【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
推荐试题
【单选题】
党课如果没有正当理由,不参加党日活动,应根据情节轻重给予批评教育和___。
A. 警告处分
B. 纪律处分
C. 给予罚金
D. 开除党籍
【单选题】
新闻宣传工作具有___的作用。
A. 内聚力量、外树形象
B. 增强团队凝聚力
C. 树立品牌形象
D. 提升信心竞争力
【单选题】
___负责公司宣传通讯员队伍的建设与管理。
A. 企业文化部
B. 政工部
C. 人力资源部
D. 公司办公室
【单选题】
党员活动日的目的是___,充分发挥党员的先锋模范作用。
A. 提升团队凝聚力
B. 增强党员队伍建设
C. 搭建党员活动经常化平台
D. 树立品牌形象
【单选题】
党的最高理想和最终目标是实现___。
A. 社会主义
B. 共产主义
C. 共同富裕
D. 小康社会
【单选题】
以毛泽东同志为主要代表的中国共产党人,把马克思列宁主义的基本原理同中国革命的具体实践结合起来,创立了___。
A. 毛泽东理论
B. 毛泽东思想
C. 毛泽东主义
D. 毛泽东道路
【单选题】
对申请入党的条件,错误的一项是___。
A. 年满18岁
B. 中国公民
C. 承认党的纲领和章程
D. 只能是工人、农民、军人、知识分子中的先进分子
【单选题】
《党章》规定,申请人入党,要有___正式党员作介绍人。
【单选题】
预备党员的预备期为___。党组织对预备党员应当认真教育和考察。
【单选题】
以下表述正确的是___。
A. 预备党员的权利、义务同正式党员一样
B. 预备党员的权利同正式党员一样,义务同正式党员不一样
C. 预备党员的权利同正式党员不一样,义务同正式党员一样
D. 预备党员的权利、义务同正式党员都不一样
【单选题】
预备党员需要继续考察和教育的,可以延长预备期,但不能超过___。
【单选题】
党员如果没有正当理由,连续___不参加党的组织生活,或不交纳党费,或不做党所分配的工作,就被认为是自行脱党。
A. 三个月
B. 六个月
C. 九个月
D. 十二个月
【单选题】
凡是成立党的新组织,或是撤销党的原有组织,必须由___决定。
A. 上级党组织
B. 上级党委和纪委
C. 党中央
D. 所在地政府
【单选题】
企业、农村、机关、学校、科研院所、街道社区、社会组织、人民解放军连队和其他基层单位,凡是有正式党员___以上的,都应当成立党的基层组织。
【单选题】
___是党的基础组织,担负直接教育党员、管理党员、监督党员和组织群众、宣传群众、凝聚群众、服务群众的职责。
A. 党委
B. 党总支
C. 党支部
D. 党小组
【单选题】
党的纪律主要包括___、组织纪律、廉洁纪律、群众纪律、工作纪律、生活纪律。
A. 思想纪律
B. 作风纪律
C. 政治纪律
D. 其他纪律
【单选题】
运用监督执纪“四种形态”,让“红红脸、出出汗”成为常态,党纪处分、组织调整成为管党治党的重要手段,严重违纪、严重触犯刑律的党员必须___。
A. 开除党籍
B. 留党察看
C. 诫勉谈话
D. 批评教育
【单选题】
___是党内的最高处分。
A. 严重警告
B. 撤销党内职务
C. 留党察看
D. 开除党籍
【单选题】
发展党员,必须把___放在首位,经过党的支部,坚持个别吸收的原则。
A. 政治标准
B. 业绩标准
C. 道德标准
D. 法制标准
【单选题】
中国共产党党徽为___图案。
A. 镰刀
B. 锤头
C. 镰刀和锤头组成的
D. 天安门
【单选题】
预备党员的预备期,从___通过他为预备党员之日算起。
A. 支部大会
B. 党小组会议
C. 支委会
D. 党委会
【单选题】
始终做到“三个代表’,是我们党的立党之本、执政之基、___。
A. 凝聚之源
B. 力量之源
C. 发展之源
D. 强国之源
【单选题】
我国正处于并将长期处于___。这是在经济文化落后的中国建设社会主义现代化不可逾越的历史阶段,需要上百年的时间。
A. 社会主义阶段
B. 社会主义初级阶段
C. 共产主义阶段
D. 社会主义高级阶段
【单选题】
中国共产党在社会主义初级阶段的___是:领导和团结全国各族人民,以经济建设为中心,坚持四项基本原则,坚持改革开放,自力更生,艰苦创业,为把我国建设成为富强民主文明和谐美丽的社会主义现代化强国而奋斗。
A. 基本路线
B. 基本纲领
C. 基本经验
D. 基本原则
【单选题】
我们党的最大政治优势是___,党执政后的最大危险是脱离群众。
A. 密切联系群众
B. 理论联系实际
C. 实事求是
D. 与时俱进
【单选题】
在现阶段,我国社会的___是人民日益增长的美好生活需要和不平衡不充分的发展之间的矛盾。
A. 主要问题
B. 基本矛盾
C. 主要矛盾
D. 根本矛盾
【单选题】
党的最高领导机关,是___和它所产生的中央委员会。
A. 党的全国代表大会
B. 党的全国代表会议
C. 党的全国代表大会和全国代表会议
D. 全国人民代表大会
【单选题】
党的各级委员会实行集体领导和个人分工负责相结合的制度。凡属重大问题都要按照集体领导、民主集中、___、会议决定的原则,由党的委员会集体讨论,作出决定。
A. 个别酝酿
B. 个别商谈
C. 私下酝酿
D. 特别酝酿
【单选题】
党员个人服从___,少数服从多数,下级组织服从上级组织,全党各个组织和全体党员服从党的全国代表大会和中央委员会,这是党的民主集中制的基本原则之一。
A. 党的组织
B. 党委主要领导
C. 行政主要领导
D. 党政领导
【单选题】
《党章》规定,党的纪律处分有:警告、严重警告、___、留党察看、开除党籍。
A. 撤销党内外一切职务
B. 撤销党内职务
C. 记过
D. 开除公职
【单选题】
《党章》规定,党组织对违犯党的纪律的党员,应当本着___的精神,按照错误性质和情节轻重,给以批评教育直至纪律处分。
A. 从严治党
B. 批评与自我批评
C. 惩前毖后,治病救人
D. 严肃纪律
【单选题】
牢牢掌握___领导权,不断巩固马克思主义在意识形态领域的指导地位,巩固全党全国人民团结奋斗的共同思想基础。
A. 意识形态工作
B. 政治形态工作
C. 思想文化工作
D. 革命政治工作
【单选题】
党的基层组织是党在社会基层组织中的___,是党的全部工作和战斗力的基础。
A. 基础
B. 细胞
C. 核心
D. 战斗堡垒
【单选题】
预备党员的权利,除了没有___以外,同正式党员一样。
A. 表决权、选举权和被选举权
B. 表决权、被选举权
C. 选举权、被选举权
D. 表决权
【单选题】
《党章》规定,党员必须坚持___高于一切,个人利益服从党和人民的利益,吃苦在前,享受在后,克己奉公,多做贡献。
A. 个人利益
B. 局部利益
C. 集体利益
D. 党和人民的利益
【单选题】
在现阶段,我国社会的主要矛盾是人民日益增长的美好生活需要和___的发展之间的矛盾。
A. 不完善不充足
B. 不合理不均衡
C. 不平衡不充分
D. 不合理不充足
【单选题】
由于国内的因素和国际的影响,___还在一定范围内长期存在,在某种条件下还有可能激化,但已经不是主要矛盾。
A. 意识形态斗争
B. 宗教极端势力
C. 阶级斗争
D. 境外敌对势力
