【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
推荐试题
【多选题】
下列物品中,旅游者在出境时需向海关申报的是___。
A. 一台价值 8900 元的单反相机
B. 一部价值 5700 元的苹果手机
C. 5000 欧元现金
D. 鲜肉月饼、香蕉、火腿肠
E. 重量为 60 克的金首饰一件
【多选题】
出入境时无须向海关申报,可从“绿色通道”通关的人员有___。
A. 持公务签证的人员
B. 持外交签证的人员
C. 持礼遇签证的人员
D. 持普通签证的人员
E. 携带无须向海关申报物品的普通游客
【多选题】
导游员在送散客赴机场或火车站途中应做的主要工作有___
A. 询问他们是否带好了行李物品
B. 向他们致欢送词
C. 征洵他们在本地停留期间的感受
D. 征询他们对服务的意见和建议
E. 代表旅行社对他们表示感谢
【多选题】
84、对旅客进行登机前的安全检查主要内容有 ___。
A. 证件检查
B. 签证检查
C. 行李检查
D. 身体检查
E. 出入境登记卡检查
【多选题】
游客购买并携带出境的文物,海关凭___查验放行。
A. 文物古籍部门加盖的鉴定标志
B. 文物古籍外销统一发票
C. 文化行政管理部门开具的《文物出境许可证》
D. 文化行政管理部门加盖的鉴定标志
E. 有游客签名的付款证明
【多选题】
中国海关规定___及其制品均不准携带出境。
A. 麝香
B. 虎骨
C. 鹿茸
D. 犀牛角
E. 熊胆
【多选题】
我国海关规定,游客在海外购买了___,无论数量多少,回国时都必须申报和交验。
A. 录音带
B. 杂志
C. 保健品
D. 烟丝
E. 唱片
【多选题】
加入国际航空天合联盟的中国航空公司有___。
A. 中国国航
B. 东方航空
C. 厦门航空
D. 深圳航空
E. 国泰航空
【多选题】
关于火车票遗失补办,的说法中,正确的是___。
A. 如果购票后丢失车票,失主应不晚于票面乘车站停止检票时间前60 分钟到车站售票窗口办理挂失补办
B. 挂失补办时,失主提供购票时所使用的有效身份证件原件
C. 旅客购票后乘车前未办理车票挂失补办或者乘车后丢失车票的,应另行购票
D. 在列车上自丢失站起 ( 不能判明时从列车始发站起) 补收票价,核收手续费
E. 车票遗失补办时,车站按规定核收补票的手续费
【多选题】
旅客不得在托运行李内放置的物品有___。
A. 家用菜刀
B. 锂电池
C. 打火机
D. 高度白酒
E. 户外氧气瓶
【多选题】
导游人员调节游客的观赏节奏应该做到 ___
A. 有张有弛,劳逸结合
B. 有急有缓,快慢相宜
C. 有收有发,详略得当
D. 有讲有停,导游结合
E. 有动有静,动静结合
【多选题】
接待有特殊身份和地位游客,导游人员应注意___。
A. 要有自信心
B. 把握政策尺度
C. 提前做好相关知识准备
D. 随时向领导请示、汇报
E. 合理统筹安排
【多选题】
航空客票的经济舱又分不同的座位等级,低舱位与高舱位享受的服务也不同,主要体现在___等方面。
A. 优先登机
B. 提前预定机上座位
C. 是否允许退票
D. 餐食服务
E. 距离安全出口远近
【多选题】
导游员接到旅游者投诉后,正确的处理方式是___。
A. 认真倾听,主动与旅游者沟通
B. 如果旅游者提出的问题中有不合理成分,导游员可以进行辩驳
C. 在接到投诉后,导游员要进行全面的调查,并向有关部门核实
D. 对服务缺陷进行弥补,设法与有关部门商定弥补方案
E. 注意保护投诉者的隐私
【多选题】
一旦发现旅游者疑为细菌性食物中毒,导游应该___。
A. 立即让游客禁食,同时协助患者反复催吐
B. 若旅游者集体中毒,应报告卫生防疫部门、接待社和旅游行政管理部门
C. 封存患者所食用的食物和呕吐物,带到医院协助诊断
D. 记录医生的救治过程
E. 送医院救治时,要求医生开具诊断证明,写明中毒原因
【多选题】
为尽量减少旅游过程中旅游交通故障的发生概率,导游应做好以下预防措施___。
A. 安排观光路线要考虑当地的交通路况
B. 上团前,务必提醒车队和司机对车辆进行全面的检修
C. 上团前,要把行程向司机提前预报
D. 为确保旅游者安全,应安排他们尽量在前排就坐
E. 不要催促司机开快车
【多选题】
某游客在旅游前购买了旅游意外保险,在旅游中因交通事故受重伤住院。为向保险公司索赔,导游应帮助其收集___等证据。
A. 医院诊断证明
B. 化验单据
C. 公安部门的交通事故证明
D. 旅行社证明
E. 其他游客证词
【多选题】
导游员在接受散客接待任务后,应当详细阅读接待计划,明确___。
A. 旅游车的档次
B. 抵达本地的日期(时间)、航班(车次)
C. 下榻的饭店
D. 所接游客姓名
E. 提供哪些服务项目
【多选题】
为了保证旅游者在发生火灾时能尽快疏散,导游员应___。
A. 熟悉饭店楼层安全出口的位置
B. 熟悉饭店楼层电梯间的位置
C. 提醒游客阅读客房内的安全避险线路示意图
D. 提醒游客阅读客房内的服务指南
E. 掌握领队和全体游客的房间号码
【判断题】
“专职导游”是指旅行社正式导游,他们与旅行社签有正式的用工合同
【判断题】
旅游行业的核心价值观是“游客为本、服务至诚”
【判断题】
世界上第一次有商业性导游陪同的旅游活动,是托马斯•库克 1841 年组团到苏格兰的旅行
【判断题】
导游服务是脑力劳动和体力劳动的高度结合,没有大专以上文化程度是做不好导游工作的
【判断题】
小包价旅游团由旅行社提供的服务项目包括城市间往返交通、各地住宿和导游服务
【判断题】
导游领队人员应主动提醒旅游者尊重当地风俗习惯、宗教禁忌。在有支付小费习惯的国家和地区,应向旅游者收取小费主动向服务人员支付小费
【判断题】
导游接受游客委托办事,宜选择“我办事、你放心”类语言使客人放心
【判断题】
旅游者患一般性疾病,导游可建议其离团休息,并告知医疗费用自理
【判断题】
导游讲解的虚实结合法,要求导游不能只讲故事和传说,还应当进一步说明故事和传说反映的历史事实或者科学的原理
【判断题】
根据民航局的规定,出生不足 14 天的婴儿和醉酒的旅客不得乘坐民航客机
【判断题】
个性化服务又称标准化服务,它是导游人员按照规范化服务的要求落实旅游接待计划之外,为满足部分游客或个别游客的合理需求而提供的服务
【判断题】
在汽车行进途中,导游要多与司机闲聊,避免司机疲劳驾驶
【判断题】
高质量导游服务的三要素是语言、知识和态度
【判断题】
导游职业道德三大意识是政治意识、敬业意识和服务意识
【判断题】
对于提供涉外导游服务的导游人员,还应牢记“内外有别”的原则,在工作中多 请示汇报,切忌自作主张,更不能做违法乱纪的事
【判断题】
导游员不能向游客推销商品,更不能向商家索要回扣
【判断题】
2016 年 8 月国家旅游局下发《关于深化导游体制改革加强导游队伍建设的意见》,宣布取消导游资格证三年有效的规定,明确导游资格证终身有效
【判断题】
各类导游人员由于其工作性质、工作对象、工作范围和时空条件各不相同,职责重点也有所区别,基本职费也不同
【判断题】
导游服务质量的优劣,直接影响着旅游产品的销售,这是导游服务具有信息反馈作用的具体体现
【判断题】
在旅游过程中,导游人员要以身作则,遵守文明旅游规范,并引导旅游者开展文明旅游活动,这是导游人员的基本职责
【判断题】
导游人员可以适当使用香水,但应注意适量,以 3 米左右的距离内能闻到香味较为合适
