【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
推荐试题
【判断题】
党和政府应加强和创新对建设社会主义和谐社会各项工作的领导,把发展经济、提高国家文化软实力 作为社会建设的根本任务。
【判断题】
虽然说生态兴则文明兴,生态衰则文明衰,但随着人类文明的发展,生态环境可以找到替代品。
【判断题】
在生态系统保护和修复中,把利用自然力修复生态系统放在首位。
【判断题】
全面小康,覆盖的人口要全面,是惠及全体人民的小康。全面小康,覆盖的区域要全面,是城乡共同 发展的小康。
【判断题】
国家治理体系和治理能力是一个国家的制度和制度执行能力的集中体现。
【判断题】
严格依法办事是法治区别于人治的重要标志。
【判断题】
党的十一届三中全会明确提出了“ 发展社会主义民主、健全社会主义法治” 的重大方针。
【判断题】
“ 坚持党要管党、全面从严治党” 是新时代党的建设的根本方针。
【判断题】
全面小康,覆盖的领域要全面,是“ 三位一体” 全面进步的小康。
【判断题】
改革是经济社会发展的强大动力,发展是解决一切经济社会问题的前提,稳定是改革发展的关键。
【判断题】
法律具有规范社会行为、调节社会关系、维护社会秩序的作用。道德不具有这些方面的作用。
【判断题】
党的组织建设的核心是保持党同人民群众的血肉联系。
【判断题】
依法治军是人民军队建军之本、强军之魂。
【判断题】
实现把人民军队全面建成世界一流军队目标的时间是在 2035年。
【判断题】
党委统一的集体领导下的首长分工负责制是党领导军队的根本制度。
【判断题】
和平共处五项原则一直是我国处理对外关系的基本准则。
【判断题】
实现中华民族伟大复兴的中国梦的奋斗目标,必须要有和平国际环境。
【判断题】
中国坚定不移地奉行独立自主的和平外交政策,是由我国的社会主义性质和在国际上的地位所决定的。
【判断题】
推动建立新型国际关系,要坚决维护国家核心利益。
【判断题】
“ 一带一路” 与构建人类命运共同体没有关系。
【判断题】
构建人类命运共同体既是中国外交的崇高目标,也是世界各国的共同责任和历史使命。
【判断题】
中国共产党的领导地位是历史和人民的选择。
【判断题】
历史表明,中国共产党领导中国人民开辟的中国特色社会主义道路是正确的,必须长期坚持、永不动 摇。
【判断题】
历史表明,中国共产党和中国人民扎根中国大地、吸纳人类文明优秀成果、独立自主实现国家发展的 战略是正确的,必须长期坚持、永不动摇。
【判断题】
实现中华民族伟大复兴关键在全面依法治国。
【判断题】
中国特色社会主义是改革开放以来党的全部理论和实践的主题,是党和人民历尽千辛万苦、付出巨大 代价取得的根本成就。
【判断题】
坚持中国共产党的领导,是党和国家的根本所在、命脉所在。
【单选题】
有正式党员( )人以上的党支部,应当设立党支部委员会。(出题单位:上海市普陀区区委组织部)___
【单选题】
建立健全党支部按期换届提醒督促机制。根据党组织隶属关系和干部管理权限,上级党组织对任期届满的党支部,一般提前()以发函或者电话通知等形式,提醒做好换届准备。对需要延期或者提前换届的,应当认真审核、从严把关,延长或者提前期限一般不超过() 。出题单位:上海市委宣传部基层工作处(统战处)___
A. 6个月 1年
B. 3个月 半年
C. 6个月 2年
D. 3个月 1年
【单选题】
党支部党员大会是党支部的议事决策机构,由全体党员参加,一般()召开()。出题单位:上海市委宣传部基层工作处(统战处)___
A. 每个月 1次
B. 每季度 1次
C. 每年 1次
D. 每年 2次
【单选题】
经过长期努力,中国特色社会主义进入了新时代,这是我国发展新的( )。(出题单位:杨浦区委宣传部)___
【单选题】
中国共产党人的初心和使命,就是为中国人民____ ,为中华民族____。这个初心和使命是激励中国共产党人不断前进的根本动力。(出题单位:黄浦区委网信办)___
A. 谋幸福,谋未来
B. 谋生活,谋复兴
C. 谋幸福,谋复兴
D. 谋生活,谋未来
【单选题】
党支部委员会会议一般每月召开()次,根据需要可以随时召开,对党支部重要工作进行讨论、作出决定等。党支部委员会会议须有()委员到会方可进行。重要事项提交党员大会决定前,一般应当经党支部委员会会议讨论。出题单位:上海市委宣传部基层工作处(统战处)___
A. 1次 全部
B. 2次 半数以上
C. 2次 全部
D. 1次 半数以上
【单选题】
党支部()相对固定()开展主题党日,组织党员集中学习、过组织生活、进行民主议事和志愿服务等。出题单位:上海市委宣传部基层工作处(统战处)___
A. 每月 2天
B. 每月 1天
C. 每季度 1天
D. 每季度 2天
【单选题】
国家主席习近平在首届中国国际进口博览会开幕式上对上海提出的三项新的重大任务包括:一是将增设中国上海自由贸易试验区的新片区。二是将在上海证券交易所设立()并试点注册制。三是支持长江三角洲区域一体化发展并上升为国家战略。(出题单位:上海市科技工作党委) ___
A. 科创板
B. 创业板
C. 中小板
D. 新三板
【单选题】
首届中国国际进口博览会志愿者“()”与进口博览会吉祥物“进宝”的造型一脉相承,呼应了国家会展中心(上海)的主体造型,寓意志愿者在进口博览会的舞台上弘扬“我奉献,我快乐”,“我参与,我快乐”、“我分享,我快乐”的上海青年志愿者精神。(出题单位:共青团上海市委) ___
【单选题】
上海正在全力打响“四大品牌”,其中,深化“青春上海”志愿服务专项行动被列为“()”品牌专项行动之一。(出题单位:共青团上海市委) ___
A. 上海服务
B. 上海制造
C. 上海购物
D. 上海文化
【单选题】
2018年9月10日下午,我国第一艘自主建造的基地科学考察破冰船(H2560)在上海下水。该船是由中国船舶工业集团有限公司第七〇八研究所设计、江南造船(集团)有限责任公司承担建造的。该船的名称是()。(出题单位:上海市科技工作党委) ___
A. 远望号
B. 雪龙2号
C. 天鲸号
D. 鄱阳湖号
【单选题】
在党的坚强领导下,全面贯彻党的教育方针,坚持马克思主义指导地位,坚持中国特色社会主义教育发展道路,坚持社会主义办学方向,立足基本国情,遵循教育规律,坚持改革创新,以凝聚人心、完善人格、开发人力、培育人才、造福人民为工作目标,培养()全面发展的社会主义建设者和接班人, 加快推进教育现代化、建设教育强国、办好人民满意的教育。(出题单位:复旦大学)___
A. 品德和智力
B. 德智体
C. 德智体美
D. 德智体美劳
