【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
推荐试题
【多选题】
监察机关根据监督、调查结果,依法可以做出的处置有:___
A. 批评教育
B. 政务处分
C. 问责
D. 撤销案件
【多选题】
发现的相关问题线索,属于本部门受理范围的,应当送案件监督管理部门备案。___
A. 监督检查部门
B. 信访举报部门
C. 审查调查部门
D. 干部监督部门
【多选题】
承办部门经谈话函询,认为被反映人问题轻微,不需要追究纪律责任的,可以采取哪些方式处理?___
A. 谈话提醒
B. 批评教育
C. 责令检查
D. 诫勉谈话
【多选题】
下列哪些属于党员廉洁自律规范内容是___
A. 坚持公私分明,先公后私,克己奉公。
B. 坚持崇廉拒腐,清白做人,干净做事。
C. 坚持尚俭戒奢,艰苦朴素,勤俭节约。
D. 坚持吃苦在前,享受在后,甘于奉献。
【多选题】
坚持民主集中制,严肃党内政治生活,贯彻党员 原则情况。___
A. 个人服从党的组织
B. 少数服从多数
C. 下级组织服从上级组织
D. 全党各个组织和全体党员服从党的全国代表大会和中央委员会
【多选题】
监察委员会根据《中华人民共和国监察法》和有关法律法规可以履行以下哪些职责?___
A. 对违法的公职人员依法作出政务处分决定。
B. 对履行职责不力、失职失责的领导人员进行问责。
C. 对涉嫌职务犯罪的,将调查结果移送人民检察院依法审查、提起公诉。
D. 向监察对象所在单位提出监察建议。
【多选题】
利用职权或者职务上的影响 ,情节较轻的,给予警告或者严重警告处分。___
A. 侵占非本人经管的公私财物
B. 以象征性地支付钱款等方式侵占公私财物
C. 无偿接受服务、使用劳务
D. 象征性地支付报酬接受服务、使用劳务
【多选题】
的监督,实现国家监察全面覆盖。___
A. 权力
B. 公权力
C. 公务员
D. 公职人员
【多选题】
地方各级监察委员会对本级 和 负责,并接受其监督。___
A. 党委
B. 人民政府
C. 人民代表大会及其常务委员会
D. 上一级监察委员会
【多选题】
党的中央和省、自治区、直辖市委员会实行巡视制度,建立专职巡视机构,对所管理的 、 、 党组织进行巡视监督,实现巡视全覆盖。___
A. 地方
B. 党政机关
C. 部门
D. 企事业单位
【多选题】
被谈话函询的党员干部应当在 上就本年度或者上年度谈话函询问题进行说明,讲清组织予以采信了结的情况。___
A. 支部大会
B. 党委会
C. 民主生活会
D. 组织生活会
【多选题】
以下违纪行为属于违反组织纪律的有___。
A. 借集体决策名义集体违规
B. 不如实填报个人档案资料
C. 搞有组织的拉票贿选
D. 不按照有关规定向组织请示、报告重大事项
【多选题】
习近平同志在十九届中央纪律检查委员会第三次全体会议上的讲话强调,各级党组织要旗帜鲜明坚持和加强党的全面领导,坚持党中央重大决策部署到哪里, 就跟进到哪里,确保党中央令行禁止。以下选项错误的是___
A. 监督管理
B. 执纪问责
C. 监督检查
D. 监督执纪
【多选题】
监察机关调查涉嫌贪污贿赂、失职渎职等严重职务违法或者职务犯罪,根据工作需要,可以依照规定 涉案单位和个人的存款、汇款、债券、股票、基金份额等财产。___
【多选题】
处分。___
A. 严重警告
B. 撤销党内职务
C. 留党察看
D. 开除党籍
【多选题】
预备党员违犯党纪,情节较轻,可以保留预备党员资格的,党组织应当对其 或者 。___
A. 批评教育
B. 诫勉谈话
C. 延长预备期
D. 通报批评
【多选题】
党的十九大报告提出:坚持以上率下,巩固拓展落实中央八项规定精神成果,继续整治“四风”问题,坚决反对特权思想和特权现象。重点强化和带动 、 、廉洁纪律、群众纪律、工作纪律、生活纪律严起来。___
A. 政治建设
B. 组织建设
C. 政治纪律
D. 组织纪律
【多选题】
纪检监察机关应当严格依照党内法规和国家法律,在行使权力上慎之又慎,在自我约束上严之又严,强化自我监督,健全内控机制,自觉接受 、 、 ,确保权力受到严格约束,坚决防止“灯下黑”。___
A. 党内监督
B. 舆论监督
C. 社会监督
D. 群众监督
【多选题】
对哪些信访举报,应当立即报告并采取应急处置措施?___
A. 被举报人准备实施或者正在实施违纪、职务违法犯罪行为,需要立即制止的
B. 被举报人或者其他涉案人员企图自杀、逃跑或者毁灭、伪造证据、串供的
C. 准备或者正在打击报复举报人,可能造成其人身伤害的
D. 准备或者正在危害公共安全、国家和集体利益,需要立即制止的
【多选题】
监察机关根据监督、调查结果,对违法的公职人员依照法定程序作出 等政务处分决定。___
A. 警告
B. 严重警告
C. 降级
D. 开除
【多选题】
留党察看处分,分为 。___
A. 留党察看半年
B. 留党察看一年
C. 留党察看二年
D. 留党察看三年
【多选题】
派驻纪检组应当带着实际情况和具体问题,定期向派出机关汇报工作,至少每半年会同被监督单位党组织专题研究1次党风廉政建设和反腐败工作。对能发现的问题没有发现是 ,发现问题不报告、不处置是 ,都必须严肃问责。___
【多选题】
下列关于问责的说法正确的是___
A. 问责决定作出后,应当及时向被问责党组织或者党的领导干部及其所在党组织宣布并督促执行。
B. 受到问责的党的领导干部应当向问责决定机关写出书面检讨,并在民主生活会或者其他党的会议上作出深刻检查。
C. 有关问责情况应当向组织部门通报,组织部门应当将问责决定材料归入被问责领导干部个人档案,并报上一级组织部门备案;涉及组织调整或者组织处理的,应当在一个月内办理完毕相应手续。
D. 实行终身问责,对失职失责性质恶劣、后果严重的,不论其责任人是否调离转岗、提拔或者退休,都应当严肃问责。
【多选题】
党的建设必须坚决实现以下基本要求。___
A. 坚持党的基本路线
B. 坚持解放思想,实事求是,与时俱进
C. 坚持全心全意为人民服务
D. 坚持民主集中制
【多选题】
党员未经组织批准参加其他集会、游行、示威等活动,情节较重的,给予 或 处分。___
A. 严重警告
B. 撤销党内职务
C. 留党察看
D. 开除党籍
【多选题】
限制出境措施应当按照法律规定的条件、程序,从严掌握、慎重采取。对不需要继续采取措施的,应当及时解除或者撤销。___
A. 留置
B. 扣押
C. 通缉
D. 技术调查
【多选题】
《中共中央关于坚持和完善中国特色社会主义制度 推进国家治理体系和治理能力现代化若干重大问题的决定》指出,“深化纪检监察工作规范化、法治化。完善派驻监督体制机制。推进纪律监督、监察监督、 、 统筹衔接。___
A. 派驻监督
B. 巡视监督
C. 群众监督
D. 民主监督
【多选题】
接受可能影响公正执行公务的 等活动安排,情节较重的,给予警告或者严重警告处分;情节严重的,给予撤销党内职务或者留党察看处分。___
【多选题】
下列选项中,涉嫌哪些类型的违法犯罪行为会受到监察委员会调查?___
A. 贩卖毒品
B. 滥用职权
C. 寻衅滋事
D. 徇私舞弊
【多选题】
监察机关在日常监督中,发现监察对象有轻微违法问题的,应当及时 ,提高监督的针对性和实效性。___
A. 谈话提醒
B. 批评教育
C. 责令检查
D. 初步核实
E. 予以诫勉
【多选题】
审查调查组有正式党员3人以上的,应当设立临时党支部,加强对审查调查组成员的 ,开展政策理论学习,做好思想政治工作,及时发现问题、进行批评纠正,发挥战斗堡垒作用。___
【多选题】
被问责领导干部应当向作出问责决定的党组织写出书面检讨,并在 、 或者党的其他会议上作出深刻检讨。___
A. 民主生活会
B. 组织生活会
C. 支部委员会
D. 警示教育大会
【多选题】
党的思想路线是___
A. 解放思想
B. 一切从实际出发
C. 实事求是
D. 理论联系实际
【多选题】
责任,组织落实巡视整改任务。被巡视党组织应当将巡视整改情况分别向 、向 。___
A. 第一责任人
B. 监督
C. 党内通报
D. 社会公开
【多选题】
某市纪检监察干部周某在查办一起违纪案件中,将涉案款打入个人账户进行投资但未获利。下列说法正确的有哪些?___
A. 周某违反了涉案财物管理有关规定
B. 对于涉案财物应设立专用账户、专门场所,指定专门人员保管
C. 对周某应给予纪律处分
D. 周某情节轻微,可以不予追究
【多选题】
巡视组可以采取以下方式开展工作___
A. 听取被巡视党组织的工作汇报和有关部门的专题汇报
B. 与被巡视党组织领导班子成员和其他干部群众进行个别谈话
C. 抽查核实领导干部报告个人有关事项的情况
D. 向有关知情人询问情况
【多选题】
创新组织制度,建立 相互协调、相互制约的工作机制。___
A. 从严治党
B. 执纪监督
C. 执纪审查
D. 案件审理
【多选题】
党委(党组)在党内监督中履行主体责任,纪检监察机关履行监督责任,应当将 结合起来。___
A. 作风监督
B. 监察监督
C. 巡视监督
D. 派驻监督
【多选题】
党的地方各级代表大会的职权是:___
A. 听取和审查同级委员会的报告
B. 审查同级纪律检查委员会的报告
C. 讨论本地区范围内的重大问题并作出决议
D. 选举同级党的委员会,选举同级党的纪律检查委员会