【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
推荐试题
【多选题】
关于铜承力索优缺点,以下说法正确的 有()。___
A. 导电性好
B. 抗腐蚀性强
C. 价格较高
D. 机械性能比钢 承力索高
【多选题】
关于吊索的安装要求,正确的是()。___
A. 吊索长度必须 符合规定,误 差 不 超 过 ± 50mm(两心形 环的外缘之间 的距离)
B. 钳压管的压接必须符合要求
C. 钳压管与心形 环连接处必须 密贴
D. 吊 索 线 应 顺 直,不得有弯 曲、变形或散 股
【多选题】
下列哪些是接触线的线材型号()。___
A. GJ-70
B. TJ-180
C. CTAH120
D. Ris120
【多选题】
以下属于接触轨授流方式的是()。___
A. 上部授流方式
B. 下部授流方式
C. 侧部授流方式
D. 局部授流方式
【多选题】
下列有关分段绝缘器与列车行车方向的相对安装方向的选项不正确的是()。___
A. 刚性悬挂接触、网分段绝缘器 、长导流板端为 、车辆受电弓出弓侧。
B. 短导流板端为 车辆受电弓进 入侧
C. 刚性悬挂接触 网分段绝缘器 长导流板端为 车辆受电弓出 弓侧,短导流 板端为车辆受 电弓进入侧。
D. 刚性悬挂接触 网分段绝缘器 长导流板端为 车辆受电弓进 入侧,短导流 板端为车辆受 电弓出弓侧。
【多选题】
接触网隔离闸刀是轨道交通接触网牵引供电系统的重要设备之一,主要用于接触网的()。___
A. 故障切除
B. 分段停电检修
C. 分段停电作业
D. 改变供电运行方式
【多选题】
设立锚段便于在接触线和承力索两端设置补偿装置,以调整线索的()。___
【多选题】
架空接触网缺陷分为()。___
A. 制造缺陷
B. 供电运营
C. 管理缺陷
D. 施工或维修缺陷
【多选题】
以下不属于支持装置的作用是()。___
A. 用来将接触线固定在设计的 位置上,并承受导线所受的 风力、之字力和曲线上的水 平分力
B. 用来支持和悬 吊接触悬挂, 将接触悬挂的 负荷传递给支柱B
C. 用来将接触线 固定在一定位 置上,并承受导线所受的一切外力
D. 用来支持悬吊腕臂,将接腕臂的负荷传递 给支柱
【多选题】
评价接触网弓网受流性能优劣与否包括以下哪个方面()?___
A. 接触线和受电弓之间的压力
B. 接触线高度
C. 接触线与受电弓的接触状态
D. 离线的燃弧持续时间
【多选题】
柔性接触网拉出直线段为( )曲线段为( )___
A. 正负300mm
B. 正负250mm
C. 正负200mm
D. 正负350mm
【多选题】
图纸中必要的尺寸包括( )、( )、( )。___
A. 规格尺寸
B. 装配关系尺寸
C. 工艺尺寸
D. 安装尺寸
E. 允许尺寸
【多选题】
接触网平面图一般可分为( )平面图和( )平面图。___
A. 地面接触网
B. 隧道接触网
C. 接触网站场
D. 接触网区间
【多选题】
连接零件包括连接器、()、长定位环、套管绞环、()、接触线及承力索接头线夹。___
A. 定位环
B. 支持器
C. 定位线夹
D. 套管双耳
【多选题】
接触网零件发展的方向是采用优质材料,实现挤压成型模式,并要求零件结构新颖、( )、( )。___
A. 载荷能力强
B. 强度高
C. 重量轻
D. 防腐性能好
【多选题】
零件的刚度分为( )和( )两种。___
A. 表面接触刚度
B. 表面变形刚度
C. 整体变形刚度
D. 整体接触刚度
【多选题】
为了提高零件的整体刚度,( )或( )。___
A. 增大截面的惯性矩
B. 增大截面的防腐措施
C. 增大截面应力
D. 可增大零件截面尺寸
【多选题】
影响零件寿命的主要因素有:()、___以及相对运动零件接触表面的磨损等三方面。(AB)
A. 材料的疲劳
B. 材料的腐蚀
C. 零件尺寸大小
D. 环境状况
【多选题】
影响零件疲劳强度的主要因素有( )、( )、( )。___
A. 应力集中
B. 载荷能力强
C. 绝对尺寸
D. 表面状态
【多选题】
磨耗从成因上讲,可以分为( )、( )和( )。___
A. 物理磨耗
B. 电气磨耗
C. 化学磨耗
D. 机械磨耗
【多选题】
磨损主要有( )、( )、( )和( )。___
A. 粘着磨损
B. 接触疲劳磨损
C. 磨料磨损
D. 腐蚀磨损
【多选题】
电气磨耗是指( )和( )。___
A. 粘结磨耗
B. 电离子转移
C. 颗粒磨耗
D. 电弧烧损
【多选题】
机械磨耗分为( )和( )___
A. 粘结磨耗
B. 电离子转移
C. 颗粒磨耗
D. 电弧烧损
【多选题】
软、硬横跨形式的支持定位装置主要包括( ),( )和吊弦等。___
A. 横向承力索
B. 上、下部定位绳
C. 定位器
D. 馈线
【多选题】
定位器具有一定的倾斜度,其倾斜度规定在( )~( )之间。___
A. 1:5
B. 1:0.5
C. 1:2
D. 1:10
【多选题】
支柱在接触网中的作用可分为( )、转换支柱、( )、( )、( )、道岔支柱等几种。___
A. 中间支柱
B. 中心支柱
C. 定位支柱
D. 锚柱
【多选题】
刚性架空接触网悬挂点的正线最大跨距:曲线为( )m,直线为( )m。___
A. 5~7
B. 7~9
C. 9~10
D. 10~11
【多选题】
隔离开关的触头要有足够的( )和( )。___
A. 粘合力
B. 压力
C. 摩擦力
D. 自清扫能力
【多选题】
按锚段关节的所含跨距数可分为( )、( )、( )、( )等几种不同形式。___
【多选题】
中国电气化铁路建设初期,采用的是铜接触线,主要型号为( )、( )、( )型。___
A. TCG-85
B. TCG-100
C. TCG-110
D. TCG-120
【多选题】
采用合金的目标是提高接触线的( )、( )和( )___
A. 抗拉强度
B. 耐磨耗性能
C. 导电性能
D. 高温软化性能
【多选题】
吊弦一般有环节吊弦、活动吊弦、( )吊弦和( )吊弦。___
【多选题】
验电和装设、拆除接地线,必须由( )人进行,()人操作,1人监护,其岗位等级分别不低于初级(包括初级)。___
【多选题】
紧固件具有良好的结构工艺性,是指( )___
A. 结构合理
B. 抗破坏性强
C. 适配性好
D. 工艺精致
【多选题】
交流爬距级别1、2、3分别表示爬距为( )mm、( )mm、( )mm的产品。___
A. 1000
B. 1200
C. 1400
D. 1500
【多选题】
绝缘件闪络电压的大小主要取决于( )。___
A. 温度
B. 环境
C. 工作电压
D. 受力大小
【多选题】
由于绝缘件处于空气之中,( )等因素会导致绝缘性能下降,产生沿面气体放电现象。___
A. 表面破损
B. 瓷釉剥落
C. 污秽受潮
D. 过电压
【多选题】
接触网常用的绝缘子有悬式、( )、针式和( )四种类型。___
A. 棒式
B. 柱式
C. 圆柱式
D. 套管式
【多选题】
棒式绝缘子用在( )等处。___
A. 绝缘腕臂
B. 隧道内悬挂
C. 隧道内定位
D. 刚性悬挂
【多选题】
绝缘子电气性能用( )表示。___
A. 干闪
B. 湿闪
C. 耐压
D. 击穿电压
