【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
推荐试题
【多选题】
商业银行对理财产品进行风险评级的依据包括下列哪些因素___
A. 理财产品投资范围、投资资产和投资比例
B. 理财产品期限、成本、收益测算
C. 本行开发设计的同类理财产品过往业绩
D. 理财产品在运营过程中存在的各类风险
【多选题】
机构理财办理投资者须携带的资料有___
A. 公章、印鉴章
B. 转账支票
C. 若为代理,须签订授权委托书
D. 法人、经办人身份证明
【多选题】
理财产品宣传销售文本应当全面、客观反映理财产品的重要特性和与产品有关的重要事实,语言表述应当真实、准确和清晰,不得有下列情形___
A. 虚假记载、误导性陈述或者重大遗漏
B. 违规承诺收益或者承担损失;
C. 夸大或者片面宣传理财产品,违规使用“安全、”“保证、”“承诺、”“保险、”“避险、”“有保障、”“高收益、”“无风险”等与产品风险收益特性不匹配的表述;
D. 登载单位或者个人的推荐性文字;
E. 在未提供客观证据的情况下,使用“业绩优良”、“名列前茅”、“位居前列”、“最有价值”、“首只”、“最大”、“最好”、“最强”、“唯一”等夸大过往业绩的表述
【多选题】
取消企业银行账户许可的范围包括___。
A. 企业法人
B. 非法人企业
C. 个体工商户
D. 机关
E. 事业单位
【多选题】
三要素决定基本存款账户的唯一性,应当在结算账户管理系统中准备录入信息,对唯一性进行审核。该三要素为___。
A. 企业名称
B. 统一社会信用代码
C. 存款人类别
D. 注册地区代码
E. 注册地址
【多选题】
存在下列哪种情形的,银行应当拒绝开户。___
A. 使用伪造、变造开户证明文件
B. 假冒他人身份或虚构代理关系
C. 经核实注册地址不存在或虚构经营场所
D. 对企业身份信息存疑需要提供辅助证件,企业决绝出示
E. 被市场被市场监督管理部分列入“严重违法失信企业名单”
【多选题】
销售人员从事理财产品销售活动,下列情形是违规的___。
A. 在销售活动中为自己或他人牟取不正当利益,承诺进行利益输送,通过给予他人财物或利益,或接受他人给予的财物或利益等形式进行商业贿赂;
B. 诋毁其他机构的理财产品或销售人员;散布虚假信息扰乱市场秩序;
C. 违规接受投资者全权委托,私自代理投资者进行理财产品认购、赎回等交易;
D. 违规对投资者做出盈亏承诺,或与投资者以口头或书面形式约定利益分成或亏损分担;
E. 挪用投资者交易资金或理财产品、擅自更改投资者交易指令
【判断题】
专用存款账户和临时存款账户不能办理协定存款业务。
【判断题】
营业网点做过关机后需要重新进入系统办理业务的,应联系县联社的科技部重新开机,重新开机成功后网点取消平账方可办理业务。
【判断题】
因业务需要控制柜员办理某一币种的现金业务或某一种凭证业务时,机构库管可对柜员尾箱相应子账户通过7315交易进行增加或删除。
【判断题】
尾箱上缴前只需要碰库,无需将余额清零;尾箱封存前必须将尾箱余额清零才能操作。
【判断题】
已经封存的尾箱需要重新分配给其他柜员时,机构库管先通过【7315尾箱账号维护】交易启用后,使用【7316】交易,操作标志选择领用,领用柜员录入其柜员代号及密码,完成尾箱领用。
【判断题】
库管员因调离机构时需交接尾箱时不能做7317,需做7316把尾箱交给机构或者7325交给另一个库管员后,才可将柜员号调整至其他机构。
【判断题】
批量开立的银行卡必须先进行初始密码激活,且密码激活只能由持卡人本人办理。
【判断题】
凭证入库申请后,业务还未处理的可以用【7112】凭证入库申请撤销/拒绝交易进行撤销。
【判断题】
存折消磁且密码为弱项密码,这种情况下只能进行双挂处理,在挂失期满后先进行密码重置、再进行挂失换折或挂失销户。
【判断题】
大社向下级分社做预制卡凭证库间调拨时,误将机构输入为上级机构,柜员应使用7225卡凭证调拨差错交易对出库的在途卡凭证有差错的进行撤销。
【判断题】
凭证挂失可以由代理人代为办理,但挂失的后续处理必须由客户本人办理。密码密码挂失也可以代理办理,但后续处理必须本人办理。
【判断题】
在老系统中密码不足6位的账号(多为批量代发的存折),在新系统中客户输入密码时需在老密码前加0补足6位。
【判断题】
账户查询密码忘记时无需挂失,可直接使用【7125密码重置】交易实时重置。
【判断题】
密码挂失在全省农信社任一网点均可办理成功。
【判断题】
客户卡6个月未发生业务限制非柜面业务,在做解除控制时客户密码忘记,直接在柜面进行密码挂失及重置即可。
【判断题】
客户在开户时如果柜员输入的是万能手机号码和万能验证码,万能手机号码在系统中不会保存,系统中的手机号码仍然为空,该客户在系统中会被认为是手机未验证客户。
【判断题】
客户因身患重病、行动不便、无自理能力等无法自行前往银行办理挂失、密码重置、销户等业务时,银行可以采取上门服务的方式办理。
【判断题】
内部主任应对网点的交接班制度进行监督管理,督促主管柜员每日营业终了必须对所有当班柜员尾箱进行核查。
【判断题】
甲公司在郑州市郊联社开立保证金账户,并存有资金,因业务需要,想开立存款证明,柜员可以为其办理。
【判断题】
个人账户名称不能修改,若有个人账户名称错误的情况,只能做销户处理。
【判断题】
对于同一自然人作为具体经办人员办理两个以上单位的银行结算账户开立业务的,银行除审核存款人提供的开户证明文件外,应采取回访、实地查访、向公安、工商行政管理部门核实等一项或多项措施进一步核实存款人身份,并重点关注相关账户的支付交易情况。
【判断题】
营业网点应对多人使用同一联系电话号码开立和使用账户的情况进行排查清理,联系相关当事人进行确认。应当变更为账户所有人本人的联系电话(特殊情况除外)。
【判断题】
授权通过后的业务,主管柜员可使用0279复核授权通过任务管理交易进行取消。
【判断题】
默认转存是指与原存期一致的本息转存方式,本息转存指本息转存,存期不可以选择的转存方式。
【判断题】
零存整取业务,客户在存期中途如有漏存,可以在漏存次月补存,若连续两月漏存视同违约,不允许再存入,只能销户处理。
【判断题】
享档档在支取时,存期内遇利率调整,按支取日相应存期整存整取利率计付利息。
【判断题】
目前,个人和对公客户均可以签约批量代发业务。
【判断题】
在系统中银行内部发起的对账户余额的止付称为控制,法定机关发起对账户余额的止付称为冻结,冻结和控制的级别相同。
【判断题】
柜员使用【7632业务验证码查询】交易,输入交易日期和电子印章中镶嵌的业务验证码,即可查询到该业务验证码对应的交易信息。
【判断题】
老系统中的挂失全部移植到新系统中,输原来的挂失编号即可办理挂失后续处理业务。
【判断题】
【1225账户交易明细查询】分为客户查询和非客户查询,客户查询需要输入密码,系统会自动打印电子印章;非客户查询需要授权,不会打印电子印章。
【判断题】
账户几个金额间的逻辑关系为:账户余额-冻结金额-控制金额=可用余额。
【判断题】
存款人申请开立单位银行结算账户时,可由法定代表人或单位负责人直接办理,也可授权他人办理。授权他人代理时,必须有法定代表人或单位负责人出具的授权委托书。
