【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
推荐试题
【判断题】
心脏除颤是用低能量的脉冲电流通过心脏来消除心律失常,使之恢复窦性心律的方法。
【判断题】
引起电击生理效应的直接作用不是电压的高低,而是电流的大小。
【判断题】
心电图机的灵敏度是指输入 1mV 电压时,描笔偏转的幅度,通常用 mV/mm 表示。
【判断题】
脑电图不是正弦波,但可以作为一种正弦波为主波的波形来分析。
【判断题】
勾边电路的作用是突出图像的轮廓,通常采用微分相减积分相加的方法。
【判断题】
超声诊断仪根据不同的受检对象需选择不同频率的探头,探头的频率是由晶体的材料质量决定的。
【判断题】
采用可变孔径电路接收回波时近场用小孔径,中、远场用较大孔径可保证近场分辨不会降低而又照顾到中、远场的指标。
【判断题】
B 超仪的图像质量性能指标主要取决于纵向分辨力。
【判断题】
CT、核磁共振、B 超,它们得到的影像都是断面图像。
【判断题】
“高频”X 线机是指它的高压发生器部分工作频率高。
【判断题】
根据医学仪器的工作方式分类,心电图机属于实时、间断工作方式。
【判断题】
仪器的精密度越高,说明它的测量值与实际值之间的偏差越小。
【判断题】
医学仪器的故障诊断时除了要考虑仪器本身外,还涉及到仪器的操作者和仪器所处的环境。
【判断题】
普通差分放大电路不能满足生物电前置放大器要求的主要原因是共模抑制比不够高。
【判断题】
电磁耦合是一种无接触耦合,适于进行传递低频、直流信号的隔离。
【判断题】
心电记录纸上水平方向上一小格代表 0.04 秒的时间,而竖直方向上一小格代表 0.1mV 的电压。
【判断题】
病人的呼吸温度是影响测量呼吸末二氧化碳的因素之一,因此在测量装置中设有温度传感器和加热器,保证待测气体的温度恒定。
【判断题】
多参数监护仪对于无创血压的测量大多采用柯氏音法。
【判断题】
血氧饱和度测量探头中的发光元件,能交替发射波长为 660nm 的红光和 940nm 的近红外光。其中红光对 HbO2 的吸收系数较大。
【判断题】
对于同相并联前置放大电路,第一级放大电路的共模抑制能力取决于其两个运放器件本身的共模抑制比的差异,差异越小,第一级放大电路的共模抑制比就越高。
【判断题】
如果有电流直接通过心脏,将引起心室纤颤,这种电击称为宏电击。
【判断题】
脑电图机中的平均导联只使用头皮上的两个作用电极而不使用参考电极,记录的波形是两个电极部位脑部变化的电位差值。
【判断题】
实现电气隔离通常有两种方案:电磁耦合和光电耦合。其中电磁耦合法可以直接传递低频、直流信号。
【判断题】
多参数病人监护仪中的呼吸测量大多利用人体在呼吸过程中的胸廓运动会造成人体电阻的变化,即阻抗法来进行。
【判断题】
心电图机的输入电路有高压保护部分,其作用是防止高频噪声干扰。
【判断题】
医疗器械不良事件,是指已上市的医疗器械,在正常使用情况下发生的,导致或者可能导致人体伤害的各种有害事件。
【判断题】
群体医疗器械不良事件,是指同一医疗器械在使用过程中,在相对集中的时间、区域内发生,对一定数量人群的身体健康或者生命安全造成损害或者威胁的事件。
【判断题】
医疗器械再评价,是指对未上市销售的医疗器械的安全性、有效性进行重新评价,并采取相应措施的过程。
【判断题】
国家药品监督管理局指定的监测机构负责对收集到的医疗器械不良事件信息进行统一管理,并向相关监测机构、持有人、经营企业或使用单位反馈医疗器械不良事件监测相关信息。
【判断题】
医疗器械召回是指医疗器械生产企业按照规定的程序对其已上市销售的某一类别、型号或者批次的存在缺陷的医疗器械产品,采取警示、检查、修理、重新标签、修改并完善说明书、软件更新、替换、收回、销毁等方式进行处理的行为。
【判断题】
报告医疗器械不良事件应当遵循确认即报的原则,即确定某事件为医疗器械不良事件时,按照医疗器械不良事件进行报告。
【判断题】
导致或者可能导致严重伤害或者死亡的可疑医疗器械不良事件可以不报告。
【判断题】
医疗器械生产企业在实施召回的过程中,应当根据召回计划定期向所在地省、自治区、直辖市食品药品监督管理部门提交召回计划实施情况报告。
【判断题】
医疗器械使用单位应当对医疗器械采购实行统一管理,由其指定的部门或者人员统一采购医疗器械,其他部门或者人员不得自行采购。
【判断题】
企业质量负责人负责医疗器械质量管理工作,应当独立履行职责,在企业内部对医疗器械质量管理具有裁决权,承担相应的质量管理责任。
【判断题】
根据法规要求,经营第二类医疗器械实行许可管理。
【判断题】
从事第三类医疗器械经营的,经营企业应当向所在地省级药品监督管理部门提出申请。
【判断题】
企业应当按照国家有关规定,对温湿度监测设备等计量器具定期进行校准或者检定,并保存校准或者检定记录。
【判断题】
《医疗器械经营许可证》事项的变更分为许可事项变更和登记事项变更。许可事项变更包括法定负责人、经营方式、经营范围、库房地址的变更。
【判断题】
从事医疗器械零售业务的企业,应当给消费者开具销售凭据。
