【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
推荐试题
【判断题】
《生产安全事故报告和调查处理条例》规定事故发生单位的负责人和有关人员在事故调查期间不得擅离职守,并应当随时接受事故调查组的询问,如实提供有关情况。
【判断题】
《安全生产法》规定,生产经营单位决策机构、主要负责人或者个人经营的投资人应当保证安全生产条件所必需的资金投入,并对资金投入不足导致的后果承担责任。
【判断题】
超过规定使用年限的特种设备,经检修后,可以出租、使用。
【判断题】
《福建省安全生产条例》规定,生产经营单位应当在易燃、易爆、强腐蚀、有毒、粉尘、高温、辐射以及可能发生坠落、碰撞、触电等危险因素的工作场所和设施、设备上设置明显的安全警示标志。
【判断题】
《福建省安全生产条例》规定,生产经营单位主要负责人应当依法履行安全生产工作职责,落实安全生产各项制度,定期研究和督促检查安全生产工作。
【判断题】
施工现场施工电梯属于特种设备,因此施工电梯的安全生产监督,由特种设备安全监督管理部门承担。
【判断题】
分包工程承包人就施工现场安全向分包工程发包人负责,并应当服从分包工程发包人对施工现场的安全生产管理。
【判断题】
分包工程发包人对施工现场安全负总责,并对分包工程承包人的安全生产进行管理。
【判断题】
施工现场塔吊安装完毕后,施工企业应组织企业或工程项目部的安全监督和设备管理部门对塔吊安装安全状况进行验收,合格后即可投入使用。
【判断题】
悬挑式脚手架安装、拆卸作业前,编制专项施工方案的专业技术人员和专职安全员应向全体作业人员进行安全技术交底。
【判断题】
施工总承包的,建筑工程主体结构的施工必须由总承包单位自行完成。
【判断题】
施工单位要严格按国家标准规范搭建施工脚手架,必须购买、租用具备产品生产厂家生产许可证、产品质量合格证明、检测证明和产品标识的钢管、扣件。
【判断题】
《福建省安全生产条例》规定,对从事接触职业病危害因素作业的从业人员,生产经营单位应当按照国家有关规定组织职业健康检查,将检查结果如实告知从业人员,并建立职业健康档案,实行健康监护。
【判断题】
《福建省安全生产条例》规定,生产经营单位从业人员应当享有了解作业场所、工作岗位存在的危险因素和因素以及防范和应急措施,获得符合国家规定和标准的用品的权利。
【判断题】
《福建省安全生产条例》规定,在易燃易爆场所配置符合国家标准或者行业标准的防爆电气设备,落实防静电、泄爆等安全措施,禁止明火作业和违规使用作业工具。
【判断题】
《福建省安全生产条例》规定,在容易造成高处坠落、物体打击、机械伤害、触电的岗位或者场所,以及临近高压输电线路、输油输气管道、通讯光(电)缆进行相关作业时,设置防护设施、设备,采取并落实必要的安全防范措施。
【判断题】
《福建省安全生产条例》规定,建设工程的勘察、设计、施工、工程监理等单位应当遵守建设工程安全生产法律、法规和强制性标准规定,依法承担建设工程安全生产责任。
【判断题】
《福建省安全生产条例》规定,在城镇人口密集区不得新建、改建、扩建易燃易爆物品、危险化学品的生产和储存项目。
【判断题】
《福建省安全生产条例》规定,建立应急救援志愿服务激励机制,鼓励自然人、法人和其他组织捐赠财产和提供专业服务用于应急救援。
【判断题】
《福建省安全生产条例》规定,生产经营单位应当根据本单位的危险源和风险因素制定或者及时修订本单位生产安全事故应急救援预案,并与所在地市级以上地方人民政府组织制定的生产安全事故应急救援预案相衔接。
【判断题】
《福建省建设工程安全生产管理办法》规定,项目专职安全生产管理人员不得同时负责两个以上工程项目的安全生产管理工作。
【判断题】
《福建省建设工程安全生产管理办法》规定,施工作业人员应当遵守建设工程施工安全管理规章制度和操作规程,正确使用安全生产防护用品、机械设备、防护设施。
【判断题】
《福建省建设工程安全生产管理办法》规定,施工单位应当按规定向作业人员提供相应的安全生产防护用品和安全生产作业环境。
【判断题】
《福建省建设工程安全生产管理办法》规定,施工单位对建设单位预付的安全施工措施费用应当专户存储,专款专用,不得挪作他用。
【判断题】
《建设工程安全生产管理条例》规定,办公、生活区的选址应当符合安全性要求。职工的膳食、饮水、休息场所等应当符合卫生标准。
【判断题】
施工现场对毗邻的建筑物、构筑物和特殊作业环境可能造成损害的,建筑施工企业无义务采取安全防护措施。
【判断题】
建筑施工企业和作业人员在施工过程中,应当遵守有关安全生产的法律、法规和建筑行业安全规章、规程,不得违章指挥或者违章作业。
【判断题】
禁止出租检测不合格的机械设备和施工机具及配件。
【判断题】
施工起重机械和整体提升脚手架、模板等自升式架设设施的使用达到国家规定的检验检测期限的,必须经具有专业资质的检验检测机构检测。经检测不合格的,不得继续使用。
【判断题】
检验检测机构对检测合格的施工起重机械和整体提升脚手架、模板等自升式架设设施,应当出具安全合格证明文件,但不对检测结果负责。
【判断题】
施工单位视情况决定是否设立安全生产管理机构,配备专职安全生产管理人员。
【判断题】
专职安全生产管理人员负责对安全生产进行现场监督检查。
【判断题】
建筑施工企业的管理人员违章指挥、强令职工冒险作业,因而发生重大伤亡事故或者造成其他严重后果的,依法追究经济和行政责任。
【判断题】
《建设工程安全生产管理条例》规定,施工现场临时搭建的建筑物应当符合安全使用要求。施工现场使用的装配式活动房屋应当具有生产许可证和产品合格证。
【判断题】
施工单位应当自施工起重机械和整体提升脚手架、模板等自升式架设设施验收合格之日起3个月内,向建设行政主管部门或者其他有关部门登记。
【判断题】
施工单位应当根据不同施工阶段和周围环境及季节、气候的变化,在施工现场采取相应的安全施工措施。
【判断题】
《安全生产法》规定,事故调查报告应当依法及时向社会公布。
【判断题】
《安全生产法》规定,任何单位和个人都应当支持、配合事故抢救,并提供一切便利条件。
【判断题】
《安全生产法》规定,生产经营单位的安全生产管理机构以及安全生产管理人员应当恪尽职守,依法履行职责。
【判断题】
《安全生产法》规定,生产经营单位作出涉及安全生产的经营决策,应当听取安全生产管理机构以及安全生产管理人员的意见。