【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
推荐试题
【判断题】
单人操作时若需进行登高或登杆操作,应做好相应的安全措施
【判断题】
在发生人身触电事故时,可以不经许可,即行断开有关设备的电源,但事后应立即报告调度控制中心(或设备运维管理单位)和上级部门
【判断题】
手动切除交流滤波器(并联电容器)前,应检查系统有足够的备用数量,保证满足当前输送功率无功需求
【判断题】
同一变电站的操作票应事先连续编号,计算机生成的操作票应在正式出票前连续编号,操作票按编号顺序使用
【判断题】
部分停电的工作,是指高压设备部分停电,或室内虽全部停电,而通至邻接高压室的门并未全部闭锁的工作
【判断题】
事故紧急抢修应填用工作票,或事故紧急抢修单
【判断题】
运维人员实施不需高压设备停电或做安全措施的变电运维一体化业务项目时,可不使用工作票,但应以书面形式记录相应的操作和工作等内容
【判断题】
工作票应使用黑色或蓝色的钢(水)笔或圆珠笔填写与签发,一式两份,内容应对、填写应清楚,不得任意涂改
【判断题】
承发包工程中,工作票可实行“双签发”形式
【判断题】
第一种工作票所列工作地点超过两个,或有两个及以上不同的工作单位(班组)在一起工作时,可采用总工作票和分工作票
【判断题】
总工作票应在分工作票许可后才可许可;总工作票应在所有分工作票终结后才可终结
【判断题】
一个工作负责人可以同时执行多张工作票,工作票上所列的工作地点,以一个电气连接部分为限
【判断题】
一个电气连接部分是指:电气装置中,可以用断路器(开关)同其他电气装置分开的部分
【判断题】
一台变压器停电检修,其断路器(开关)也配合检修,且同时停、送电,可使用同一张工作票
【判断题】
在同一变电站内,依次进行的同一类型的带电作业可以使用一张带电作业工作票
【判断题】
第二种工作票和带电作业工作票可在进行工作前一日预先交给工作许可人
【判断题】
工作票有破损不能继续使用时,应补填新的工作票。补填的工作票不需再次履行签发许可手续
【判断题】
专责监护人应是具有相关工作经验,熟悉设备情况和本规程的人员
【判断题】
专责监护人临时离开时,应指定一名工作人员担任临时监护人
【判断题】
工作期间,工作负责人若因故暂时离开工作现场时,应指定能胜任的人员临时代替,离开前应将工作现场交待清楚,并告知工作许可人
【判断题】
在同一电气连接部分用同一张工作票依次在几个工作地点转移工作时,全部安全措施由运维人员在开工前一次做完,不需再办理转移手续
【判断题】
只有在同一停电系统的所有工作票都已终结,并得到值班调控人员或运维负责人的许可指令后,方可合闸送电
【判断题】
禁止在只经断路器(开关)断开电源或只经换流器闭锁隔离电源的设备上工作
【判断题】
在电气设备上工作,对难以做到与电源完全断开的检修设备,可以不拆除设备与电源之间的电气连接
【判断题】
表示设备断开和允许进入间隔的信号、经常接入的电压表等,如果指示有电,在排除异常情况前,禁止在设备上工作
【判断题】
装设接地线应由两人进行(经批准可以单人装设接地线的项目及运维人员除外)
【判断题】
降压变电站全部停电时,应将各个可能来电侧的部分断开,其余部分不必每段都装设接地线或合上接地刀闸(装置)
【判断题】
由于设备原因,接地刀闸与检修设备之间连有断路器(开关),在接地刀闸和断路器(开关)合上后,应有保证断路器(开关)不会分闸的措施
【判断题】
所有配电装置的适当地点,均应设有与接地网相连的接地端,接地电阻应合格
【判断题】
接地线应使用专用的线夹固定在导体上,也可用缠绕的方法进行接地或短路
【判断题】
高压回路上的工作,必须要拆除全部或一部分接地线后始能进行工作者,如果是根据调控人员指令装设的接地线,应征得工作负责人的许可,方可进行
【判断题】
每组接地线及其存放位置均应编号,接地线号码与存放位置号码应一致
【判断题】
装、拆接地线,应作好记录,交接班时应交待清楚
【判断题】
在工作地点应设置“从此进出!”的标示牌
【判断题】
禁止作业人员擅自移动或拆除遮栏(围栏)、标示牌
【判断题】
进行地电位带电作业,35kV及以下的带电设备不能满足带电作业过程中人身与带电体的最小安全距离时,应采取可靠的绝缘隔离措施
【判断题】
避雷器及密封不良的设备不宜进行带电水冲洗
【判断题】
每次带电水冲洗前都应用合格的水阻表测量水电阻率,应从水枪进口处取水样进行测量
【判断题】
带电水冲洗时,其大、中型水枪喷嘴均应可靠接地
