【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
推荐试题
【单选题】
我国最大的实际是___
A. 人口众多
B. 文明古国
C. 世界上最大的发展中国家
D. 正处于并将长期处于社会主义初级阶段
【单选题】
社会主义初级阶段的长期性,从根本上说是由中国进入和建成社会主义的___决定的(C)
A. 生产力和生产关系
B. 经济基础和上层建筑
C. 历史条件和社会状况
D. 物质基础和思想条件
【单选题】
十九大报告指出,当前我国社会的主要矛盾已经转化为___
A. 计划经济和市场经济的矛盾
B. 人民日益增长的物质文化需要同落后的社会生产之间的矛盾
C. 依法治国和以德治国的矛盾
D. 人民日益增长的美好生活需要和不平衡不充分的发展之间的矛盾
【单选题】
党在社会主义初级阶段的基本路线被概括为___
A. 推翻三座大山
B. 一化三改
C. 一个中心,两个基本点
D. 四个现代化
【单选题】
首先提出"建设有中国特色的社会主义"命题的领导人是___
A. 毛泽东
B. 邓小平
C. 江泽民
D. 习近平
【单选题】
我国正式成为世界贸易组织成员国是在___
A. 1992年
B. 1997年
C. 2001年
D. 2007年
【单选题】
党的十一届三中全会后,改革首先开始于___
【单选题】
我国经济体制改革的目标是___
A. 建立社会主义市场经济体制
B. 建立有计划的商品经济
C. 建立现代企业制度
D. 建立以公有制为主体、多种所有制经济共同发展的基本经济制度
【单选题】
"三个代表"重要思想形成的时代背景的表述错误的是___
A. 苏联解体、东欧剧变
B. 美国成为唯一的超级大国
C. 和平与发展是时代主题
D. 国际共产主义运动处于高潮
【单选题】
江泽民首次对"三个代表"进行比较全面论述是在___
A. 1989年
B. 1992年
C. 1997年
D. 2000年
【单选题】
社会主义的分配原则是___
A. 按劳分配
B. 按需分配
C. 按资分配
D. 按能力分配
【单选题】
人民民主专政是___
A. 我国的国体
B. 我国的政权组织形式
C. 我国的政党制度
D. 我国的国家结构形式
【单选题】
中国特色的政党制度是___
A. 中国共产党领导的多党合作和政治协商制度
B. 多党制
C. 一党制
D. 两党制
【单选题】
我国的政体是___
A. 人民民主专政
B. 人民代表大会制度
C. 中国共产党领导的多党合作和政治协商制度
D. 民族区域自治制度
【单选题】
社会主义本质是___
A. 公有制
B. 计划经济
C. 按劳分配
D. 共同富裕
【单选题】
社会主义民主的本质和核心是___
A. 人民当家做主
B. 权力的相互制衡
C. 政治协商
D. 多党合作
【单选题】
"百花齐放、百家争鸣"是___
A. 中国特色社会主义经济建设的基本方针
B. 中国特色社会主义政治建设的基本方针
C. 中国特色社会主义文化建设的基本方针
D. 中国特色社会主义社会建设的基本方针
【单选题】
中国特色社会主义最本质特征是___
A. 马克思主义指导思想
B. 中国共产党领导
C. 人民当家做主
D. 依法治国
【单选题】
中国特色社会主义的最大优势是___
A. 马克思主义指导思想
B. 中国共产党领导
C. 人民当家做主
D. 依法治国
【单选题】
邓小平理论在哪次会议上成为我们党的指导思想___
A. 党的十一届三中全会
B. 党的十二大
C. 党的十四大
D. 党的十五大
【单选题】
科学发展观被作为党的指导思想写入党章是在___
A. 党的十五大
B. 党的十六大
C. 党的十七大
D. 党的十八大
【单选题】
2013年党的十八届三中全会明确提出要使市场在资源配置中起什么作用___
A. 革命性
B. 基础性
C. 决定性
D. 全面性
【单选题】
新民主主义革命所要建立的国家的政体是___
A. 总统制
B. 三权分立的议会制
C. 民主共和制
D. 人民代表大会制
【单选题】
中国革命的主要形式是___
A. 议会斗争
B. 和平请愿
C. 武装斗争
D. 改良主义
【单选题】
中国共产党领导下的人民军队的唯一宗旨是___
A. 军事作战
B. 为人民服务
C. 为党服务
D. 政治宣传
【单选题】
"三个代表"重要思想在哪次会议上被写入党章成为党的指导思想___
A. 党的十四大
B. 党的十五大
C. 党的十六大
D. 党的十七大
【单选题】
中共七大上对"马克思主义中国化"从理论上作出进一步阐述的领导人是___
A. 毛泽东
B. 刘少奇
C. 周恩来
D. 朱德
【单选题】
1940年,毛泽东在()中,阐述了新民主主义的政治、经济和文化___
A. 《反对本本主义》
B. 《(共产党人)发刊词
C. 《新民主主义论》
D. 《论联合政府》
【单选题】
新民主主义共和国是___
A. 资产阶级专政
B. 无产阶级专政
C. 各革命阶级联合专政
D. 人民民主专政
【单选题】
下列著作哪一项不是毛泽东的___
A. 《实践论》
B. 《解放思想,实事求是,团结一致向前看》
C. 《反对本本主义》
D. 《改造我们的学习》
【单选题】
新民主主义革命的开端是___
A. 辛亥革命
B. 新文化运动
C. 五四运动
D. 中共一大的召开
【单选题】
毛泽东认为,认清和解决革命问题的基本的根据,是认清___
A. 中国的国情
B. 中国所处的国际环境
C. 谁是我们的朋友,谁是我们的敌人
D. 中国革命的领导力量和依靠力量
【单选题】
半殖民地半封建中国社会的矛盾是错综复杂的,其中最主要的矛盾是___
A. 工人阶级与农民阶级的矛盾
B. 农民阶级与地主阶级的矛盾
C. 帝国主义与中华民族的矛盾
D. 无产阶级与资产阶级的矛盾
【单选题】
新民主主义社会的主要矛盾是___
A. 农民阶级同资产阶级的矛盾
B. 人民群众内部矛盾
C. 工人阶级同资产阶级的矛盾
D. 工人阶级同农民阶级的矛盾
【单选题】
1953年,毛泽东和中共中央提出了加快从新民主主义社会向社会主义社会转变的___
A. 土地革命的总路线
B. 过渡时期的总路线
C. 社会主义建设的总路线
D. 社会主义初级阶段的基本路线
【单选题】
毛泽东提出关于社会主义社会基本矛盾学说的著作是___
A. 《论十大关系》
B. 《关于正确处理人民内部矛盾的问题》
C. 《论人民民主专政》
D. 《在中国共产党全国代表大会上的讲话》
【单选题】
邓小平完整地提出社会主义本质理论是在___
A. 党的十二大
B. 党的十三大
C. 党的十四大
D. 1992年南方谈话中
【单选题】
党的()把邓小平"三步走"的发展战略构想确定下来___
A. 十二大
B. 十三大
C. 十四大
D. 十五大
【单选题】
我们讲一切从实际出发,最大的实际是中国___
A. 生产力发展水平低,发展不平衡
B. 人口多.劳动者素质不高
C. 自然条件差,能源、资源相对不足
D. 处于并将长期处于社会主义初级阶段