【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
推荐试题
【判断题】
个人的同一作品在报刊上连载, 应合并其因连载而取得的所有稿酬所得为一次, 按税法规定计征个人所得税。在其连载之后又出书取得稿酬所得, 或先出书后连载取得稿酬所得, 应视同再版稿酬分次计征个人所得税。
【判断题】
2019年1月1日至2020年12月31日,个人捐赠住房作为公租房,符合税收法律法规规定的,准予从其应纳税所得额中全额扣除。
【判断题】
对符合地方政府规定条件的城镇住房保障家庭从地方政府领取的住房租赁补贴,免征个人所得税。
【判断题】
个人因公务用车和通信制度改革而取得的公务用车、通信补贴收入,扣除一定标准的公务费用后,按照“工资、薪金所得”项目计征个人所得税。公务费用的扣除标准,由省级税务局根据纳税人公务交通、通信费用的实际发生情况调查测算,报经省级人民政府批准后确定,报国家税务总局备案。
【判断题】
个人独资企业和合伙企业投资者取得种植业、养殖业、饲养业、捕捞业“四业”所得暂不征收个人所得税。
【判断题】
个人独资企业投资者及其家庭发生的生活费用与企业生产经营费用混合在一起,并且难以划分的,其40%视为与生产经营有关费用,准予扣除。
【判断题】
投资者兴办两个或两个以上企业的,企业的年度经营亏损可以跨企业弥补。
【判断题】
股权转让合同履行完毕、股权已作变更登记后,当事人双方签订并执行解除原股权转让合同、退回股权的协议,对前次转让行为征收的个人所得税款予以退还。
【判断题】
股权转让合同未履行完毕,因执行仲裁委员会作出的解除股权转让合同及补充协议的裁决、停止执行原股权转让合同,并原价收回已转让股权的,纳税人不应缴纳个人所得税。
【判断题】
个人通过非营利的社会团体和国家机关向农村义务教育的捐赠,准予在计算个人所得税时全额扣除。
【判断题】
个人通过宋庆龄基金会、中国福利会、中国残疾人福利基金会、中国扶贫基金会、中国煤矿尘肺病治疗基金会、中华环境保护基金会用于公益救助性的捐赠,准予在缴纳个人所得税前全额扣除。
【判断题】
个人通过中国医药卫生事业发展基金会用于公益救济性的捐赠,准予在缴纳个人所得税前全额扣除。
【判断题】
2019年居民王某在中国境内从甲公司取得工资30000元,从乙公司工资取得28000元,王某应在2020年3月1日-6月30日进行自行申报。
【判断题】
投资者兴办两个或两个以上企业的,准予扣除的个人费用可以在两个企业扣除。
【判断题】
纳税人办理综合所得汇算清缴,只需准备与收入、专项扣除、专项附加扣除、依法确定的其他扣除资料,并按规定留存备查或报送。
【判断题】
纳税人办理自行纳税申报时,应当一并报送税务机关要求报送的其他有关资料。首次申报或者个人基础信息发生变化的,还应报送《个人所得税基础信息表(B表)》,纳税人在办理纳税申报时需要享受税收协定待遇的,应按规定报税务机关审核。
【判断题】
非居民纳税人符合享受协定待遇条件的,可在纳税申报时,或通过扣缴义务人在扣缴申报时,自行享受协定待遇,并接受税务机关的后续管理。
【判断题】
非居民纳税人享受税收协定独立个人劳务、非独立个人劳务(受雇所得)、政府服务、教师和研究人员、学生条款待遇的,应当在首次取得相关所得并进行纳税申报时,或者由扣缴义务人在首次扣缴申报时,报送相关报告表和资料。在符合享受协定待遇条件且所报告信息未发生变化的情况下,非居民纳税人免于向同一主管税务机关就享受协定待遇重复报送资料。
【判断题】
个非居民纳税人享受税收协定财产收益、演艺人员和运动员、其他所得条款待遇的,在符合享受协定待遇条件且所报告信息未发生变化的情况下,非居民纳税人免于向同一主管税务机关就享受同一条款协定待遇重复报送资料。
【判断题】
非居民纳税人自行申报的,应当就每一个经营项目、营业场所或劳务提供项目分别向主管税务机关报送本办法规定的报告表和资料。
【判断题】
源泉扣缴和指定扣缴情况下,非居民纳税人有多个扣缴义务人的,只需向一个扣缴义务人提供规定的报告表和资料。
【判断题】
作者将自己的文字作品手稿原件或复印件拍卖取得的所得,按照“财产转让所得”项目缴纳个人所得税。
【判断题】
个人拍卖除文字作品原稿及复印件外的其他财产,应按照“特许权使用费所得”项目缴纳个人所得税。
【判断题】
纳税人如不能提供合法、完整、准确的财产原值凭证,不能正确计算财产原值的,按转让收入额的3%征收率计算缴纳个人所得税;拍卖品为经文物部门认定是海外回流文物的,按转让收入额的2%征收率计算缴纳个人所得税。
【判断题】
个人财产拍卖所得应纳的个人所得税税款,由买受人负责代扣代缴,并按规定向买受人所在地主管税务机关办理纳税申报。
【判断题】
个人财产拍卖所得征收个人所得税时,以该项财产最终拍卖成交价格为其转让收入额。
【判断题】
非居民个人取得工资、薪金所得,劳务报酬所得,稿酬所得和特许权使用费所得,有扣缴义务人的,由扣缴义务人按月或者按次代扣代缴税款,需要办理汇算清缴的,应当在取得所得的次年三月一日至六月三十日内办理汇算清缴。
【判断题】
企业债券利息个人所得税统一由各兑付机构在向持有债券的个人兑付利息时负责代扣代缴,就地入库。
【判断题】
有关部门依法将纳税人、扣缴义务人遵守个人所得税法的情况纳入信用信息系统,并实施联合激励或者惩戒。
【判断题】
将职务科技成果转化为股份、投资比例的科研机构、高等学校或者获奖人员,应在授(获)奖的次月15日内向主管税务机关备案,报送《科技成果转化暂不征收个人所得税备案表》和技术成果价值评估报告、股权奖励文件及其他证明材料。
【判断题】
2019年1月1日起,居民个人从中国境内和境外取得的综合所得、经营所得,应当分别单独计算应纳税额;从中国境内和境外取得的其他所得,应当分别单独计算应纳税额。
【判断题】
居民个人抵免已在境外缴纳的综合所得、经营所得以及其他所得的所得税税额的限额,除国务院财政、税务主管部门另有规定外,来源于中国境外一个国家(地区)的综合所得抵免限额、经营所得抵免限额以及其他所得抵免限额之和,为来源于该国家(地区)所得的抵免限额。
【判断题】
个人从证券公司股东账户取得的利息所得,应按照个人所得税法规定的“利息、股息、红利所得”应税项目缴纳个人所得税,税款由其开立股东账户的证券公司代扣代缴
【判断题】
自2015年10月1日起,全国范围内的有限合伙制创业投资企业采取股权投资方式投资于未上市的中小高新技术企业满2年(24个月)的,该有限合伙制创业投资企业的法人合伙人可按照其对未上市中小高新技术企业投资额的70%抵扣该法人合伙人从该有限合伙制创业投资企业分得的应纳税所得额,当年不足抵扣的,不结转抵扣。
【判断题】
股权奖励的计税价格参照获得股权时的公平市场价格确定,非上市公司股权的公平市场价格,按照净资产法、类比法和其他合理方法选择确定。
【判断题】
律师事务所出资律师按“个体工商户的生产经营所得”缴纳个人所得税,雇员律师按“工资薪金所得”缴纳个人所得税。
【判断题】
依法批准设立的非营利性研究开发机构和高等学校(以下简称非营利性科研机构和高校)根据《中华人民共和国促进科技成果转化法》规定,从职务科技成果转化收入中给予科技人员的现金奖励,可减按50%计入科技人员计入“工资、薪金所得”,可分三十六个月缴纳个人所得税。
【判断题】
非营利性科研机构和高校在取得科技成果转化收入三年(36个月)内分次奖励给科技人员的现金,合并计算。
【判断题】
非营利性科研机构和高校向科技人员发放现金奖励,在填报《扣缴个人所得税报告表》时,应将当期现金奖励收入金额的50%与当月工资、薪金合并,计入“收入额”列。
【判断题】
正确符合科技人员取得职务科技成果转化现金奖励税收优惠条件的单位,向科技人员发放现金奖励时,实行备案管理。即在实际发放现金奖励的次月15日内,单位向主管税务机构报送《科技人员取得职务科技成果转化现金奖励个人所得税备案表》、相关证明材料。
