【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
推荐试题
【判断题】
在不良贷款移交审查环节,资产管理部门应认真对照不良贷款移交清单,对不良贷款资料的完整性进行审核,对不良贷款责任认定及处理情况进行审核
【判断题】
在不良贷款移交审批环节,市县行社分管资产管理部门的领导负责对移交事项进行审批
【判断题】
债权转让坚持公开操作、市场竞价的原则,不可以使用协议转让的处置方式
【判断题】
自然人类贷款慎重对员工(含退休职工)以外的机构和个人转让处置
【判断题】
中止和下架使用失误,存在导致流拍、已转账未绑定保证金的竞买人报名失败等风险,由此产生的纠纷由资产处置机构承担
【判断题】
拟转让资产的原业务经办人员不得作为卖方尽职调查的调查人
【判断题】
若意向受让方出价均低于转让底价,则由资产管理委员会对转让底价进行调整(调低10%-30%,具体调整幅度由各市县行社根据实际情况自行决定)后重新组织招标工作
【判断题】
不良资产转让成交价格与账面差额部分由资产管理部门进行核销,由财务会计部门向税务机关备案,进行税前扣除,差额部分纳入账销案存管理
【判断题】
市县行社开展不良资产非批量转让业务必须通过公开竞价的方式确定受让方
【判断题】
自然人类不良贷款的受让方须是农信社员工(含退休员工)
【判断题】
非批量转让最终审批人为市县行社董(理)事会
【判断题】
抵债资产预估价值下跌的,要根据相关规定,在“财管系统”中计提减值准备
【判断题】
对未及时采取有效措施而导致丧失诉讼时效,致使主债权或担保债权无法追偿,未在法定时效内申请执行而导致执行时效丧失等情况,要依照相关规定严格追究有关人员责任
【判断题】
在抵债资产价值上升幅度不大的情况下,处置价格高于抵债价格,且取得抵债物时间未超过两年的,可以不进行评估
【判断题】
市县行社取得抵债资产时,按抵债资产评估价值作为抵债资产入账价值
【判断题】
市县行社为取得抵债资产支付的抵债资产欠缴的税费、垫付的诉讼费用和取得抵债资产支付的相关税费计入抵债资产价值
【判断题】
市县行社应按月对抵债资产逐项进行检查,对预计可收回金额低于其账面价值的,应当计提减值准备
【判断题】
当采用公开转让方式只产生一个符合条件的意向受让方时,可采用协议转让方式
【判断题】
批量转让是指各市县行社对3户/项及以上的不良资产进行组包,公开定向转让给资产管理公司的行为
【判断题】
市县行社审计部门应在核销前对每笔呆账进行责任认定
【判断题】
以物抵债要通过法院、仲裁机构裁决、协议接受抵债
【判断题】
市县行社应尽量避免接收抵债资产,在采取有效处置途径后还没有成交的,方可接收抵债资产
【判断题】
市县行社接收抵债资产时,只有法院判决或仲裁裁决的,才可以向债务人支付补价,不得以私下协议的方式向债务人支付补价
【判断题】
经法院(仲裁机构)裁决以物抵债的,市县行社应指定双人尽快办理抵债资产的接收过户等相关手续
【判断题】
抵债资产是对银行资本耗费非常高的风险资产
【判断题】
员工会员客户端登录账号为员工柜员号,已担任竞价系统后台端系统角色的员工,不得在互联网端员工会员身份的登录与使用
【判断题】
市县行社发布标的前,应对此贷款责任落实情况进行梳理,应首先进行责任追究
【判断题】
市县行社发布不良贷款委托清收和信息征集信息时,由竞价系统后台端直接发起
【判断题】
小额不良贷款和表外不良贷款可以优先发布在内部职工清收大厅,内部职工清收大厅本行社浏览人数达不到20%的,竞价开始日期自动延后两日,连续延后两次浏览人数仍达不到标准的,标的自动下架,不得继续发布
【判断题】
资产管理委员会采取无记名投票方式,每人享有一票表决权,主任委员不参与投票,但对表决结果享有一票否决权
【判断题】
发生竞得不买时,买受人参与竞价时缴纳的保证金将赔付给资产处置机构
【判断题】
对于核销后的呆账,市县行社要继续尽职追偿,尽最大可能实现回收价值最大化
【判断题】
市县行社是本行社呆账核销工作的主体,由资产管理部门牵头负责本行社呆账核销具体工作
【判断题】
核销的贷款五级分类形态必须是损失类的贷款
【判断题】
市县行社核销呆账,应提供合理的内、外部证据。内部证据根据对应的呆账认定标准搜集提供,外部证据是必要条件
【判断题】
竞买人参与竞价时锁定的保证金将赔付给资产处置机构
