需求通过一次授信满足,方便客户同时避免了客户经理的重复劳动。
A. 借新还旧
B. 单项授信审批
C. 综合授信审批
D. 集中授信审批
【单选题】
( )就是将多个客户的业务放到一个流程中,通过批量的方式完成审查、审批。
A. 借新还旧
B. 单项授信审批
C. 综合授信审批
D. 集中授信审批
【单选题】
主办客户经理对评级结果具有修改权限,调整幅度为( )分。
A. [+1,-1]
B. [+2,-2]
C. [+3,-3]
D. [+4,-4]
【单选题】
客户未申请展期或申请展期未得到批准,其贷款从( )起,转入( )账户。
A. 到期日、部分逾期
B. 到期日、逾期
C. 到期日次日、部分逾期
D. 到期日次日、逾期
【单选题】
从生产和管理角度划分,信贷管理系统属于( )。
A. 生产系统
B. 管理系统
C. 兼具生产和管理性质的系统
D. 数据报送系统
【单选题】
各级业务部门持续系统培训,建立稳定的信贷系统培训师队伍。实行定期、不定期培训。定期培训( )开展一次;不定期培训结合系统升级实际情况实施。
A. 每月
B. 每季度
C. 每半年
D. 每年
【单选题】
( )须严格执行《山东省农村信用社联合社征信工作管理办法》的要求,规范使用征信系统,合规查询客户征信信息。
A. 征信查询
B. 征信查看
C. 征信监管
D. 查询客户
【单选题】
拟开通“信e贷”功能的农商银行,由风险管理委员会对相关策略模型业务参数进行审批,审批通过后填写“信e贷”申请单,报省联社( )并开通。
【单选题】
接入信贷系统的设备必须安装正版防病毒软件,并及时更新,( )至少进行一次全面病毒查杀。
