【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
推荐试题
【判断题】
2019年1月1日起,居民个人从中国境内和境外取得的综合所得、经营所得,应当分别单独计算应纳税额;从中国境内和境外取得的其他所得,应当分别单独计算应纳税额。
【判断题】
居民个人抵免已在境外缴纳的综合所得、经营所得以及其他所得的所得税税额的限额,除国务院财政、税务主管部门另有规定外,来源于中国境外一个国家(地区)的综合所得抵免限额、经营所得抵免限额以及其他所得抵免限额之和,为来源于该国家(地区)所得的抵免限额。
【判断题】
个人从证券公司股东账户取得的利息所得,应按照个人所得税法规定的“利息、股息、红利所得”应税项目缴纳个人所得税,税款由其开立股东账户的证券公司代扣代缴
【判断题】
自2015年10月1日起,全国范围内的有限合伙制创业投资企业采取股权投资方式投资于未上市的中小高新技术企业满2年(24个月)的,该有限合伙制创业投资企业的法人合伙人可按照其对未上市中小高新技术企业投资额的70%抵扣该法人合伙人从该有限合伙制创业投资企业分得的应纳税所得额,当年不足抵扣的,不结转抵扣。
【判断题】
股权奖励的计税价格参照获得股权时的公平市场价格确定,非上市公司股权的公平市场价格,按照净资产法、类比法和其他合理方法选择确定。
【判断题】
律师事务所出资律师按“个体工商户的生产经营所得”缴纳个人所得税,雇员律师按“工资薪金所得”缴纳个人所得税。
【判断题】
依法批准设立的非营利性研究开发机构和高等学校(以下简称非营利性科研机构和高校)根据《中华人民共和国促进科技成果转化法》规定,从职务科技成果转化收入中给予科技人员的现金奖励,可减按50%计入科技人员计入“工资、薪金所得”,可分三十六个月缴纳个人所得税。
【判断题】
非营利性科研机构和高校在取得科技成果转化收入三年(36个月)内分次奖励给科技人员的现金,合并计算。
【判断题】
非营利性科研机构和高校向科技人员发放现金奖励,在填报《扣缴个人所得税报告表》时,应将当期现金奖励收入金额的50%与当月工资、薪金合并,计入“收入额”列。
【判断题】
正确符合科技人员取得职务科技成果转化现金奖励税收优惠条件的单位,向科技人员发放现金奖励时,实行备案管理。即在实际发放现金奖励的次月15日内,单位向主管税务机构报送《科技人员取得职务科技成果转化现金奖励个人所得税备案表》、相关证明材料。
【判断题】
天使投资个人采取股权投资方式直接投资于初创科技型企业满2年的,可以按照投资额的70%抵扣转让该初创科技型企业股权取得的应纳税所得额,初创科技型企业接受投资时设立时间不少于5年(60个月)
【判断题】
天使投资个人采取股权投资方式直接投资于初创科技型企业满2年的,可以按照投资额的70%抵扣转让该初创科技型企业股权取得的应纳税所得额,初创科技型企业接受投资时以及接受投资后5年内未在境内外证券交易所上市。
【判断题】
天使投资个人采取股权投资方式直接投资于初创科技型企业满2年的,可以按照投资额的70%抵扣转让该初创科技型企业股权取得的应纳税所得额,初创科技型企业接受投资当年及下一纳税年度,研发费用总额占成本费用支出的比例不低于30%。
【判断题】
享受天使投资个人税收优惠政策的天使投资个人,必须满足不属于被投资初创科技型企业的发起人、雇员或其亲属(包括配偶、父母、子女、祖父母、外祖父母、孙子女、外孙子女、兄弟姐妹),可以与被投资初创科技型企业存在劳务派遣等关系。
【判断题】
享受天使投资个人税收优惠政策的天使投资个人,必须满足投资后2年内,本人及其亲属持有被投资初创科技型企业股权比例合计应低于60%。
【判断题】
天使投资个人采取股权投资方式直接投资于初创科技型企业满2年的,可以按照投资额的70%抵扣转让该初创科技型企业股权取得的应纳税所得额,享受规定的税收政策的投资,仅限于通过向被投资初创科技型企业直接支付现金方式取得的股权投资,不包括受让其他股东的存量股权。
【判断题】
初创科技型企业接受天使投资个人投资满2年,在上海证券交易所、深圳证券交易所上市的,天使投资个人转让该企业股票时,按照现行限售股有关规定执行,其尚未抵扣的投资额,不予抵扣。
【判断题】
天使投资个人投资于种子期、初创期科技型企业的实缴投资满2年,投资时间从初创科技型企业接受投资并完成工商变更登记的日期算起。
【判断题】
合伙创投企业的个人合伙人符合享受优惠条件的,合伙创投企业应在投资初创科技型企业满2年的年度终了后3个月内,向合伙创投企业主管税务机关办理备案手续,合伙企业多次投资同一初创科技型企业的,可进行合并备案。
【判断题】
合伙创投企业应在投资初创科技型企业满2年后的第一个年度终了后3个月内,向合伙创投企业主管税务机关报送《合伙创投企业个人所得税投资抵扣情况表》
【判断题】
天使投资个人应在投资初创科技型企业满24个月的次月15日内,单独向初创科技型企业主管税务机关办理备案手续。
【判断题】
答案【试题解析】天使投资个人应在投资初创科技型企业满24个月的次月15日内,与初创科技型企业共同向初创科技型企业主管税务机关办理备案手续
【判断题】
个人股东获得转增的股本,应按照“工资、薪金所得”项目征收个人所得税。
【判断题】
自2016年1月1日起,全国范围内的中小高新技术企业以未分配利润、盈余公积、资本公积向个人股东转增股本时,个人股东一次缴纳个人所得税确有困难的,可根据实际情况自行制定分期缴税计划,在不超过3个公历年度内(含)分期缴纳,并将有关资料报主管税务机关备案。
【判断题】
自2016年1月1日起,全国范围内的高新技术企业转化科技成果,给予本企业相关技术人员的股权奖励,个人一次缴纳税款有困难的,可根据实际情况自行制定分期缴税计划,在不超过10个公历年度内(含)分期缴纳,并将有关资料报主管税务机关备案。
【判断题】
自2016年1月1日起,全国范围内的高新技术企业转化科技成果,给予本企业相关技术人员(包括主持企业全面生产经营工作的高级管理人员,负责企业主要产品(服务)生产经营合计占主营业务收入(或者主营业务利润)60%以上的中、高级经营管理人员)的股权奖励,个人一次缴纳税款有困难的,可根据实际情况自行制定分期缴税计划,在不超过5个公历年度内(含)分期缴纳,并将有关资料报主管税务机关备案。
【判断题】
非上市公司授予本公司员工的股票期权、股权期权、限制性股票和股权奖励,符合规定条件的,经向主管税务机关备案,可实行递延纳税政策,即员工在取得股权激励时可暂不纳税,递延至转让该股权时纳税;股权转让时,按照股权转让收入减除股权取得成本以及合理税费后的差额,适用“工资、薪金所得”项目
【判断题】
享受递延纳税政策的非上市公司股权激励,激励正确象应为公司董事会或股东(大)会决定的技术骨干和高级管理人员,激励正确象人数累计不得超过本公司最近12个月在职职工平均人数的30%。
【判断题】
享受递延纳税政策的非上市公司股权激励,股票(权)期权自授予日起应持有满5年,且自行权日起持有满1年;限制性股票自授予日起应持有满5年,且解禁后持有满1年;股权奖励自获得奖励之日起应持有满5年。上述时间条件须在股权激励计划中列明
【判断题】
享受递延纳税政策的非上市公司股权激励,股票(权)期权自授予日至行权日的时间不得超过5年。
【判断题】
个人以技术成果投资入股到境内居民企业,被投资企业支付的对价全部为股票(权)的,个人可选择适用递延纳税优惠政策选择技术成果投资入股递延纳税政策的,经向主管税务机关备案,投资入股当期可暂不纳税,允许递延至转让股权时,按股权转让收入减去技术成果原值和合理税费后的差额计算缴纳所得税。
【判断题】
自1999年7月1日起,科研机构、高等学校转化职务科技成果以股份或出资比例等股权形式给予个人奖励,获奖人在取得股份、出资比例时,暂不缴纳个人所得税;取得按股份、出资比例分红或转让股权、出资比例所得时,应依法缴纳个人所得税。在获奖人按股份、出资比例获得分红时,对其所得按“利息、股息、红利所得”应税项目征收个人所得税。获奖人转让股权、出资比例,对其所得按“财产转让所得”应税项目征收个人所得税,财产原值为零。
【判断题】
员工取得可公开交易的股票期权,在授予日按“利息、股息、红利所得”应税项目征收个人所得税。
【判断题】
员工取得可公开交易的股票期权后,转让该股票期权所取得的所得,属于“工资、薪金所得”
【判断题】
工资、薪金所得是属于非独立个人劳务活动,即在机关、团体、学校、部队、企事业单位及其他组织中任职、受雇而得到的报酬;劳务报酬所得则是个人独立从事各种技艺、提供各项劳务取得的报酬。两者的主要区别在于,前者存在雇佣与被雇佣关系,后者则不存在这种关系。
【判断题】
扣缴人的本单位人员在广告设计、制作、发布过程中取得的由本单位支付的所得,按劳务报酬所得项目计算纳税
【判断题】
个人经政府有关部门批准并取得执照举办学习班,培训班的,其取得的办班收入属于"经营所得"应税项目
【判断题】
个人无须经政府有关部门批准并取得执照举办学习班,培训班的,其取得的办班收入属于"经营所得"应税项目,应按税法规定计征个人所得税。
【判断题】
对电影制片厂为了拍摄影视片而临时聘请非本厂导演、演职人员,其所取得的报酬,应按“劳务报酬所得”应税项目计征个人所得税。
【判断题】
企业以现金形式发给个人的住房补贴、医疗补助费,应全额计入领取人的当期工资、薪金收入计征个人所得税。
