【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
推荐试题
【多选题】
下列关于降水预报质量分级检验叙述正确的是:___。
A. 当实况出现的降水量级和预报的量级不一致时,选择较大量级作为检验的级别。
B. 当预报小雨时,实况为一般性雨夹雪,评定小雨预报正确。
C. 当预报一般性雨夹雪时,实况为一般性雨夹雪,评定小雨正确。
D. 当预报无降水时,实况为一般性雨夹雪,评定小雪漏报。
E. 当预报其它级别降水时,实况为一般性雨夹雪,评定该级别降水漏报。
【多选题】
下列叙述正确的是:___。
A. 若“暴雨、冰雹、龙卷风、大雪、寒潮、大风和台风等造成1000万元以上、3000万元以下直接经济损失的气象灾害”则确定为Ⅱ级预警。
B. 若“因各种气象原因,造成机场、港口、国家高速公路网线路连续封闭12小时以上”则确定为Ⅱ级预警。
C. 若“因极端天气气候事件造成100万元以上、1000万元以下直接经济损失的气象灾害”则确定为Ⅲ级预警。
D. 若“因极端天气气候事件造成3人以下死亡”则确定为Ⅳ级预警。
【多选题】
在形成华北暴雨的环流系统中,日本海高压是一关键系统。日本海高压对暴雨产生起的主要作用有:___。
A. 使冷空气侵入暴雨区,导致锋生
B. 阻挡低槽的东移
C. 和槽后青海高压脊对峙形成南北向切变线,使西南涡在此停滞
D. 为暴雨区提供不稳定能量
E. 日本海高压南侧的东或东南气流可向华北地区输送水汽
【多选题】
对暴雨形成有利的条件有___。
A. 强风速垂直切变
B. 强烈的上升运动
C. 中高层干空气平流
D. 充分的水汽供应
E. 盖帽逆温层
F. 前倾槽
G. 较长的持续时间
【多选题】
对我国天气有重要影响的热带和副热带天气系统有:___。
A. 西太平洋副高
B. 大陆副高
C. ITCZ
D. 东亚大槽
E. 东风波
F. 台风
G. 西南涡
【多选题】
下列叙述正确的是:___
A. 槽上山会使槽减弱。
B. 夏半年温带气旋移到海上,此气旋是发展。
C. 热力因子作用使槽加深。
D. 疏散槽有正相对涡度平流。
E. 正热成风涡度平流是:平均层到地面之间由于热成风涡度分布不均,借助热成风将正热成风涡度大往小的方向输送,使得固定点正热成风涡度增大。
【多选题】
下列叙述正确的是:___
A. 我国寒潮天气系统主要包括极涡、极地高压、寒潮冷锋、冰岛低压、阿留申低压。
B. ITCZ结构的基本类型有无风带、赤道缓冲带。
C. 北半球副高南部的盛行东北风称为东北信风。
D. 一个地区上空整层大气的水汽可凝结并降至地面的降水量,称为可降水量。(全部凝结)
E. 为干绝热温度递减率,为大气的垂直减温率。大气一般是干绝热稳定的,则有。
【多选题】
波动类南方气旋发展过程的特点是:500hPa上___、700hPa上( )、地面上( )。
A. 高原低槽东移减弱
B. 高原低槽与北支槽合并发展东移
C. 西南涡与北支槽结合
D. 西南涡沿江淮切变线东移
E. 河西冷锋进入西南倒槽与暖锋相结合产生气旋
F. 静止锋产生气旋波
【多选题】
冷锋是造成山东偏北大风的主要天气系统。西北冷锋影响时多出现___,北方冷锋影响时多出现( ),河西冷锋影响时多出现( )。
A. 西北大风
B. 北大风
C. 东北大风
D. 南大风
【多选题】
山东半岛冷流降雪的成因是___。
A. 暖海面的作用
B. 较强的低空冷平流
C. 对流层中下层的湿度条件
D. 适宜的地面流场
【多选题】
黄河中下游凌汛期的封河期预报重点应考虑哪些因素___。
A. 水温
B. 气温
C. 风向风速
D. 流量
E. 淌凌日期
【多选题】
下列因素中哪些有利于雷暴的产生或增强___。
A. 较大的对流有效位能CAPE
B. 较大的对流抑制CI
C. 垂直风切变较大
D. 存在边界层辐合线
E. 低层水汽很少
【多选题】
___。
A. 速度方位显示VAD
B. 弱回波区WER
C. 组合切变CS
D. 风暴路径信息STI
E. 冰雹指数HI
F. 中气旋M
G. 回波顶ET
H. 垂直累积液态水含量VIL
【多选题】
温带气旋主要是在___发展起来的,有很大的( ),在其发展过程中,温度场位相( )气压场。
A. 暖区
B. 冷区
C. 锋区
D. 斜压性
E. 正压性
F. 超前于
G. 落后于
【多选题】
南亚高压是北半球夏季 h 层上最强大、最稳定的环流系统,它是具有___尺度的反气旋环流,是( )性高压。南亚高压下面600 hPA 以下的整个高原为( ) 控制。
A. 天气尺度
B. 行星尺度
C. 热低压.
D. 热高压
E. 冷
F. 暖
G. 300 hPa
H. 100-150 hPa
【多选题】
如果欧亚大陆极涡是两个极涡中心,且靠近我国的较强,则伴随我国持续低温天气强度是___的;若两个极涡中心强度相当接近,则我国持续低温天气强度是( )的;若亚洲极涡中心是较弱的或极涡分裂为三个中心,则我国持续低温天气强度是( )的。
【多选题】
寒潮冷锋的移动方向与___有密切关系。
A. 寒潮高压的路径
B. 锋前的气压系统和地形
C. 引导冷空气南下寒潮冷锋后的垂直于锋的高空气流分量
D. 冷锋后高压的强度
【多选题】
利用Q矢量方法可以诊断___,而且只需 ( )层等压面资料即可计算。
A. 垂直运动
B. 温度场分布
C. 湿度场分布
D. 一
E. 二
F. 三
【多选题】
台风大多数发生在纬度 ___ 。
A. 0-5°N之间
B. 0-5°S之间
C. 5-20°N之间
D. 5-20°S之间
【多选题】
引起对流不稳定的局地变化的因素有___P427
A. 不稳定的垂直输送
B. 散度
C. θse平流
D. 温度平流
【多选题】
关于涡度的说法正确的是:___ P83
A. 有曲率的地区不一定有涡度
B. 有切变的地区不一定有涡度
C. 等高线密集的地方一定有涡度
D. 风大的地方一定有涡度。
【多选题】
降水成因的条件是:___
A. 水汽条件
B. 垂直运动的条件
C. 云滴增长的条件
D. 适当风速的条件
【多选题】
当西南涡移出时,雨区主要分布在:___P238
A. 低涡的中心区
B. 低涡移向的左前方
C. 低涡移向的右前方
D. 低涡移向的正前方
【多选题】
辐射雾形成必要条件:___
A. 近地层湿度大
B. 有足够的辐射冷却时间
C. 没有明显的水平或垂直交换
D. 昼夜温差较大
【多选题】
梅雨的主要水汽来源是:___ P271
A. 孟加拉湾
B. 西太平洋
C. 南海
D. 印度洋
【多选题】
影响大气的作用力中,哪些在惯性参照系中是不存在的。___天气学原理和方法6-7页
A. :气压梯度力
B. :摩擦力
C. :惯性离心力
D. :地转偏向力
【多选题】
东亚季风的特点有哪些。___ 天气学原理和方法196 页
A. 冬季盛行偏北风、偏西风,夏季偏南风、偏东风。
B. 冬季天气干冷,夏季湿热,雨量大部分集中在夏季。
C. 东亚西风带平均环流的脊、槽,在冬、夏季也完全是相反相位。
D. 高原在冬季北侧为西风,南侧为东风,夏季变为相反的风向。
【多选题】
槽线和切变线的分析要注意下列几点___天气学分析17页
A. 为了要分析槽线和切变线,一般在分析等高线之前,先根据槽线和切变线的过去位置和移动速度,从图上风饿切变定出它们的位置
B. 可以把两个槽的槽线连成一个
C. 切变线上可以有辐合中心,两条切变线可以连接在一起
D. 习惯上往往在风向气旋性切变特别明显的两个高压之间的狭长低压带内和非常尖锐而狭长的槽内分析槽线?
【多选题】
超级单体风暴的结构特征有哪些___天气学原理和方法403页
A. 云内垂直气流基本分为两部分。前部为下沉区,后部为上升区
B. 存在弱回波区
C. 风暴运动方向一般偏向于对流云中层的风的左侧
D. 对流云发展非常旺盛,维持很高的云顶
【多选题】
典型梅雨的环流特征有___ 天气学原理和方法403页
A. 南亚高压从高原向东移动,位于长江流域上空
B. 腹稿1200E处的脊线位置稳定在270N左右
C. 江淮流域有静止锋停滞
D. 低层为辐散区,高层为辐合区
【多选题】
关于冷空气的路径及对本地天气的影响,说法正确的有___天气学原理和方法303 页
A. 西来冷空气,一般无降水,经常能达到寒潮强度
B. 西北路冷空气主要是大风、降温和风后的霜冻
C. 从北来的:起先高空环流比较平直,寒潮主力是东移,在中蒙边界及东北地区形成强的东西向冷锋,降温比较厉害
D. 从东北来的:冷空气经蒙古、内蒙至山西、河北。
【多选题】
东亚夏季风环流系统中高空成员有___ 天气学原理和方法567 页
A. 澳大利亚冷性反气旋
B. 西太平洋副热带高压
C. 南亚反气旋的东部脊
D. 东亚地区向南越赤道气流
【多选题】
关于青藏高原环流影响下列说法正确的是___
A. 青藏高原在冬季是热源,在夏季是热汇
B. 青藏高原大大增强了海陆分布影响对500百帕副热带高压带的断裂作用
C. 冬季东亚大槽是海陆热力差异和青藏高原地形影响的产物
D. 冬季亚洲地面冷高压中心的位置与青藏高原影响无关
【多选题】
多普勒雷达的局限性___使其探测能力下降或受限
A. 波束中心的高度随距离增加
B. 波束中心的宽度随距离增加
C. 距离折叠
D. 静锥区的存在
【多选题】
经典超级单体风暴反射率因子回波的主要特征___
A. 低层的钩状回波
B. 中气旋
C. 中高层的悬垂回波
D. 中层的弱回波区
【多选题】
有利于强雷暴发生的条件___
A. 近地面逆温层
B. 前倾槽
C. 低层辐合和高层辐散
D. 大的风垂直切变
【多选题】
多普勒雷达测量的基本量___
A. 回波强度
B. 径向速度
C. 风廓线
D. 速度谱宽
【多选题】
多普勒雷达由___子系统组成
A. 数据采集RDA
B. 产品生成RPG
C. 用户终端PUP
D. 通讯线路
【多选题】
我国业务运行多普勒雷达通常采用的体描模式___
A. VCP11
B. VCP21
C. VCP31
D. VCP32
【多选题】
多普勒雷达的局限性___使其探测能力下降或受限
A. 波束中心的高度随距离增加
B. 波束中心的宽度随距离增加
C. 距离折叠
D. 静锥区的存在