【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
推荐试题
【单选题】
___可一次印出多种色彩,且线条对接完整,不同颜色之间互不浸染。
A. 接线印刷
B. 正反对印
C. 彩虹印刷
D. 缩微印刷
【单选题】
下列防伪技术,属于印刷环节的是___
A. 安全纤维
B. 缩微图文
C. 光栅图像
D. 丝网印刷
【单选题】
关于变形图文下列说法正确的是___
A. 常光下不可见
B. 通常使用雕版印刷技术
C. 用手触摸有凸凹感
D. 通常用于护照证件的底纹
【单选题】
装订指为了防止证件被___而用人工或机械的方式将证件纸张装订成册,并覆上品质稳定村质坚韧的封皮的过程。
A. 拆装变造
B. 冒名顶替
C. 整本伪造
D. 揭换相片
【单选题】
扩照号码是在以下哪个环节印制的___。
【单选题】
当封皮粘贴完毕后,对证件进行最后载切时,___的装订线也会受到影响。
A. 回针
B. 不回针
C. 锁头
D. 两头留有空白
【单选题】
下列情况中,装订线不一定是经过拆装的是___。
A. 装订线孔眼非三角形集束状,有外翻现象
B. 紫外光下,荧光反应正常且装订线两侧纸张有残留的荧光剂痕迹
C. 棉线材质的装订线紧致有序,但有轻微起毛现象
D. 装订线两侧有多余的孔眼
【单选题】
下列防伪技术,属于装订环节的是___。
A. 正反对印
B. 穿孔号码
C. 防伪圆片
D. 激光全息图案
【单选题】
下列防伪技术,属于装订环节的是___。
A. 潜影图文
B. 缩微印刷
C. 圆角切割
D. 激光全息图案
【单选题】
将装订线侧对着光源以水平角度平视,如果在装订线两侧的签证页上有锐器留下的挑压印痕,则该护照___。
A. 被揭换照片
B. 被涂改
C. 系整版伪造
D. 被折装
【单选题】
关于激光全息塑封膜,说法错误的是___ 。
A. 动态地变换护照资料页的角度,膜上的图案会逐一显现但不是全部展现
B. 只从一个角度观察,无法观察到整个膜上所有图案的全貌
C. 膜本身没有内在颜色或者颜料
D. 在同一个角度下全部的图案均清楚、明亮地展现
【单选题】
___的特性就是能够把光沿着光源方向反向反射至光源处,或反射至接近光源的位置。
A. 常光
B. 侧光
C. 同轴光
D. 紫外光
【单选题】
关于硬卡膜,说法错误的是___。
A. 由多层塑料材料层压复合而成
B. 硬卡膜无法在签发阶段单独加入护照之中,只能在护照装订过程中加入
C. 硬卡膜制作成本高、制作难度大
D. 使用硬卡膜的护照,装订阶段与签发阶段区分明显
【单选题】
墨点分布无规律,渗入纸张内部,文宇有时出现洇散现象是___方式的图文特征。
A. 喷墨打印
B. 激光打印
C. 热转印
D. 热升华
【单选题】
黄色追踪码是___方式所特有的。
A. 喷墨打印
B. 激光打印
C. 热转印
D. 热升华
【单选题】
___的图文特征是可见彩色小圆点、质地凸起,文字部分比划轮廓呈阶梯状,边缘清晰。
A. 喷墨打印
B. 激光打印
C. 热转印
D. 热升华
【单选题】
___的打印宇迹有光泽,由粉末堆积而成,周围可见墨粉散落痕迹,并伴随小黄点。
A. 喷墨打印
B. 激光打印
C. 热转印
D. 热升华
【单选题】
下列防伪技术,属于签发环节的是___
A. 正反对印
B. 穿孔号码
C. 防伪圆片
D. 激光全息图案
【单选题】
激光蚀刻技术通常应用在下列哪种塑封膜中___。
A. 同轴光膜
B. 热转印膜
C. 普通膜
D. 层压膜(硬卡膜)
【单选题】
防揭图文最主要的一项防伪功能是___
A. 美观
B. 易于制作
C. 图案细腻
D. 防止签证或个人资料被撕揭或更换
【单选题】
利用激光打孔成像技术在护照资料页添加持证人副照片是一项新的防伪措施,这项技术通常应用于下列哪种塑封膜上___。
A. 普通膜
B. 热转印膜
C. 同轴光膜
D. 硬卡膜
【多选题】
从出入境证件的防伪工艺看,当前各国在出入境证件中所运用的常见防伪技术主要涉及以下___几个方面。
A. 纸张防伪
B. 印刷防伪
C. 装订防伪
D. 签发防伪
【多选题】
从我们的工作角度出发,我们可以把纸张分为两大类,分别为___。
A. 普通纸张
B. 安全纸张
C. 印刷纸张
D. 生活纸张
【多选题】
对伪假水印的鉴别,可以从以下___几种光源快速地检查水印图案是否被伪造。
A. 常光
B. 侧光
C. 透射光
D. 紫外光
【多选题】
以下情况中___可以判断水印为假。
A. 常光下就能清楚地在纸张表面观察到
B. 紫外光下不可见
C. 紫外光下有明显的荧光反应
D. 透光条件下无法看清整个图案
【多选题】
以下关于安全线,描述正确的是 ___。
A. 可以是连续的,也可以是断续的
B. 可能是可见的,也可能是隐蔽的
C. 可以仅在特定的图案中露出一段
D. 可以和其他的防伪手段相结合,如荧光图案、磁性编码、缩微文字.
【多选题】
安全线可以和其他的防伪手段相结合,如___等。
A. 荧光图案
B. 磁性编码
C. 水印
D. 缩微文字
【多选题】
以下关于安全纤维,描述正确的是___
A. 镶嵌在纸张中,与纸张融为一体
B. 分布规则,且有其特定的位置
C. 大部分在紫外光下有明显的荧光反应
D. 透光条件下,可以清楚地看到缩微文字
【多选题】
在工作中,如发现以下___情况,则该证件可能系伪造护照资料页或整本伪造护照。
A. 证件中的防伪圆点或彩点系普通印刷而成
B. 防伪彩点呈晶体状明显凸起于证件表面
C. 防伪彩点附着在纸张表面可以将其从纸张上刮下来
D. 防伪彩点是添加于纸张中的,难以从纸张中剥离
【多选题】
印刷基本方法包括___
A. 平版印刷
B. 凹版印刷
C. 凸版印刷
D. 彩虹印刷
【多选题】
采用凸版印刷的号码主要有以下特征___。
A. 字符边缘有厚重的油墨“外圈”现象
B. 凸起油墨中有不规则的适明胶状或晶体状物质
C. 印刷在纸张正面上的图文低于纸张表面
D. 纸张背面通常有凸起痕迹
【多选题】
关于凹版印刷说法正确的是___。
A. 图文部分高于印版的版面
B. 凹下的版纹有深浅之分,以此表现图文的高低和油墨的厚薄
C. 印刷时油墨从滚筒表面的凹陷处转印到纸张上
D. 非印刷部分表面的油墨则被刮墨刀拭去,转印到纸张上的油墨量取决于单个凹陷处的深度
【多选题】
关于伪造的潜影图像,下列说法正确的是___
A. 通常在正面平视时就可清晰地看见隐藏的图文
B. 举过眼睛斜视时反而观察不到隐藏的图文
C. 只是采用普通印刷方式印制而成
D. 部分伪假潜影图像虽然手触时也有凹凸感,但是其与伪造凹版印刷效果所采用的方法是相同的
【多选题】
关于防复印图文,下列说法正确的是___
A. 有的以图形中相邻线条的粗细差异来防止证件被复印
B. 有的以图形中相邻线条的颜色细微差别来防止证件被复印
C. 有的以图形中线条的股数和走向变化来防止证件被复印
D. 复印时一定会出现"COPY"或"VOID"字样
【多选题】
透射紫外光下,可见以下哪些防伪点? ___
A. 水印
B. 光变油墨
C. 荧光图案
D. 安全纤维
【多选题】
对凹版印刷图文的检查方法通常采用___。
A. 侧光下观察
B. 用白纸在图文的油墨上轻轻擦拭
C. 常光下放大观察
D. 用手指轻触图文油墨
【多选题】
装订线的材质包括___
A. 棉线
B. 塑料
C. 涤纶纱线
D. 竹纤维
【多选题】
装订方式包括___
A. 中线缝合
B. 边缘缝合
C. 互锁缝合
D. 丝网缝合
【多选题】
装订钱可以从以下___方面进行识别。
A. 观察装订线颜色是否正常,有松散起毛现象
B. 观察装订线的互锁结构是否被破坏
C. 检查装订线有无多余孔眼,或孔眼外翻现象
D. 紫外光下,观察荧光反应是否正常,装订线两侧纸张是否有残留的荧光剂
E. 在侧光下观察装订线两侧是否留有挑压痕迹
【多选题】
以下关于边角切割说法不正确的是___
A. 边角切割是指将证件切割成一定标准的尺寸,目的是防止证件页被更换
B. 边角切割又称为三面圆角切割
C. 圆角切割的证件边角呈弧形,切口圆滑整齐,无棱角
D. 特殊切割的边角,棱角分明且不圆滑
