【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
推荐试题
【单选题】
监察机关采取留置措施,应当由监察机关领导人员集体研究决定。设区的市级以下监察机关采取留置措施,应当报上一级监察机关 。省级监察机关采取留置措施,应当报国家监察委员会 。___
A. 备案;备案;
B. 批准;批准;
C. 备案;批准;
D. 批准;备案;
【单选题】
以非法方法收集的证据, 。___
A. 涉案人员认可的,可以作为案件处置的依据;
B. 不合理的部分应当依法予以排除;
C. 可以根据实际情况部分采用;
D. 应当依法予以排除,不得作为案件处置的依据;
【单选题】
党的中央和省、自治区、直辖市委员会实行 制度,在一届任期内,对所管理的地方、部门、企事业单位党组织实现全覆盖。___
【单选题】
对于应当受到撤销党内职务处分,但是本人没有担任党内职务的,应当给予其 处分。___
A. 警告
B. 开除党籍
C. 严重警告
D. 留党察看
【单选题】
领导班子主要负责人和直接主管的班子成员在职责范围内承担 领导责任。___
【单选题】
留置时间不得超过 个月。在特殊情况下,可以延长 次,延长时间不得超过 个月。___
A. 三、一、三
B. 三、二、三
C. 三、一、二
D. 二、一、二
【单选题】
中国人民解放军和中国人民武装警察部队开展监察工作,由 根据监察法制定具体规定。___
A. 中央纪律检查委员会
B. 国家监察委员会
C. 全国人大常委会
D. 中央军事委员会
【单选题】
下列不属于“三不腐机制”是。___
A. 不敢腐的惩戒机制
B. 不敢腐的防范机制
C. 不能腐的防范机制
D. 不想腐的保障机制
【单选题】
某局局长何某,在只与班子成员逐个口头通报后,就任命办公室副主任李某为财务科科长。请问何某的行为违反组织纪律的哪一种情形?___
A. 违反议事规则
B. 违规选拔任用干部
C. 帮助他人骗取职务
D. 在干部晋升中为他人谋取利益
【单选题】
扫黑除恶专项斗争“两个一律”:对涉黑涉恶犯罪案件,一律深挖其背后腐败问题。对黑恶势力“关系网”、“保护伞”,一律 、绝不姑息。___
A. 追溯根源
B. 一查到底
C. 追查到底
D. 严查重处
【单选题】
李某为某乡镇扶贫工作宣传干事,多次编辑打油诗故意歪曲中央出台的扶贫政策发布在镇扶贫工作群中,造成严重不良影响。请问李某违反了什么纪律?___
A. 违反组织纪律
B. 违反群众纪律
C. 违反工作纪律
D. 违反政治纪律
【单选题】
监察机关对于案件中的问题,可以采取 鉴定措施。___
A. 一般性
B. 专门性
C. 特殊性
D. 普遍性
【单选题】
2018年3月,察布查尔县某局班子成员及下属多人参与“泰比勒克”邪教活动,并在公共场所组织非法游行活动,请问该局党委书记对此应负什么责任?___
A. 维护党的政治纪律不力
B. 维护党的组织纪律不力
C. 维护党的工作纪律不力
D. 维护党的群众纪律不力
【单选题】
利用职权或者职务上的影响为他人谋取利益,本人的配偶、子女及其配偶等亲属和其他特定关系人收受对方财物,情节较重的,给予 处分。___
A. 警告或者严重警告
B. 撤销党内职务
C. 留党察看
D. 开除党籍
【单选题】
拒不执行党组织的分配、调动、交流等决定的,给予 处分。___
A. 警告、严重警告或者撤销党内职务
B. 警告
C. 严重警告
D. 撤销党内职务
【单选题】
利用职权或者职务上的影响,违反有关规定占用公物归个人使用,时间超过 ,情节较重的,给予警告或者严重警告处分;情节严重的,给予撤销党内职务处分。___
A. 三个月
B. 六个月
C. 一年
D. 两年
【单选题】
执行党纪处分决定的机关或者受处分党员所在单位,应当在 内将处分决定的执行情况向作出或者批准处分决定的机关报告。___
A. 一个月
B. 三个月
C. 六个月
D. 一年内
【单选题】
要坚持思想教育、政策感化、纪法威慑相结合,把 贯穿在纪检监察工作全过程,帮助犯错误干部重回正道。___
A. 党性教育
B. 人文关怀
C. 安全
D. 思想政治工作
【单选题】
承办部门应当在谈话结束或者收到函询回复后 个月内写出情况报告和处置意见,按程序报批。___
【单选题】
被调查人既涉嫌严重职务违法或者职务犯罪,又涉嫌其他违法犯罪的,一般应当由 为主调查,其他机关予以协助。___
A. 检察机关
B. 司法机关
C. 执法部门
D. 监察机关
【单选题】
被函询人应当在收到函件后 个工作日内写出说明材料,由其所在党委(党组)主要负责人签署意见后发函回复。___
【单选题】
被调查人逃匿,在通缉 后不能到案,或者死亡的,由监察机关提请人民检察院依照法定程序,向人民法院提出没收违法所得的申请。 ___
A. 三个月
B. 六个月
C. 一年
D. 两年
【单选题】
最根本的党内法规,是管党治党的总规矩。___
A. 《中国共产党纪律处分条例》
B. 《中国共产党章程》
C. 《中国共产党党内监督条例》
D. 《中国共产党问责条例》
【单选题】
接到对干部 违纪问题的反映,应当及时找本人核实,谈话提醒、约谈函询,让干部把问题讲清楚。___
A. 一般性
B. 严重性
C. 特殊性
D. 经常性
【单选题】
为坚持党的领导,加强党的建设,全面从严治党,强化党内监督,保持党的 ,根据《中国共产党章程》,制定了 。___
A. 先进性;《中国共产党问责条例》
B. 先进性和纯洁性;《中国共产党党内监督条例》
C. 纯洁性;《关于党内政治生活若干准则》
D. 先进性;《关于新形势下党内政治生活的若干准则》
【单选题】
监察机构、监察专员对 它的监察委员会负责。___
A. 派驻
B. 派出
C. 派驻或者派出
D. 派遣
【单选题】
加强对党的各级组织和全体党员的教育、管理和监督,把纪律挺在前面,注重抓早抓小、防微杜渐,这体现 原则? ___
A. 党员在党纪面前人人平等原则
B. 实事求是原则
C. 坚持党要管党、全面从严治党原则
D. 民主集中制原则
【单选题】
最新的《中国共产党纪律处分条例》的溯及力遵循 原则。___
A. 从旧兼从重
B. 从旧兼从轻
C. 从新兼从重
D. 从新兼从轻
【单选题】
党的各级代表大会的代表受到 及以上处分的,党组织应当终止其代表资格。___
A. 党内严重警告
B. 撤销党内职务
C. 留党察看
D. 开除党籍
【单选题】
从轻处分,是指在本条例规定的违纪行为应当受到的处分幅度以内,给予 的处分。___
A. 较轻
B. 最轻
C. 减轻一档
D. 合理
【单选题】
发展党员,必须经过党的支部,坚持 的原则。___
A. 个别吸收
B. 五湖四海
C. 民主推荐
D. 讨论表决
【单选题】
初步核实工作结束后,承办部门应当综合分析初核情况,按照 ,或者移送有关党组织处理等方式提出处置建议。___
A. 拟立案审查调查、予以了结、谈话提醒、暂存待查
B. 谈话函询、拟立案审查、暂存待查、予以了结
C. 谈话函询、予以了结、留存待查、拟立案
D. 拟立案、谈话提醒、暂存、了结
【单选题】
年以上的党龄,党的省、自治区、直辖市、设区的市和自治州的委员会委员和候补委员必须有 年以上的党龄。___
A. 一、二、三
B. 一、三、五
C. 二、三、五
D. 二、三、三
【单选题】
对党的中央委员会和地方各级委员会的委员、候补委员,给以撤销党内职务、留党察看或开除党籍的处分,必须由本人所在的委员会全体会议 以上的多数决定。___
A. 半数
B. 三分之二
C. 四分之三
D. 五分之四
【单选题】
上级监察委员会 下级监察委员会的工作。___
A. 指导
B. 领导
C. 监督
D. 指导监督
【单选题】
对可能发生职务违法的监察对象,监察机关按照 ,可以直接或者委托有关机关、人员进行谈话或者要求说明情况。___
A. 管理权限
B. 法律规定
C. 领导指示
D. 会议研究决定
【单选题】
实施党纪处分,应当按照规定程序经 决定,不允许任何个人或者少数人擅自决定和批准。___
A. 党委
B. 党支部
C. 党组
D. 党组织集体讨论
【单选题】
某局局长孙某利用职务之便为企业老板潘某谋取利益,潘某为了感谢孙某,专门购买了一套房产,登记在潘某自己名下,并与孙某约定,以“永久性居住”的名义送给孙某。后孙某及其家人长期实际控制该套房产,但未办理过户。纪检监察机关对孙某启动初核后,孙某及其家人搬离该套房产。以下说法正确的是___
A. 该套房产未办理过户,且孙某在组织初核后搬出,孙某不构成受贿
B. 孙某构成受贿,金额以孙某购买该套房产的价格为准
C. 孙某构成受贿,金额以孙某及其家人实际控制该套房产时,该套房产的价格为准
D. 孙某构成受贿,金额以孙某及其家人实际控制该套房产时间内,该套房产应当产生的租金为准
【单选题】
监察机关行使监督、调查职权, 依法向有关单位和个人了解情况,收集、调取证据。___
A. 经授权
B. 经审批
C. 有权
D. 经请示
【单选题】
某党员干部占用公物达六个月,应给予警告处分,但同时该党员又违反规定从事营利活动,情节严重,应给予开除党籍处分,依据《中国共产党纪律处分条例》有关规定,对于该名同志的处分应该是 。___
A. 先警告再开除党籍
B. 开除党籍
C. 分别处理
D. 警告
