【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
推荐试题
【多选题】
收费碰到出口恶意冲卡的车辆,下列处理方法正确的是。___
A. 确保自身安全,提高安全防范意识
B. 收费班长及时上报车辆的相关信息
C. 收费班长将处理结果记录在班长日志里
D. 通行费由管理人员事后进行追缴
【多选题】
绿农产品目录中甘薯类主要包括以下哪几种?___
A. 白薯
B. 红薯
C. 山药
D. 芋头
E. 紫薯
【多选题】
目前收费道口发现的ETC违规车辆分两类,一是办理环节,二是使用环节。具体违规分以下那几种情况?___
A. 违规办理ETC
B. ETC车型不符
C. 车牌不符
D. 假冒集装箱使用ETC
【多选题】
关于ETC操作,下列描述正确的是。___
A. ETC专用车道有误闯车队列没有清除时,可能使后续的正常ETC车辆交易成功,但栏杆不抬
B. 司机提供CPU卡前,已刷复合卡,则重判车型,刷CPU卡;复合卡做已写未发卡,上交收费站销卡
C. 刷CPU卡后,发现车型误判:重判车型,再刷CPU卡
D. 如CPU卡故障、失效、入黑名单,则发放复合卡,并提醒驾驶员出口时走MTC车道(交复合卡),必要时,提醒驾驶员去服务点处理
【多选题】
国家高速公路网命名规则中联络线的编号为4位数,由组成。___
A. 主线编号
B. 数字“1”
C. 联络线顺序号
D. 英文字母
【多选题】
目前高速公路主要有哪几种偷逃通行费的行为?___
A. 调换通行卡
B. 扰乱计重数据
C. 伪造盗窃非法使用军警车辆号牌
D. 假冒绿色通道车
E. 冲卡
【多选题】
关于国际标准集装箱车辆,表述不正确的是。___
A. 集装箱车辆车货总重超限的按照超限车辆的收费方式收费
B. 出口收费员对装载二只20英尺或一只40英尺箱体的集装箱车应判七类车
C. 六类车、七类车分别与四类车、五类车的费率相对应
D. 以箱体为依据,未装载集装箱的挂车按普通货车收费
【多选题】
下列关于持CPU卡车辆从MTC车辆车道出口操作流程说法正确的是。___
A. 收费员等待车辆驶近,输入该车辆车型(含客车、货车)
B. 收费员刷CPU卡后,核对入口车牌(CPU 卡内的发行车牌)与出口车牌是否一致
C. 若车牌一致,选择“CPU 卡支付”,再次刷CPU 卡,选择“CPU付款”。支付成功后,确认放行车辆
D. 车牌不符,选择现金付费,付款后,确认放行车辆
【多选题】
公路按其在路网中的地位分为。___
A. 国道
B. 省道
C. 市道
D. 县道
E. 乡道
【多选题】
对绿色通道政策,以下描述正确的有。___
A. 从2010年12月1日起,全国所有收费公路(含收费的独立桥梁、隧道)全部纳入鲜活农产品运输“绿色通道”网络范围
B. 对整车合法装载运输鲜活农产品车辆免收车辆通行费
C. 对《目录》范围内的鲜活农产品与其他产品混装,且混装的其他产品不超过车辆核定载质量或车厢容积20%的车辆,比照整车装载鲜活农产品车辆执行
D. 考虑车辆计重设备可能出现的合理误差,对超限超载幅度不超过5%的鲜活农产品运输车辆,比照合法装载车辆执行
E. 运输的货物不属于农产品(含农产品装载比例低于10%的)属于绿农车严重恶意违规情况之一
【多选题】
以下哪些车道需要开启节假日免费模式。___
A. ETC入口专用车道
B. ETC出口专用车道
C. MTC入口车道
D. MTC出口车道
【多选题】
非ETC车辆或已列入黑名单车辆进入ETC车道后,收费员应。 ___
A. 阻止后面的车辆驶入本ETC车道
B. 要求误闯车倒车退出ETC专用车道,引导至MTC车道进行处理
C. 提醒驾驶员去服务点处理
D. ETC车道程序中,清车辆队列
【多选题】
假冒集装箱车持CPU卡在MTC车道出口时,操作正确的是。___
A. 核实相关证单,确定是假冒集装箱车的,按货车计重收费
B. 要求司机改为现金等其它方式支付通行费
C. 收缴CPU卡
D. 报ETC服务处,将此车辆列入黑名单
【多选题】
下列哪些规定不属于超限车辆。___
A. 集装箱车货总重45吨
B. 车货总高度从地面算起4米以上
C. 双联轴每侧双轮胎载质量14吨
D. 车货总宽度2.6米
【多选题】
若通行卡损坏(有明显痕迹),以下操作正确的是。 ___
A. 若卡中信息正常读出,则按通行卡入口站点打票收费,并收取通行卡工本费
B. 若卡中信息不能正常读出,则进行系统查询,信息相符,按正常车辆处理,并收取通行卡工本费
C. 若卡中信息不能正常读出,则进行系统查询,信息相符,按正常车辆处理,不收取通行卡工本费
D. 若确认无理由,按车辆可能行驶最远里程收费,并收取通行卡工本费
【多选题】
遇恶劣天气封道时,下列正确的是。___
A. 在广场放置告示牌
B. 允许收费员锁门后离开收费亭
C. 收费员应提前做好开通准备
D. 班长应加强广场巡逻
【多选题】
为确保高速公路行车安全而设置的交通标志设施有。___
A. 警告标志
B. 禁令标志
C. 指示标志
D. 指路标志
E. 公路情报板
【多选题】
假币的主要识别方法有。___
A. 纸张识别
B. 水印识别
C. 凹印技术识别
D. 荧光识别
E. 安全线识别
【多选题】
下列哪些情况不需要回收公务卡。___
A. 公务卡超出使用范围
B. 公务卡不可读且无效
C. 公务卡超过有效期
D. 卡内车牌与实际不符
【多选题】
出口车道收费员刷CPU卡操作步骤有。___
A. 输入客车车型
B. 输入车牌
C. 读卡
D. 收费员应核对入口车牌(CPU卡内的发行车牌)与出口车牌一致才允许按CPU卡支付
E. 收取通行费,系统显示付费方式选择的提示信息,操作员可按↑、↓键或数字键“7”选择CPU 卡付费
F. 放行车辆
【多选题】
联网路段对装有通风和监控设施且长度1000-2500米,2500-4000米,10000米以上的遂道,叠加通行费每次分别为几元?___
A. 1元
B. 2元
C. 5元
D. 10元
E. 15元
【多选题】
票据”键可用作以下哪些处理功能? ___
A. 更改发票号码
B. 发票重新打印
C. 预销票
D. 更改免费票号码
【多选题】
下列车驾号第一个数字的含义表述正确的是。___
A. 1代表载货汽车
B. 2代表越野汽车
C. 3代表牵引车
D. 4代表轿车
E. 5代表厢式汽车
F. 6代表自卸汽车
【多选题】
公路法所称的公路包括。___
A. 公路桥梁
B. 公路隧道
C. 公路渡口
D. 高速公路
E. 一级公路
F. 县乡道路
【多选题】
下列哪些属于入口车道票据键功能? ___
A. 更改缴费凭证号码
B. 更改免费票号码
C. 重新打印发票
D. 预销票处理
【多选题】
变造币是将真币用各种手段升值的人民币,它是一种破坏人民币的非法行为,其主要形式有。 ___
【多选题】
灭火器压力显示器指针在区域时,不需要重新检修。___
【多选题】
ETC电子标签可否自行拆卸修理,标签不慎脱落如何处理?___
A. 电子标签内有防拆卸功能,如果自行拆卸将导致信息丢失,无法正常使用
B. 电子标签出现故障后,需要到不停车收费服务处进行维修
C. 如果电子标签不慎脱落,需由服务处工作人员帮您重新安装才能正常使用
D. 如果电子标签不慎脱落,可以根据说明书自己安装
【多选题】
机动车在高速公路应当按车道指示的标志标明的允许通行的行驶。___
A. 车型
B. 最高行驶车速
C. 最低行驶车速
D. 方向
【多选题】
下列哪几条国家级高速公路在浙江省境内。___
A. G3
B. G15
C. G50
D. G2
E. G42
F. G56
【多选题】
车辆如在MTC车道出口,驾驶员在出示通行卡的情况下,后又出示CPU卡,收费员该如何进行操作? ___
A. 收费员先读复合通行卡
B. 选择CPU卡的付费方式
C. 读CPU卡核对车牌后收费放行
D. 按现金收费方式收费放行
【多选题】
以下哪几种绿农产品,可以享受免费绿农政策? ___
A. 海参
B. 鹌鹑
C. 核桃
D. 银杏
E. 杏子
【多选题】
关于办理偷逃高速公路通行费的若干司法意见中哪几种情况偷逃通行费数额较大的,可以处诈骗罪处罚。___
A. 采用调换车辆通行卡等方法减少实际通行计费里程
B. 使用伪造、变造的车辆通行卡支付
C. 使用伪造、变造、盗窃的其他车辆交费优惠证明
D. 假冒绿色通道免费车辆
E. 采用影响计重的方式,隐瞒车辆实际载重
F. 使用伪造、盗窃、买卖或者他人非法提供的武装部队车辆号牌
【多选题】
由于各种原因漏标(或误标)造成的卡内路径信息不准,采用如下规则。___
A. 系统自动容错后还能唯一确定路径的,按实际路径收费
B. 识别为多条路径的,系统提示多条路径,由班长旁证人工选择后再收费
C. 无法识别的,按最远路径收费
D. 无法识别的,按最短路径收费
【多选题】
有下列情形之一的,劳动合同终止。___
A. 劳动合同期满的
B. 劳动者开始依法享受基本养老保险待遇的
C. 劳动者死亡,或者被人民法院宣告死亡或者宣告失踪的
D. 用人单位被依法宣告破产的
E. 用人单位被吊销营业执照、责令关闭、撤销或者用人单位决定提前解散的
F. 法律、行政法规规定的其他情形
【多选题】
下列哪些情况,可订立无固定期限劳动合同。 ___
A. 老王在单位连续工作15年
B. 老赵在单位连续工作13年且距法定退休年龄还有11年的,今年单位第一次实行劳动合 同制度
C. 连续订立二次固定期限劳动合同小王患病后,在规定的医疗期满后不能从事原工作,无法继续从事单位安排的其他工作
D. 连续订立二次固定期限劳动合同,小张经年度考核不合格,经过培训或者调整工作岗位, 仍不能胜任工作的
E. 老陈在某国有大型企业已经11年,还有3年就要退休,今年企业进行改制重新订立劳动 合同
【多选题】
收费公路的权益包括。___
A. 收费权
B. 广告经营权
C. 服务设施经营权
D. 转让权
【多选题】
遇系统完全瘫痪收费员应做好那几项工作?___
A. 入口启用缴费凭证
B. 出口启用定额票
C. 入口发放免费票
D. 出口登记入口站点、金额、车型
【多选题】
下列对持有 浙江警通证的车辆操作正确的是。___
A. 入口不得阻拦
B. 出口迅速放行
C. 遇ETC系统故障时立即使用人工操作,快速免费放行
D. 核实行驶证后放行
