【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
推荐试题
【多选题】
保守国家秘密的工作,实行 、 、 的方针,既 ,又便利信息资源合理应用。___
A. 积极防范
B. 突出重点
C. 依法管理
D. 确保国家秘密安全
【多选题】
涉密人员的责任是___
A. 熟悉本职岗位的保密要求
B. 按规定履行保密工作责任
C. 熟知保密法律法规和相关知识技能
D. 做好涉密载体的管理工作
【多选题】
涉密资质单位保密工作领导小组的职责是___
A. 对保密工作负领导责任
B. 为保密工作机构履行职责提供人力、财力、物力等条件保障
C. 对保密工作进行研究、部署和工作总结
D. 及时解决保密工作中的重大问题
【多选题】
应当确定为保密要害部门的是___
A. 单位日常工作中经常产生绝密级或较多机密级、秘密级国家秘密的内设机构
B. 单位日常工作中经常传递绝密级或较多机密级、秘密级国家秘密的内设机构
C. 单位日常工作中经常使用和管理绝密级或较多机密级、秘密级国家秘密的内设机构
D. 单位日常工作中经常存储大量秘密级国家秘密的内设机构
【多选题】
涉密计算机禁止使用具有无线功能的外部设备,下列哪些属于具有无线功能的外部设备___
A. 无线键盘
B. 优盘
C. USB蓝牙适配器
D. 无线耳机
【多选题】
下列哪些做法违反了保密规定___
A. 通过个人优盘将互联网上的歌曲拷贝到单位的涉密计算机中
B. 将单位的涉密文件拷贝后,在家中的计算机上继续处理
C. 将手机连接到涉密计算机上充电
D. 将个人的便携式计算机与单位的涉密计算机相连传输资料
【多选题】
在涉密岗位工作的人员(简称涉密人员),按照涉密程度分为___。
A. 核心涉密人员
B. 基本涉密人员
C. 重要涉密人员
D. 一般涉密人员
【多选题】
应当确定为核心涉密人员的条件是___。
A. 了解和掌握涉及绝密级国家秘密的程度深
B. 了解和掌握涉及绝密级国家秘密的事项多
C. 在涉及绝密级国家秘密岗位上工作时间长
D. 在涉及绝密级国家秘密的单位中担任负责后勤保障的领导
【多选题】
有关脱密期正确的是___。
A. 核心涉密人员的脱密期为3年至5年
B. 重要涉密人员的脱密期为2年至3年
C. 一般涉密人员的脱密期为1年至2年
D. 属于重要涉密人员的领导干部脱密期为3年至5年
【多选题】
为防止涉密计算机在使用时被他人窥视,应___。
A. 避免显示屏幕正对门、窗或透明过道
B. 采取安全隔离措施
C. 设置屏幕保护,确保离开时屏幕出于关闭状态
D. 与非涉密设备保持安全距离
【多选题】
涉密办公自动化设备禁止接入___。
A. 涉密计算机和信息系统
B. 单位内部非涉密计算机或信息系统
C. 国际互联网
D. 公共信息系统
【多选题】
关于涉密计算机的使用,以下行为中错误的有___
A. 根据工作需要,可以安装摄像头
B. 可以安装FTP服务器端,面向系统用户提供涉密文档资料下载和上传
C. 在计算机上安装个人硬盘,换成可刻录光驱进行文件的输入输出
D. 禁止使用优盘,换成可刻录光驱进行文件的输入输出
【多选题】
下列说法正确的是___
A. 涉密信息系统经本单位保密工作机构测试后即可投入使用
B. 涉密信息系统投入运行前应当经过国家保密行政管理部门审批
C. 涉密计算机重装操作系统后可降为非涉密计算机使用
D. 未经单位信息管理部门批准不得自行重装操作系统
【多选题】
我国现行保密法律制度体系主要包括:宪法、保密法律、___、国家公约或政府间的协定的相关规定等。
A. 保密法规
B. 保密规章
C. 国家保密标准
D. 相关司法解释
【多选题】
按照保密法第十八条的规定,国家秘密的变更指的是___的变更。
A. 密级
B. 保密期限
C. 知悉范围
D. 涉密内容
【多选题】
违反保密法律应当承担的责任包括___。
A. 行政责任
B. 刑事责任
C. 民事责任
D. 党纪处分
【多选题】
涉密信息系统发生下列何种情况时,应当按照国家保密规定及时向保密行政管理部门报告,并采取相应措施。___
A. 密级发生变化
B. 主要业务应用发生变化
C. 使用范围和使用环境发生变化
D. 不再使用
【多选题】
从事涉密业务的企业事业单位应当具备下列条件___。
A. 在中国人民共和国境内依法成立2年以上的法人,无违法犯罪记录
B. 所有人员具有中华人民共和国国籍
C. 保密制度完善,有专门的机构或者人员负责保密工作,具有从事涉密业务的专业能力
D. 用于涉密业务的场所、设施、设备符合国家保密规定和标准
【多选题】
资质单位出现___情况的,作出审批的保密行政管理部门应当撤销其资质。
A. 超越审批范围从事国家秘密载体印制业务
B. 《资质证书》有效期满未重新申请
C. 法人依法终止
D. 资质变更未经批准
【多选题】
甲级国家秘密载体印制资质申请单位在提交的申请材料中应当包括___
A. 年度审计报告复印件
B. 《营业执照》复印件
C. 生产经营场所租赁合同复印件
D. 办公场所产权证书复印件
【多选题】
下列属于保密总监或者分管保密工作负责人工作职责的是___。
A. 组织制定单位保密管理制度、保密工作计划
B. 审核、签发单位保密管理制度
C. 组织保密检查
D. 为保密办公室履行职责提供保障
【多选题】
资质单位发生下列哪些事项变更的,应当在变更后30个工作日向授予资质的保密行政管理部门报告。___。
A. 单位名称
B. 单位性质
C. 法定代表人
D. 联系方式
【多选题】
资质单位存在下列哪些情形的,保密行政管理部门应当注销其资质。___
A. 《资质证书》有效期满未重新申请
B. 法人依法终止
C. 两年内未承担国家秘密载体印制业务
D. 资质变更未经批准
【多选题】
以下关于保密管理办公室说法不正确的是___。
A. 资质单位均应当设立保密管理办公室
B. 保密管理办公室为资质单位的职能部门
C. 保密管理办公室负责人应由资质单位高级管理人员担任
D. 乙级资质单位保密管理办公室应当配备专门保密管理人员
【多选题】
资质单位保密工作领导小组成员包括___。
A. 法定代表人或主要负责人
B. 保密总监或分管保密工作负责人
C. 有关部门主要负责人
D. 专职保密管理员
【多选题】
涉密人员应当符合以下基本条件___。
A. 严格遵守保密规章制度
B. 品行良好,无犯罪记录
C. 资质单位正式职工,并在其他单位无兼职
D. 本人及其配偶为中国境内公民
【多选题】
下列项目属于国家秘密载体印制资质申请条件的是___。
A. 缴纳社保金满1年人数
B. 上年度净资产值
C. 固定生产经营场所
D. 注册资本
【多选题】
下列属于保密管理经费用途的是___。
A. 保密宣传教育培训
B. 发放保密补贴
C. 保密设施设备的维护
D. 保密检查
【多选题】
保密管理人员应当具备下列条件___。
A. 良好的政治素质
B. 熟悉保密法律法规,掌握保密知识技能
C. 熟悉本单位业务工作和保密工作情况
D. 通过本单位组织的培训和考核
【多选题】
乙级资质单位可在可在工商注册地省(自治区、直辖市)行政区域内承担___国家秘密载体印制业务。
【多选题】
企业事业单位从事国家秘密载体___,涉密信息系统集成或者武器装备科研生产等涉及国家秘密的业务,应当由保密行政管理部门会同有关部门进行保密审查。
【判断题】
承担秘密载体印制业务的单位应当实行保密工作责任制,健全保密管理制度,完善保密防护措施,开展保密宣传教育,加强保密检查
【判断题】
任何组织和个人都不得将涉密计算机、涉密存储设备接入互联网或其他公共信息网络
【判断题】
在涉密计算机和非涉密计算机之间交叉使用优盘、移动硬盘等移动存储介质时,只要及时升级杀毒软件病毒库,就不会造成泄密
【判断题】
资质单位印制国家秘密载体需要与其他单位合作完成的,只要取得委托方书面同意,合作单位可以不具有相应资质
【判断题】
任何人不得通过普通邮政、快递等无保密措施的渠道传递国家秘密载体;禁止在私人交往和通信中涉及国家秘密
【判断题】
禁止非法复制、记录、存储国家机密。通过互联网或其他公用信息网络传递国家秘密时,必需确保已经采取足够的保密措施
【判断题】
“业务工作谁主管,保密工作谁负责”是保密工作的重要原则
【判断题】
配偶、子女和本人都是涉密人员,在家庭中互相谈论涉密事项没有关系
【判断题】
文件、资料汇编中有密件的,应当对各独立密件的密级和保密期限作出标志,并在封面或者首页以其中的最高密级和最长保密期限作出标志
