【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
推荐试题
【单选题】
负责营业网点超级柜台的生产监控、考核评价,检查监督业务操作的合规性的人员为( )。___
A. 前端服务员
B. 设备维护员
C. 业务查询员
D. 生产管理员
【单选题】
超级柜台备用钥匙如需启封,需经( )批准,使用完毕后要立即密封放入保险柜。___
A. 内勤行长
B. 网点负责人
C. 支行运营财会部负责人
D. 支行主管行长
【单选题】
超级柜台作业中心的身份审核员在受理客户身份信息审核业务时,下列哪项不属于审核要点( )。___
A. 检查系统获取的身份证信息是否清晰、完整和正确
B. 检查核对身份证联网核查结果是否一致
C. 检查联网核查照片、身份证照片与客户现场头像是否一致
D. 核实业务办理是否为客户意愿
【单选题】
日终,( )应查看超级柜台剩余银行卡张数,与核心系统中柜面经理凭证箱余额核对是否相符,并在《发卡明细表》上签字确认。___
A. 前端服务员
B. 设备维护员
C. 业务查询员
D. 生产管理员
【单选题】
因超级柜台设备故障或客户未及时取走而被吞没的卡片,以下处理方法正确的是( )。___
A. 剪角作废
B. 直接返还客户
C. 按照自助设备吞卡处理规定处理
D. 以上方法均可
【单选题】
开展离行上门服务的超级柜台,无线通讯SIM卡应由( )保管。___
A. 网点
B. 支行统一
C. 二级分行统一
D. 以上均可
【单选题】
超级柜台每次离行上门服务时间原则上不得超过( )个工作日。___
【单选题】
超级柜台开展离行上门服务,业务现场应至少有( )人在场。___
【单选题】
开展离行上门服务的超级柜台,每日营销结束后,设备应( )。___
A. 可放置于营销现场
B. 带回营业网点妥善保管
C. 带回支行妥善保管
D. 以上均可
【单选题】
营业网点结合监控录像,至少多长时间需抽查一次前端服务员审核确认操作是否规范。___
【单选题】
针对柜面经理指纹异常情况,各管辖行运营管理部可以根据相关规定和辖内实际情况,评估、决定是否采用( )方式。___
A. 密码+主管指纹授权认证
B. 密码认证
C. 密码+主管密码授权认证
D. 指纹认证
【单选题】
“密码+主管指纹授权认证”方式只允许对柜面经理类型为 ( )的柜面经理使用。___
A. 主管兼柜面经理
B. 纯主管
C. 九级主管
D. 柜面经理
【单选题】
网点一级(含)以上主管兼柜面经理、纯主管必须使用( )方式。___
A. 密码+主管指纹授权认证
B. 密码认证
C. 密码+主管密码授权认证
D. 指纹认证
【单选题】
现金中心、分支库保管区门控必须配备三个密钥,其中至少( )个是密码或指纹(掌纹)等。___
【单选题】
网点库日间出库的款箱(包)应按柜面经理现金箱管理相关规定执行。出入库时,( )或其授权人要清点核对款箱(包)个数。___
A. 网点负责人
B. 内勤行长
C. 主出纳
D. 柜面经理
【单选题】
自助设备一律不得采用_方式进行加钞。___
A. 补充加钞
B. 整体换箱
C. 整体换钞
D. 整体换箱和整体换钞
【单选题】
以下不属于现金类自助设备的是_。___
A. 自动取款机
B. 存取款一体机
C. 自动存款机
D. 自助服务终端
【单选题】
自助设备用钞的冠字号码记录工作由( )负责。___
A. 内勤行长
B. 钞箱管理员
C. 配钞机构
D. 设备管理员
【单选题】
自助设备不具备自动清机功能的应每_天至少人工清机一次。___
【单选题】
自助设备长短款应在清机日起( )个工作日内完成查找工作。___
【单选题】
自助设备在自动清机发生短款时,应在( )个工作日内启动人工清机。___
【单选题】
对于采用手动记账的通用账户,营业机构应逐笔勾对账户发生明细,核实业务发生的真实性,核对账务处理的准确性。___
【单选题】
用户号使用人员因请休假暂时离岗超过( )个工作日的,应暂停其用户号使用。___
【单选题】
用户号使用人员的操作权限,是根据其( )设定的。___
A. 工作分工
B. 岗位职责
C. 系统控制
D. 内控要求
【单选题】
人员调动、离职、被开除或其他原因不再使用的用户号,应在( )个工作日内完成注销。___
【单选题】
柜面经理岗位纳入( )岗位序列,其职责范围由总行运营管理部统一制定和调整。___
A. 专业类
B. 管理类
C. 操作类
D. 综合类
【单选题】
下列哪一项不是柜面经理的主要工作职责?( )___
A. 执行文明标准服务相关要求,在服务过程中识别客户需求,适时开展产品推介和柜面营销
B. 做好潜力客户转介和复杂产品销售转介工作
C. 做好智能服务区业务审核,在综合服务区操作智能设备无法办理的非现金业务
D. 积极配合做好各项内外部检查,以及职责权限范围内的其他工作
【单选题】
下列哪一项不属于柜面经理的培训内容?( )___
A. 网点常见业务与基础产品知识
B. 潜力客户识别及柜面营销技巧
C. 风险案例分析
D. 厅堂管理与营销环境打造
【单选题】
新入行柜面经理需进行不少于( )天的临柜实习。___
【单选题】
柜面经理全年累计学习培训时间不少于( )天(按一天6个学时计算)。___
【单选题】
高级柜面经理应由一级分行组织评定,总数不超过辖内柜面经理总数的( ),832个国家扶贫重点县高级柜面经理的比例上限按照( )掌握。___
A. 5%,10%
B. 8%,10%
C. 10%,15%
D. 10%,12%
【单选题】
柜面经理层级晋升考评项目包含业务水平和实际工作表现两大类。其中,不属于实际工作表现考评项目的是( )___
A. 业务量
B. 工作质量
C. 服务水平
D. 业务知识
【单选题】
晋升至柜面经理层级,须从事柜面工作满( )年,通过中级柜面经理岗位资格考试,年度考核结果为“称职”及以上,达到柜面经理考评标准。___
【单选题】
柜面经理考核内容主要包括业务量、工作质量、服务水平、日常行为表现等项目。其中,工作质量、服务水平指标权重合计占比不得少于( )。___
A. 0.4
B. 0.5
C. 0.6
D. 0.7
【单选题】
晋升至高级柜面经理层级,须大专及以上学历,从事柜面工作累计满( )年,通过高级柜面经理岗位资格考试,近两年年度考核结果为“称职”及以上且至少有一年为“良好”,达到高级柜面经理考评标准。___
【单选题】
( )是指营业网点拥有核心业务系统用户号,在高柜服务区进行业务操作,为客户提供金融服务,并在( )序列岗位工作的人员。___
A. 柜面经理
B. 大堂经理
C. 大堂保安
D. 内勤行长
【单选题】
( )负责本条线用印白名单梳理、发起和申请。___
A. 运营管理部
B. 业务部门
C. 内控与法律合规部
D. 安全保卫部
【单选题】
( )按照制度规定履行法律审查、合同管理等职责,负责本级行销毁临柜业务实物印章的监督与见证。___
A. 运营管理部
B. 业务部门
C. 内控与法律合规部
D. 安全保卫部
【单选题】
( )按照查库要求定期通过“印章校准”清点印章实物,“印章校准凭证”随网点当日传票保管。___
A. 用印审批岗
B. 印章普通用户
C. 印控仪操作岗
D. 内勤行长
【单选题】
营业机构应在临柜业务实物印章停用( )将其上缴至支行等上级管辖部门。___
A. 当日
B. 次日
C. 3日之内
D. 一周之内
