【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
推荐试题
【单选题】
(166) 水是一种化合物,组成水的两种元素是: ___
A. 氮与氧
B. 氢与氧
C. 碳与氢
D. 碳与氧
【单选题】
(168) 人体内的水分,大约占到体重的_______
A. 45%
B. 60%
C. 85%
D. 90%
【单选题】
(169) 空气是一种混合气体,其占最大比例的成分是 ___
A. 氧气
B. 氮气
C. 氢气
D. 二氧化碳
【单选题】
(170) 氧气对人们日常生活中的主要用途是: ___
A. 呼吸与助燃
B. 防暑降温
C. 消毒灭菌
D. 净化水体
【单选题】
(171) 自然界中目前被人类发现的自然元素有 ___
A. 100多种
B. 150多种
C. 180多种
D. 200多种
【单选题】
(173) 地球大气中含量最多的元素是 ___
【单选题】
(174) 下列现象不属于化学变化的是: ___
A. 铁锅生锈
B. 酒精燃烧
C. 冷水结冰
D. 生米煮成熟饭
【单选题】
(175) 下列物质的用途,主要利用其化学性质的是___
A. 活性炭可除去冰箱中的异味
B. 干冰用作人工降雨
C. 氮气用作焊接金属的保护气
D. 汽油可用于擦拭衣物上的油污
【单选题】
(176) 目前人们一般辨别金属和非金属的方法是 ___
A. 是否导电
B. 是否有颜色
C. 是否透明
D. 是否有气味
【单选题】
(177) 黄金在自然界中的主要存在状态是 ___
A. 单质
B. 化合物
C. 混合物
D. 混杂物
【单选题】
(179) 硫酸可分为浓硫酸和稀硫酸两种,浓硫酸是一种无色无味油状液体,具有难挥发性等化学性质,但不具有 ___
A. 吸水性
B. 强氧化性
C. 还原性
D. 腐蚀性
【单选题】
(180) 盐是人们日常生活中最常见的一种化学物品,可用于调味和化工。在日常生活中盐还有许多妙用,但不能够用以 ___
【单选题】
(181) 对于经常有胃酸反应的人,你会建议他吃的药应具有 ___
A. 碱性的
B. 酸性的
C. 中性的
D. 辣性的
【单选题】
(182) 太阳系中的唯一有生命存在的行星是 ___
【单选题】
(183) 用望远镜判别星系与恒星差别的基本依据是其 ___
A. 颜色不同
B. 形状不同
C. 大小不同
D. 密度不同
【单选题】
(185) 根据科学的宇宙观,今天的宇宙是源于 ___
A. 太阳的变化
B. 万有引力
C. 神的推力
D. 一次大爆炸
【单选题】
(186) 地球公转是绕着太阳的运动,其周期长短是 ___
【单选题】
(187) 地球上昼夜更替现象的主要成因是 ___
A. 地球自转
B. 地球公转
C. 月球自转
D. 月球公转
【单选题】
(188) 地球上四季更替现象的主要成因是 ___
A. 地球自转
B. 地球公转
C. 月球自转
D. 月球公转
【单选题】
(189) 以下观察方法不能证明是北半球“夏至日”现象的是 ___
A. 测日出时间
B. 测太阳高度
C. 测白天长度
D. 测正午气温
【单选题】
(191) 月球绕地球公转引起了地球上看到的月相的变化。一个朔望月(从满月到满月)的时间大约是: ___
A. 27天半
B. 28天半
C. 29天半
D. 30天半
【单选题】
(192) 日食现象是指___
A. 太阳突然消失的现象
B. 太阳被地球遮掩的现象
C. 太阳遮掩月球的现象
D. 太阳被月球遮掩的现象
【单选题】
(193) 日食可能发生的日期是___
A. 可以在农历十五到三十之间出现
B. 肯定是在新月时
C. 在农历每个月的初一
D. 可以在任何一天
【单选题】
(194) 关于日食和月食的判断正确的是___
A. 日食、月食的成因只与日、地、月三个天体的几何位置有关
B. 日食和月食都是自然现象,所以它们是不可能准确预报的
C. 当月相是朔的时候就一定会发生日食
D. 如果日食带在我国经过,肯定是东部的居民先看到
【单选题】
(195) 公元前585年5月28日,当两河流域的米底王国与吕底亚王国的士兵们正在交战时,天突然黑了下来,白天顿时变成黑夜。交战的双方惊恐万分,以为“上天”怪罪下来,于是马上停战和好。其实这并不是什么“上天”怪罪,而是一种普通的天文现象。这种天文现象是___
A. 日食现象
B. 月食现象
C. 流星现象
D. 极光现象
【单选题】
(196) 地球由表及里可以分为三个圈层,其中间层叫 ___
【单选题】
(198) 地球的岩石圈可以分为若干板块,板块的相互碰撞可产生 ___
A. 地震
B. 滑坡
C. 大陆架
D. 大陆沟
【单选题】
(199) 地球上有些地区经常发生地震、火山,因为它们位于 ___
A. 板块内部高温地带
B. 板块边缘活动地带
C. 地球赤道多雨地带
D. 大陆之间交叉地带
【单选题】
(200) 如果要探究和表明地球上经常发生地震、火山的分布规律,我们需要采取的最直观方法是 ___
A. 到现场考察
B. 查历史文献
C. 用地图标注
D. 向群众调查
【单选题】
(201) 地球表层覆盖着很多圈层,其中最厚的圈层是 ___
A. 岩石圈
B. 水圈
C. 大气圈
D. 生物圈
【单选题】
(202) 目前受人类影响最强烈的地球圈层部位主要在大气圈底层、岩石圈上层以及 ___
A. 生物圈表层
B. 生物圈中层
C. 水圈底层
D. 水圈全部
【单选题】
(203) 生物圈的范围为___
A. 大气圈、水圈和岩石圈的全部
B. 大气圈和水圈的全部、岩石圈的上部
C. 大气圈的底部、水圈和岩石圈的全部
D. 大气圈的底部、水圈的全部和岩石圈的上部
【单选题】
(204) 地球上最大的生态系统是 ___
A. 森林生态系统
B. 生物圈
C. 海洋生态系统
D. 城市生态系统
【单选题】
(205) 被称为地球之“肺”的是:___
A. 草原
B. 针叶林
C. 沼泽地
D. 热带雨林
【单选题】
(207) 地球的表面积总共达到5.1亿平方千米,其中海陆各占的比例大致是 ___
A. 三分海洋七分陆
B. 七分海洋三分陆
C. 四分海洋六分陆
D. 六分海洋四分陆
【单选题】
(208) 地球的表面积约为5.1亿平方千米,表面起伏不平,凸出来的地方成为陆地和山脉,而大片大片下凹的部分经过亿万年的积累,被液态海水所淹没而变成了海洋,海洋面积占地球表面积的近___。
A. 2%
B. 51%
C. 71%
D. 91%
【单选题】
(209) 关于我国地形特点的叙述,不正确的是___
A. 地形多种多样
B. 山地面积广大
C. 地势平坦,起伏和缓
D. 西高东低 呈阶梯状
【单选题】
(210) 我国山区面积广大,其劣势是___
A. 森林资源不足
B. 耕地资源不足
C. 水能资源不足
D. 动植物资源不足
【单选题】
(212) 我国少数民族主要分布在___
A. 西北和东北
B. 东北和东南
C. 西南和西北
D. 东南和西南
【单选题】
(213) 我国水资源的空间分布特点是___
A. 南丰北缺
B. 东北地区缺水最严重
C. 冬春季节少,夏秋季节多
D. 绝大部分地区水资源丰富
