【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
推荐试题
【判断题】
进出境快件通关应当在经海关批准的专门监管场所内进行
【判断题】
运营人应当在海关对进出境快件的专门监管场所内设有符合海关监管要求的专用场地、仓库和设备
【判断题】
快件运营人开展业务前,应已经领取工商行政管理部门颁发的《企业法人营业执照》,准予或者核定其经营进出境快件业务
【判断题】
运营人应当按照海关的要求采用纸质文件的方式向海关办理进出境快件的报关手续
【判断题】
依据《中华人民共和国进境物品归类表》规定,婴幼儿奶粉税率为30%
【判断题】
依据《中华人民共和国进境物品归类表》规定,酒精饮料税率为30%
【判断题】
依据《中华人民共和国进境物品归类表》规定,香烟税率为30%
【判断题】
依据《中华人民共和国进境物品归类表》规定,纺织品及其制成品税率为30%
【判断题】
小李从境外网购了一双耐克运动鞋,购买价格折合人民币390元。其通过快件渠道邮寄进境,需依法缴纳进境物品进口税60元
【判断题】
《中华人民共和国进境物品完税价格表》未列明完税价格的物品,按照相同物品相同来源地最近时间的主要市场零售价格确定其完税价格
【判断题】
《中华人民共和国进境物品完税价格表》中规定的高档手表是指审定价格在人民币20000元及以上的手表
【判断题】
《中华人民共和国进境物品完税价格表》规定,对02000000税号项下的各类酒,单瓶容量超出750毫升的,每满750毫升按照1瓶计征税赋,超出部分不足750毫升的不予计算
【判断题】
《中华人民共和国进境物品归类表》未列名的物品,应按其主要功能(或用途)归入相应类别
【单选题】
进口货物的收货人、受委托的报关企业应当自运输工具申报进境之日起()日内向海关申报。___
【单选题】
进口转关运输货物的收货人、受委托的报关企业应当自运输工具申报进境之日起()日内,向进境地海关办理转关运输手续,有关货物应当自运抵指运地之日起()日内向指运地海关申报。___
A. 三,七
B. 七,七
C. 七,十四
D. 十四,十四
【单选题】
出口货物发货人、受委托的报关企业应当在货物运抵海关监管区后、装货的()小时以前向海关申报。___
A. 十二
B. 二十四
C. 四十八
D. 九十六
【单选题】
电子数据报关单经过海关计算机检查被退回的,视为海关不接受申报,进出口货物收发货人、受委托的报关企业应当按照要求修改后重新申报,申报日期为()的日期。___
A. 海关接受首次申报
B. 海关接受重新申报
C. 企业首次申报
D. 企业重新申报
【单选题】
海关审结电子数据报关单后,进出口货物的收发货人、受委托的报关企业应当自接到海关“现场交单”或者“放行交单”通知之日起()日内,持打印出的纸质报关单,备齐规定的随附单证并且签名盖章,到货物所在地海关递交书面单证并且办理相关海关手续。___
【单选题】
在进出口货物的品名、规格、数量等已确定无误的情况下,经批准的企业可以在进口货物启运后、抵港前或者出口货物运入海关监管作业场所前()日内,提前向海关办理报关手续,并且按照海关的要求交验有关随附单证、进出口货物批准文件及其他需提供的证明文件。___
【单选题】
特殊情况下,经海关批准,进出口货物的收发货人、受委托的报关企业可以自装载货物的运输工具申报进境之日起()内向指定海关办理集中申报手续。___
A. 15天
B. 1个月
C. 2个月
D. 3个月
【单选题】
下列进出口货物报关单应当随附的单证中,海关应留存正本的是___
A. 合同
B. 载货清单(舱单)
C. 进出口许可证件
D. 代理报关授权委托协议
【单选题】
海关已签发的报关单证明联、核销联因遗失、损毁等特殊情况需要补签的,进出口货物的收发货人、受委托的报关企业应当自原证明联签发之日起()内向海关提出书面申请,并且随附有关证明材料,海关审核同意后,可以予以补签。海关在证明联、核销联上注明“补签”字样。___
A. 3个月
B. 6个月
C. 1年
D. 两年
【单选题】
出口货物放行后,由于装运、配载等原因造成原申报货物部分或者全部退关、变更运输工具的,当事人可以向原接受申报的海关办理进出口货物报关单修改或者撤销手续,当事人应当向海关提交《进出口货物报关单修改/撤销表》和():___
A. 计算机、网络系统运行管理方出具的说明材料
B. 退关、变更运输工具证明材料
C. 全面反映贸易实际状况的发票、合同、提单、装箱单等单证,并如实提供与货物买卖有关的支付凭证以及证明申报价格真实、准确的其他商业单证、书面资料
D. 《进口货物直接退运表》
【单选题】
根据贸易惯例先行采用暂时价格成交、实际结算时按商检品质认定或者国际市场实际价格付款方式需要修改申报内容的,当事人可以向原接受申报的海关办理进出口货物报关单修改或者撤销手续,当事人应当向海关提交《进出口货物报关单修改/撤销表》和():___
A. 计算机、网络系统运行管理方出具的说明材料
B. 退关、变更运输工具证明材料
C. 全面反映贸易实际状况的发票、合同、提单、装箱单等单证,并如实提供与货物买卖有关的支付凭证以及证明申报价格真实、准确的其他商业单证、书面资料
D. 《进口货物直接退运表》
【单选题】
已申报进口货物办理直接退运手续,需要修改或者撤销原进口货物报关单的,当事人可以向原接受申报的海关办理进出口货物报关单修改或者撤销手续,当事人应当向海关提交《进出口货物报关单修改/撤销表》和():___
A. 计算机、网络系统运行管理方出具的说明材料
B. 退关、变更运输工具证明材料
C. 全面反映贸易实际状况的发票、合同、提单、装箱单等单证,并如实提供与货物买卖有关的支付凭证以及证明申报价格真实、准确的其他商业单证、书面资料
D. 《进口货物直接退运表》
【单选题】
由于计算机、网络系统等技术原因导致电子数据申报错误的。当事人可以向原接受申报的海关办理进出口货物报关单修改或者撤销手续,当事人应当向海关提交《进出口货物报关单修改/撤销表》和():___
A. 计算机、网络系统运行管理方出具的说明材料
B. 退关、变更运输工具证明材料
C. 全面反映贸易实际状况的发票、合同、提单、装箱单等单证,并如实提供与货物买卖有关的支付凭证以及证明申报价格真实、准确的其他商业单证、书面资料
D. 《进口货物直接退运表》
【单选题】
海关发现进出口货物报关单需要修改或者撤销,可以向当事人制发《进出口货物报关单修改/撤销确认书》,通知当事人要求修改或者撤销的内容,当事人应当在()内对进出口货物报关单修改或者撤销的内容进行确认,确认后海关完成对报关单的修改或者撤销。___
【单选题】
征收进口货物滞报金应当按()计征。___
【单选题】
征收进口货物滞报金应当按日计征,以自运输工具申报进境之日起第()日为起征日,以海关接受申报之日为截止日,起征日和截止日均计入滞报期间,另有规定的除外。___
【单选题】
进口货物收货人申报后依法撤销原报关单电子数据重新申报的,以()之日起第十五日为起征日。___
A. 重新申报
B. 撤销原报关单
C. 运输工具申报进境
D. 海关接受重新申报
【单选题】
滞报金的日征收金额为进口货物完税价格的()。___
A. 万分之零点五
B. 千分之零点五
C. 百分之零点五
D. 百分之五
【单选题】
进口货物收货人向海关传送报关单电子数据申报后,未按照海关总署规定递交报关单及随附单证,海关予以撤销报关单电子数据处理。进口货物收货人重新向海关申报,产生滞报的,应以()起第十五日为滞报金起征日。___
A. 运输工具申报进境之日
B. 海关撤销电子数据之日
C. 企业重新申报之日
D. 海关接受企业重新申报之日
【单选题】
报关单修改和撤销各业务环节应加强联系配合,保证作业效率。对不涉及其他部门或业务环节配合且满足修改和撤销管理要求的报关单应在()个工作日内完成初核、复核、修改或者撤销作业。___
【单选题】
产生滞报的进口货物属于政府间或国际组织无偿援助和捐赠用于救灾、社会公益福利等方面的进口物资或其他特殊货物的,其收货人应向海关提交经有关主管部门出具的书面证明文件,经海关核实后视情核批。如滞报属于非收货人自身原因造成的,免征滞报金;如滞报属于收货人自身原因造成的,按应征滞报金金额的()征收滞报金。___
A. 万分之零点五
B. 千分之零点五
C. 百分之零点五
D. 百分之五
【单选题】
征收进口货物滞报金应当按日计征,以自运输工具申报进境之日起第十五日为起征日,以海关接受申报之日为截止日,(),另有规定的除外。___
A. 起征日计入滞报期间,截止日不计入滞报期间
B. 起征日不计入滞报期间,截止日计入滞报期间
C. 起征日和截止日均计入滞报期间
D. 起征日和截止日均不计入滞报期间
【单选题】
对符合减免滞报金规定的进口货物,其收货人应于收到海关签发的滞报金缴款通知书之日起()个工作日内,以书面形式(加盖单位公章)向申报地海关提出减免滞报金的申请,并随附有关书面证明材料,经海关审核后办理滞报金减免核批手续。___
【单选题】
滞报金的起征点为人民币()元。___
A. 50
B. 100
C. 200
D. 500
【单选题】
以下哪种情况不适用于暂时进出口?___
A. 广州亚运会国外选手参赛器具
B. 北京国际车展参展车辆
C. 天津大学开展某个国际合作科技项目所需进境科研设备
D. 某公司在国外承包铁路建设所需出境设备
【单选题】
使用货物暂准进口单证册暂时进境的货物种类包括:___
A. 在展览会、交易会、会议及类似活动中展示或者使用的货物
B. 文化、体育交流活动中使用的表演、比赛用品
C. 开展科研、教学、医疗活动使用的仪器、设备和用品
D. 进行新闻报道或者摄制电影、电视节目使用的仪器、设备及用品
【单选题】
使用“ATA单证册”暂时进境的货物限于()。___
A. 我国加入的有关货物暂准进口的国际公约中规定的货物
B. 国家法律、行政法规规定的货物
C. 地方性法规、部门规章规定的货物
D. 海关总署规章规定的货物
