【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
推荐试题
【单选题】
单独巡视人员应经( )批准并公布。 答案:C
A. 公司领导
B. 工区领导
C. 工区
D. 安质部门
【单选题】
电缆隧道、偏僻山区、夜间、事故或恶劣天气等巡视工作,应至少( )人一组进行。 答案:A
【单选题】
正常巡视应( )。 答案:A
A. 穿绝缘鞋
B. 穿纯棉工作服
C. 穿绝缘靴
D. 戴手套
【单选题】
夜间巡线应携带足够的( )。 答案:B
A. 干粮
B. 照明用具
C. 急救药品
D. 防身器材
【单选题】
灾害发生后,若需对配电线路、设备进行巡视,应得到( )批准。 答案:B
A. 设备运维管理单位领导
B. 设备运维管理单位
C. 工作负责人
D. 值班调控人员
【单选题】
巡视中发现高压配电线路、设备接地或高压导线、电缆断落地面、悬挂空中时,室内人员应距离故障点( )m以外。 答案:B
【单选题】
进入SF6配电装置室,应( )。 答案:B
A. 先检测
B. 先通风
C. 使用防护用品
D. 先散热
【单选题】
配电站、开闭所、箱式变电站等的钥匙至少应有( )。 答案:C
【单选题】
具备条件的设备可进行( )操作,即应用可编程计算机进行的自动化操作。 答案:C
【单选题】
经设备运维管理单位考试合格、批准的检修人员,可进行配电线路、设备的监护操作,监护人应是同一单位的( )。 答案:D
A. 检修人员
B. 设备运维人员
C. 工作负责人
D. 检修人员或设备运维人员
【单选题】
检修人员操作的设备和接、发令程序及安全要求应由( )批准,并报相关部门和调度控制中心备案 答案:C
A. 公司
B. 工区
C. 设备运维管理单位
D. 安质部
【单选题】
若有可靠的确认和自动记录手段,可实行( )操作。 答案:A
A. 远方单人
B. 远方
C. 单人
D. 程序
【单选题】
有与现场高压配电线路、设备和实际相符的系统模拟图或( )(包括各种电子接线图)。答案:D
A. 模拟图
B. 电气图
C. 地理图
D. 接线图
【单选题】
配电设备的防误操作闭锁装置不得随意退出运行,停用防误操作闭锁装置应经( )批准。 答案:D
A. 工区领导
B. 工作负责人
C. 公司
D. 工区
【单选题】
短时间退出防误操作闭锁装置,由( )批准,并应按程序尽快投入。 答案:B
A. 工区
B. 配电运维班班长
C. 调度控制中心
D. 防误专责人
【单选题】
设备检修时,回路中所有( )刀闸的操作手柄,应加挂机械锁。 答案:A
A. 来电侧
B. 受电侧
C. 两侧
D. 负荷侧
【单选题】
发布指令的全过程(包括对方复诵指令)和听取指令的报告时,( )应录音并做好记录。答案:B
A. 低压指令
B. 高压指令
C. 所有指令
D. 单项指令
【单选题】
倒闸操作时,对指令有疑问时应向( )询问清楚无误后执行。 答案:B
A. 工作负责人
B. 发令人
C. 工作许可人
D. 现场监护人
【单选题】
高压电气设备倒闸操作一般应由( )填用配电倒闸操作票(见附录J,以下简称操作票)。每份操作票只能用于一个操作任务。 答案:A
A. 操作人员
B. 工作负责人
C. 工作监护人
D. 检修人员
【单选题】
已操作的操作票应注明( )字样。操作票至少应保存1年。 答案:B
A. 已操作
B. 已执行
C. 合格
D. 已终结
【单选题】
操作票至少应保存( )。 答案:B
A. 6个月
B. 1年
C. 2年
D. 1个月
【单选题】
倒闸操作中发生疑问时,( )。待发令人再行许可后,方可继续操作。 答案:A
A. 不得更改操作票,应立即停止操作,并向发令人报告
B. 应立即停止操作,并向发令人报告
C. 不得更改操作票,应立即停止操作
D. 应立即向发令人报告
【单选题】
停电拉闸操作应按照( )的顺序依次进行,送电合闸操作应按与上述相反的顺序进行。禁止带负荷拉合隔离开关(刀闸)。 答案:A
A. 断路器(开关)—负荷侧隔离开关(刀闸)—电源侧隔离开关(刀闸)
B. 负荷侧隔离开关(刀闸)——断路器(开关)——电源侧隔离开关(刀闸)
C. 断路器(开关)—电源侧隔离开关(刀闸)—负荷侧隔离开关(刀闸)
D. 负荷侧隔离开关(刀闸)——电源侧隔离开关(刀闸)——断路器(开关)
【单选题】
用间接方法判断操作后的设备位置时,至少应有两个( )指示发生对应变化,且所有这些确定的指示均已同时发生对应变化,方可确认该设备已操作到位。 答案:C
A. 非同样构造或非同源的
B. 同样原理或同源的
C. 非同样原理或非同源的
D. 非同样原理或非同期的
【单选题】
若遇特殊情况需解锁操作,应经设备运维管理部门防误操作装置专责人或( )指定并经公布的人员到现场核实无误并签字。 答案:C
A. 公司
B. 调控部门
C. 设备运维管理部门
D. 设备检修管理部门
【单选题】
断路器(开关)与隔离开关(刀闸)无机械或电气闭锁装置时,在拉开隔离开关(刀闸)前应( )。 答案:B
A. 确认断路器(开关)操作电源已完全断开
B. 确认断路器(开关)已完全断开
C. 确认断路器(开关)机械指示正常
D. 确认无负荷电流
【单选题】
( )时,禁止就地倒闸操作和更换熔丝。 答案:B
【单选题】
实行远方遥控操作,程序操作的设备、项目,需经( )批准。 答案:C
A. 工作负责人
B. 工作签发人
C. 本单位
D. 监护人
【单选题】
( )断路器(开关)前,宜对现场发出提示信号,提醒现场人员远离操作设备。 答案:A
A. 远方遥控操作
B. 远方程序操作
C. 就地操作
D. 拉开
【单选题】
远方遥控操作继电保护软压板,至少应有( )指示发生对应变化,且所有这些确定的指示均已同时发生对应变化,方可确认该压板已操作到位。 答案:A
【单选题】
装设柱上开关(包括柱上断路器、柱上负荷开关)的配电线路停电,应( )。送电操作顺序与此相反。 答案:A
A. 先断开柱上开关,后拉开隔离开关(刀闸)
B. 先拉开隔离开关(刀闸),后断开柱上开关
C. 先停主线开关,后停支线柱上开关
D. 先停支线柱上开关,后停主线开关
【单选题】
配电变压器停电,应( )。送电操作顺序与此相反 答案:B
A. 先拉开高压侧熔断器,后拉开低压侧开关(刀闸)
B. 先拉开低压侧开关(刀闸),后拉开高压侧熔断器
C. 先拉开低压侧分路开关,后拉开低压侧总开关
D. 先拉开低压侧总开关,后拉开低压侧分路开关
【单选题】
摘挂跌落式熔断器的熔管,应使用( ),并派人监护。 答案:A
A. 绝缘棒
B. 验电器
C. 操作杆
D. 专用工具
【单选题】
砍剪靠近带电线路的树木,( )应在工作开始前,向全体作业人员说明电力线路有电。答案:A
A. 工作负责人
B. 工作许可人
C. 工作票签发人
D. 专业室领导
【单选题】
砍剪靠近带电线路的树木,工作负责人应在工作开始前,向全体作业人员说明电力线路有电;人员、树木、绳索应与导线保持10kV( )m的安全距离。 答案:B
A. 0.7
B. 1.0
C. 1.5
D. 3.0
【单选题】
为防止树木(树枝)倒落在线路上,应使用绝缘绳索将其拉向与线路( )的方向,绳索应有足够的长度和强度,以免拉绳的人员被倒落的树木砸伤。 答案:A
A. 相反
B. 60°
C. 90°
D. 相同
【单选题】
上树时,应使用安全带,安全带不得系在待砍剪树枝的( )附近或以上。不得攀抓脆弱和枯死的树枝;不得攀登已经锯过或砍过的未断树木。 答案:B
【单选题】
使用油锯和电锯的作业,应由( )的人员操作。使用时,应先检查所能锯到的范围内有无铁钉等金属物件,以防金属物体飞出伤人。 答案:D
A. 熟悉工作组人员
B. 熟悉操作方法
C. 熟悉机械性能
D. 熟悉机械性能和操作方法
【单选题】
挖坑前,应与有关地下管道、电缆等设施的( )取得联系,明确地下设施的确切位置,做好防护措施。 答案:A
A. 主管单位
B. 运行单位
C. 维护单位
D. 建设单位
【单选题】
在超过( ) m深的基坑内作业时,向坑外抛掷土石应防止土石回落坑内,并做好防止土层塌方的临边防护措施。 答案:B
