【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
推荐试题
【判断题】
危险化学品安全标签中安全措施应表述化学品在处置、搬运、存储和使用作业中所必须注意的事项和发生意外时简单有效的救护措施。
【判断题】
危险化学品应当储存在专用仓库、专用场地或者专用储存室内,并由专人负责。
【判断题】
生产经营单位发生事故后,应当及时启动应急预案,组织有关力量进行救援,不必将事故信息及应急预案启动情况报告安全生产监督管理部门和其他负有安全生产监督管理职责的部门。
【判断题】
危险化学品事故应急救援是指危险化学品由于各种原因造成或可能造成众多人员伤亡及其他社会危害时,为及时控制危险源,抢救受害人员,指导群众防护和组织撤离,清除危害后果而组织的救援活动。
【判断题】
装卸腐蚀品人员不能使用沾染异物和能产生火花的机具,作业现场须远离热源和火源。
【判断题】
用人单位与劳动者订立劳动合同时,可以不告知劳动者在工作过程中可能产生的职业病危害及其后果、职业病防护措施和待遇等。
【判断题】
用人单位应当依照法律、法规要求,严格遵守国家职业卫生标准,落实职业病预防措施,从源头上控制和消除职业病危害。
【判断题】
锅炉是把燃料的化学能变成热能,再利用热能把水加热成具有一定温度和压力的蒸汽的设备。
【判断题】
未取得职业卫生技术服务机构资质的,不得从事职业卫生检测、评价等技术服务。
【判断题】
劳动者接受职业健康检查应当视同正常出勤。
【判断题】
固定泡沫装置管线控制阀可设在防火堤内。
【判断题】
可燃物质的自燃点是一个固定不变的数值,它与其他因素无关。
【判断题】
任何场所的防火通道内,都要设置防火标志。
【判断题】
遇湿易燃物品灭火时严禁使用酸碱、泡沫灭火剂。
【判断题】
危险化学品的生产、储存、使用单位,应当在生产、储存和使用场所设置通讯、报警装置,并保证在任何情况下处于正常适用状态。
【判断题】
装卸和搬运爆炸品时,必须轻装轻卸,严禁摔、滚、翻以及拖、拉、摩擦、撞击,以防引起爆炸。
【判断题】
在工业生产中,有毒品侵入人体的主要途径是呼吸道、消化道和皮肤。
【判断题】
存放过放射性物品的地方,单位如果存放其他物品,单位应当指派专人负责进行彻底清洗。
【判断题】
在无法将作业场所中有害化学品的浓度降低到最高容许浓度以下时,工人必须使用个体防护用品。
【判断题】
安全技术措施计划制度是生产经营单位生产财务计划的一个组成部分,是提高经济效益的重要保证制度。
【判断题】
化学品安全标签里用UNNo.表示中国危险货物编号。
【判断题】
危险化学品安全技术说明书是一份关于危险化学品燃爆、毒性和环境危害以及安全使用、泄漏应急处理、主要理化参数、法律法规等方面信息的综合性文件。
【判断题】
国家对危险化学品生产、储存实行审批制度;未经审批,任何单位和个人都不得生产、储存危险化学品。
【判断题】
当危险化学品发生紧急事故后,可以按照危险化学品安全标签中提供的应急咨询电话和国家化学事故应急咨询电话对遇到的技术问题进行咨询。
【判断题】
享受因工伤残保险的的职工就算违法犯罪也不能被企业开除。
【判断题】
事故隐患分为一般事故隐患、较大事故隐患、重大事故隐患、特大事故隐患。
【判断题】
现场处置方案中重要物资装备的名录或清单应列出应急预案涉及的重要物资和装备名称、型号、存放地点等。
【判断题】
应急预案的管理遵循综合协调、分类管理、分级负责、属地为主的原则。
【判断题】
企业一旦发生重大危险源事故,本企业抢险抢救力量不足,不必请求社会力量援助。
【判断题】
演练实施过程中出现特殊或意外情况,演练总指挥可决定中止演练。
【判断题】
走私易制毒化学品的,由海关没收走私的易制毒化学品;有违法所得的,没收违法所得,并依照海关法律、行政法规给予行政处罚;构成犯罪的,依法追究刑事责任。
【判断题】
《非药品类易制毒化学品生产、经营许可办法》规定,国家对非药品类易制毒化学品的生产、经营实行许可制度。
【判断题】
装卸毒害品人员作业中不得饮食,不得用手擦嘴、脸、眼睛。每次作业完毕,应及时用肥皂(或专用洗涤剂)洗净面部、手部,用清水漱口,防护用具应及时清洗,集中存放。
【判断题】
新建的生产企业应当在竣工验收后办理危险化学品登记。
【判断题】
分离储存是在不同的建筑物或远离所有的外部区域内的储存方式。
【判断题】
电伤是电能转换成热能、机械能等其他形式的能量作用于人体,对人体造成的伤害。
【判断题】
《气瓶安全监察规程》规定,气瓶充装前,充装单位应有专人对气瓶逐只进行检查,确认瓶内气体并做好记录。
【判断题】
《压力容器安全技术监察规程》规定,压力容器的操作人员应持证上岗。
