【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
推荐试题
【多选题】
根据《浙江省城市景观风貌条例》规定,下列建设项目应当配置公共环境艺术品___
A. 建筑面积一万平方米以上的文化、体育等公共建筑
B. 航站楼、火车站、城市轨道交通站定等交通场站
C. 用地面积一万平方米以上的广场和公园
D. 以上都不是
【多选题】
下列哪些属于《浙江省城市景观风貌条例》规定中所称公共环境艺术品___
A. 城市雕塑、壁画、绿化造景等艺术作品
B. 艺术化的景观灯光
C. 水景
D. 城市家具等公共设施
【多选题】
禁止下列___损害古树名木的行为:
A. 擅自砍伐、采挖或者挖根、剥树皮;
B. 非通透性硬化古树名木树干周围地面;
C. 在古树名木保护范围内新建扩建建筑物和构筑物、挖坑取土、动用明火、排烟、采石、倾倒有害污水和堆放有毒有害物品等行为;
D. 刻划、钉钉子、攀树折枝、悬挂物品或者以古树名木为支撑物
【多选题】
未依法取得排污许可证排放水污染物的,由县级以上人民政府环境保护主管部门___,情节严重的,报经有批准权的人民政府批准,责令停业、关闭。
A. 责令改正或者责令限制生产
B. 停产整治
C. 并处十万元以上一百万元以下的罚款
D. 警告
【多选题】
《风景名胜区条例》第四十条第一款 违反本条例的规定,有下列行为之一的,由风景名胜区管理机构责令停止违法行为、恢复原状或者限期拆除,没收违法所得,并处50万元以上100万元以下的罚款:___
A. 在风景名胜区内进行开山、采石、开矿等破坏景观、植被、地形地貌的活动的;
B. 在风景名胜区内修建储存爆炸性、易燃性、放射性、毒害性、腐蚀性物品的设施的;
C. 在核心景区内建设宾馆、招待所、培训中心、疗养院以及与风景名胜资源保护无关的其他建筑物的。
D. 改变水资源、水环境自然状态的活动的。
【多选题】
根据我国《国家赔偿法》的规定,赔偿请求人请求行政赔偿时效的计算,下列说法不正确的是:___
A. :从行政侵权行为实施之日起
B. :从行政侵权行为被知道之日起
C. :从行政侵权行为被依法确认之日起
D. :从行政侵权行为被起诉之日起
【多选题】
致人死亡的赔偿项目包括:___
A. :死亡赔偿金
B. :丧葬费
C. :护理费
D. :生活费
【多选题】
下列说法正确的是:___
A. :赔偿义务机关决定赔偿的,应当制作赔偿决定书,并自作出决定之日起十日内送达赔偿请求人
B. :赔偿义务机关决定不予赔偿的,应当自作出决定之日起十日内书面通知赔偿请求人,并说明不予赔偿的理由
C. :赔偿义务机关在规定期限内未作出是否赔偿的决定,赔偿请求人可以自期限届满之日起三个月内,向人民法院提起诉讼
D. :赔偿义务机关决定不予赔偿的,可以口头通知赔偿请求人
【多选题】
___行使职权侵犯公民、法人和其他组织的合法权益造成损害的,受害人有依照《国家赔偿法》取得国家赔偿的权利。
A. :国家机关
B. :国家工作人员
C. :国家机关工作人员
D. :工作人员
【多选题】
下列各项中,国家应承担赔偿责任的是:___
A. :警察李某在追捕逃犯过程中误将一无辜群众打伤
B. :工商局吊销违法个体户李某的营业执照,但错把个体户季某的营业执照吊销
C. :巡警王某下班回家见邻居往自家门口倒垃圾遂用电棍将邻居击伤
D. :某公安局长驾驶警车下班回家,将一路人撞伤
【多选题】
行政机关及其工作人员有下列哪些行为,造成公民身体伤害的,受害人有取得赔偿的权利?___
A. :违法拘留
B. :非法拘禁
C. :殴打、虐待
D. :违法使用武器、器械
【多选题】
国家机关工作人员违法对财产采取___等行政强制措施的,国家应予以赔偿。
A. :查封
B. :拍卖
C. :扣押
D. :冻结
【多选题】
提出行政赔偿的实质要件包括:___
A. :赔偿请求人必须具有请求权
B. :被请求人是赔偿义务机关
C. :赔偿请求事项必须符合法律规定的范围
D. :赔偿请求必须在法律规定的期限内提起
【多选题】
下列行为国家不应负赔偿责任的是:___
A. :某市公安局的违法拘留行为
B. :某省人民代表大会的立法行为
C. :某市银行的违法划拨存款行为
D. :某市卫生局在法律范围内的裁量行为
【多选题】
何某没有任何违法事实却被公安机关拘留。被释放后何某想提起国家赔偿,他可以提出以下哪些要求:___
A. :请求支付赔偿金
B. :请求公安机关赔礼道歉
C. :请求公安机关为其消除影响、恢复名誉
D. :请求追究相关人员刑事或行政责任
【多选题】
行政机关开展调查时,调查人员应当至少向被调查人出示___。
A. :身份证
B. :行政执法证件
C. :工作证件
D. :执法制服
【多选题】
行政机关作出重大行政决策应当遵循___的原则。
A. :依法决策
B. :科学决策、民主决策
C. :上级政府决策
D. :商讨决策
【多选题】
省人民政府规章报___备案。
A. :设区的市人民政府
B. :国务院
C. :省人民代表大会常务委员会
D. :省人民政府
【多选题】
有下列情形之一的,行政执法决定无效___。
A. :实施主体不具有行政执法主体资格的
B. :没有法定依据的
C. :其他重大且明 显违法的情形
D. :行政执法决定中部分被确认无效且其可以从中分离的其他部分
【多选题】
以下情形,行政机关不予受理申请___。
A. :申请事项不属于本行政机关职权范围的
B. :申请材料齐全,且 符合法定形式的
C. :申请材料不全或者不符合法定形式的
D. :申请事项属于本行政机关职权范围
【多选题】
行政协议___。
A. :依法应当经其他行政机关批准或者会同签订的,应当经批准或者会同签订
B. :应当以书面形式签订
C. :经双方签字后生效,依约定不能生效
D. :是为实现公共利益或者行政管理目的
【多选题】
以下情形___,行政机关应当在期限内办结。
A. :法律、法规和规章对行政执法事项有明确期限规定
B. :公民、法人和其他组织申请的期限
C. :行政机关作出行政执法决定,包括依法需要检验、检疫、检测等所需时间的期限
D. :行政机关对行政执法事项的办理期限作出 明确承诺的
【多选题】
行政机关应当建立行政执法内部管理制度,明确行政执法事项的()等职责和具体操作流程。___
A. :建立
B. :办理
C. :审核
D. :批准
【多选题】
同一行政执法系统内的联合执法,可以___依法作出。
A. :以上级行政机关的名义
B. :在各自的职权范围外
C. :在各自的职权范围内
D. :以下级行政机关的名义
【多选题】
行政执法监督的主要方式包括___。
A. :组织对法律、法规、规章实施情况开展监督检查
B. :组织对重点行政执法领域(事项)开展监督检查
C. :组织开展行政执法案卷评查工作
D. :对公民、法人或者其他组织依法提出的行政执法投诉举 报进行处理
【多选题】
依照《浙江省行政程序办法》的相关规定,法律、法规和规章对行政执法事项有明确期限规定的,行政机关必须在法定期限内办结;行政机关对行政执法事项的办理期限作出明确承诺的,应当在承诺期限内办结。下列哪些项目所需的时间,不计算在上述期限内?___
A. :检验
B. :公告
C. :听证
D. :拍卖
【多选题】
依照《浙江省行政程序办法》的相关规定,立法前的评估报告应当对哪些方面进行论证?___
A. :立法必要性
B. :立法可行性
C. :拟采取措施合法性
D. :拟采取措施合理性
【多选题】
有下列情形之一的,行政执法决定应当撤销或者变更:___
A. :主要证据不足
B. :超越职权
C. :没有法定依据
D. :明显不当
【多选题】
行政机关通过公告方式送达行政执法文书的,可以根据需要采取下列哪些做法?___
A. :在当地主要新闻媒体公告
B. :在受送达人住所地的村民委员会公告栏公告
C. :在受送达人经营场所的村民委员会公告栏公告
D. :在受送达人所在的村民委员会公告栏公告
【多选题】
行政机关作出行政执法决定所依据的证据类型包括:___
A. :当事人陈述
B. :物证
C. :法律条文
D. :证人证言
【多选题】
在哪些情形下,行政机关有权变更或者解除行政协议?___
A. :法律、法规或者规章规定变更或者解除的
B. :行政协议约定变更或者解除的条件成就的
C. :当事人在履行协议过程中,严重损害国家利益、公共利益的
D. :因国家利益、公共利益需要变更或者解除的
【多选题】
就《浙江省行政程序办法》的规定而言,行政机关应当依法保障公民、法人和其他组织的哪些权利?___
A. :知情权
B. :参与权
C. :表达权
D. :监督权
【多选题】
行政执法决定一般应载明下列哪些事项?___
A. :当事人的基本情况
B. :作出决定的事实、依据
C. :履行方式和期限
D. :行政机关名称、印章与决定日期
【多选题】
行政机关直接送达行政执法文书的,可以采取下列哪些做法?___
A. :通知受送达人到行政机关所在地领取
B. :到受送达人住所地直接送交受送达人
C. :到达约定地点直接送交受送达人
D. :通过电子邮件的形式交给受送达人
【多选题】
依照《浙江省行政程序办法》的相关规定,决定行政机关负责人的回避事项的方式有哪些?___
A. :由该行政机关负责人自行决定
B. :由上一级行政机关决定
C. :由该行政机关负责人集体讨论决定
D. :由同级法院院长决定
【多选题】
关于行政处罚的适用,表述正确的是___
A. :违法行为在一年内未被发现的,不再给予行政处罚
B. :对当事人的同一个违法行为,可以给予两次罚款的行政处罚
C. :不满14周岁的人有违法行为的,不予行政处罚
D. :实施行政处罚时,应当责令当事人改正违法行为
【多选题】
根据《行政处罚法》,下列哪项应当给予行政处罚___
A. :醉酒的人违反治安管理的
B. :王某16岁有违法行为的
C. :钱某的违法行为是因行政管理人员的过错造成的
D. :精神病人崔某在患病期间有违法行为的
【多选题】
除当场处罚外,行政机关发现公民、法人或其他组织有依法应当给予行政处罚的行为的,必须()地调查,收集有关证据___
A. :全面
B. :迅速
C. :客观
D. :公正
【多选题】
当事人对当场作出的行政处罚不服的,可通过哪些途径进行救济。___
A. :申请行政复议
B. :提起行政诉讼
C. :先申请行政复议后才能提起行政诉讼
D. :只能提起行政诉讼
【多选题】
下列表述正确的有___。
A. :行政机关作出处罚决定前,未告知当事人作出行政处罚的事实、理由和依据的,行政处罚不成立
B. :行政机关作出处罚决定前,未告知当事人作出行政处罚的事实理由和依据的,行政处罚不生效
C. :行政机关作出处罚决定时,拒绝听取当事人陈述、申辩的,行政处罚不成立
D. :行政机关作出处罚决定时,拒绝听取当事人陈述、申辩的,行政处罚不生效
