【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
推荐试题
【判断题】
34:挂失/解挂申请书填写应清晰无误,账户余额与开户日期可不填写,勾选项与系统选择一致,申请挂失时无需有客户签名
【判断题】
35:客户有效证件信息与系统不一致的,挂失/解挂申请书户名一栏填写客户证件户名或系统户名均可
【判断题】
36:遗产继承等业务中,有多个继承人到场时,可在代理人处填写、录入任意一个继承人信息,挂失/解挂申请书客户签名处须所有到场继承人共同签名
【判断题】
37:挂失/解挂申请书客户留存联丢失,应按照《新一代IT系统业务操作规程》要求,重新补办挂失手续(无需在系统内处理),挂失期限按新办理挂失计算,挂失后续处理时,提交第二次挂失客户留存联与第一次挂失时行社留存两联中的第一联
【判断题】
38:企业客户电子银行服务申请表上应加盖单位预留印鉴,法定代表人/授权代理人(签章)处,必须有签名
【判断题】
39:借款人为法人的,借据上须加盖单位公章,并有法定代表人签名
【判断题】
40:柜员应按照重要空白凭证管理办法,及时对使用的凭证进行销号,因特殊原因,借据隔日销号的,应出具特殊业务申请省中心授权通过表(副主任或副行长审批)
【判断题】
41:客户持本人有效身份证件取卡,使用其他可以证明为卡片持有者的材料取卡时,应出具特殊业务申请省中心授权通过表(副行长审批)
【判断题】
42:在做7016假币登记时,假人民币上无需加盖蓝色假币戳记
【判断题】
43:股金业务原则上不允许代理,因特殊原因本人无法到场时,应出具授权委托书
【判断题】
44:1万元(不含)以下的存现,因累计金额超限触发授权时,若确属收学费等业务需要,可不提供经办人证件,出具特殊业务申请省中心授权通过表(说明原因,声明无洗钱风险、无电信诈骗风险,机构主管审批)
【判断题】
45:冻结交易中,判决书/裁定书有明确的执行金额时,应做金额冻结,冻结通知书的冻结金额可以大于判决/裁定金额
【判断题】
46:冻结方式为只收不付的,解冻时系统支持全额解冻或部分冻结
【判断题】
47:账户启用的日期计算:启用当日不算,从第二天算起三个工作日
【判断题】
48:账户启用的日期计算:启用当日算起三个工作日
【判断题】
49:时点存款证明书的证明余额为出具证明当日日终时账户余额,系统不对账户进行金额控制
【判断题】
50:客户要求提前终止时段存款证明书的,必须由存款人本人办理,不得代理,并应交回已开具的全部存款证明书
【判断题】
52:授权时,挂失的后续处理业务若非挂失当天处理,无需提供挂失申请书的客户回单联
【判断题】
53:8080交易有收付款双方凭证的不需要提供个人业务交易单
【判断题】
54:转账支票无论是否发生转让,都无需上传背面影像
【判断题】
55:在做挂失业务时,挂失申请书中的证件号码、户名、账号、金额为不可修改项
【判断题】
56:在做挂失业务时,挂失申请书上的金额必需填写,且不允许修改
【判断题】
57:在做挂失业务时,挂失申请书上的金额可以不填写,但如果填写金额,不允许修改
【判断题】
58:在做个人账户销户1078交易时,存单/卡需要上传背面影像
【判断题】
59:在做7107凭证行内使用交易时,不需要上传身份证件影像和客户影像
【判断题】
60:在做7107凭证行内使用交易时,需要上传身份证件影像和客户影像
【判断题】
61:1081个人现金支取业务,需要输入代理人证件信息
【判断题】
62:16周岁以下客户办理业务时,须由监护人代为办理,本人也必须到场
【判断题】
63:柜员尾箱中的卡损坏,可以使用7217柜员尾箱卡管理交易进行处理
【判断题】
64:柜员尾箱中的卡损坏,可以使用7107凭证行内使用交易进行处理
【判断题】
65: 改变钞票观察角度时,2019年版第五套人民币20元纸币光彩光变面额数字的颜色在黄色和绿色之间变化
【判断题】
66:在个人睡眠户账户治理的过程中,应同步做好客户信息治理
【判断题】
67:未成年人的法定监护人:首先应当由其父母担任
【判断题】
68:未成年人所有的监护人均需经未成年人住所地的居民委员会、村民委员会或者民政部门同意
【判断题】
69:无民事行为能力或者限制民事行为能力的成年人(如精神病人),法定监护人首先是配偶
【判断题】
70:公证遗嘱指的是公民生前对自己的财产作出安排,并经国家公证机关公证,于死亡时立即发生法律效力的法律行为,公证遗嘱指定继承人、公正遗嘱受益人可单独或共同到营业网点查询已故存款人的存款
【判断题】
71:非完全民事行为能力人办理业务,应由其法定监护人代为办理,并提供监护关系证明(如户口簿、出生医学证明、法院、民政部门、村委/社区证明等)
【判断题】
72:已故存款人的配偶、父母、子女可单独或共同到营业网点查询已故存款人的存款
【判断题】
73:有多个客户号时,确认为同一客户的,应进行客户号合并
