【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
推荐试题
【多选题】
在接地保护原则中,以下哪些是正确的( )___
A. 条件较好的楼宇,可自大楼内垂直接地扁钢引接地气
B. 若设备采用交流电供电,在确认交流电源的地线在配电室或交流供电变压器侧接地良好,也可以通过交流电源的地线进行接地
C. 为了保护设备避免雷击,需将保护地线接至避雷系统
D. 对于没有保护地网的建筑物,可以自建地网保证ONU设备工作,接地电阻值应小于10欧姆
E.
F.
【多选题】
在客户室内机机房应注意上门服务行为规范?___
A. 不吸烟
B. 不吃东西
C. 不接受客户的馈赠物品
D. 随意挪到他处桌椅
E.
F.
【多选题】
在量化薪酬管理中,装维人员薪资主要由( )组成.___
A. 固定薪资
B. 量酬薪资
C. 学历补贴
D.
E.
F.
【多选题】
在路由器中,如果去往同一目的地有多条路由,则决定最佳路由的因素有()___
A. 路由的优先级
B. 路由的发布者
C. 路由的metric值
D. 路由的生存时间
E.
F.
【多选题】
在排查传输链路问题时,可能出现的问题有:( )___
A. 光端机吊死
B. 传输线路松动、板卡故障
C. 传输信号丢失
D. 传输线路中断
E.
F.
【多选题】
在企业网络中实施 VLAN 有哪两点好处.( ) ___
A. 避免使用第 3 层设备
B. 提供广播域分段功能
C. 允许广播数据从一个本地网络传播到另一个本地网络
D. 允许对设备进行逻辑分组而不考虑物理位置
E.
F.
【多选题】
在人孔内或地下室内作业时的注意事项有( )___
A. 人孔外必须要有巡视看护人员
B. 上下人孔的梯子不准撤走
C. 照明应采用应急灯具
D. 严禁点燃喷灯
E.
F.
【多选题】
在日常维护工作中,需要经常在网管上导出或查看现网存量情况,此操作描述正确的是( )___
A. 如果要查询FTTH的数量,需要到存量菜单中的ONU中去统计
B. 在网元的查看中,可以统计出该网管服务器当前的等效网元的使用情况
C. 查看单板槽位的使用情况,可以以网元的维度或全网统计的维度来采集
D. 在主拓扑中,点击相关的子图,在子图下方即可看到该子图下的网元数量
E.
F.
【多选题】
在完成接维开通后,维护部门根据客户要求,向客户经理提交相关资料,对于省级集团用户或大型综合项目应提交( )等内容。___
A. 网络拓扑
B. 电路清单
C. 客户资料
D. 设备清单
E.
F.
【多选题】
在线路维护中,为使施工隐患降低到最少,以下做法正确的是( )___
A. 在施工路段上的两个标石之间将警示带绑在标石上,拉单条直线警示带,使线路路由清晰,再立上“三盯”责任牌即可
B. 探测出直埋光缆路由,在路由上培土龟背,并加密标石
C. 用警示带把施工涉及的线路路由左右各3米圈起来后,交待钩机手禁止在警示带范围内开挖,就不用安排人员盯防
D. 只要施工可能对线路由影响就需要盯紧、盯死、盯到底
E.
F.
【多选题】
在线式UPS中逆变器的作用是下列中___
A. 将市电转换为UPS输出的交流电
B. 将整流器输出的直流电,或由电池来的直流电转换成UPS输出的交流电
C. 在市电不合格时启动,将电池的电能变为交流电输出供负载使用
D.
E.
F.
【多选题】
在小区光交接箱中,尾纤在冗余储存槽内不允许有( )现象存在.___
A. 环绕
B. 散绕
C. “8”字
D. 自绕
E.
F.
【多选题】
在验收现场进行数据专线的业务拨测,出现下面哪些现象时可以判定此次业务测试不通过( )___
A. 将从光端机的以太网口引出来的网线插入笔记本的网卡,并配置数据室分配的IP地址,但是PING不通网关(即与客户对接的城域网交换机的地址)
B. 将从光端机的以太网口引出来的网线插入笔记本的网卡,笔记本的本地连接显示不可用
C. 使用数据专线上网速度慢,有的网页甚至出现偶尔打不开的现象
D. 使用数据专线下载速度稳定,达到标称值
E.
F.
【多选题】
在一个广播域中,IP地址和MAC地址的对应关系正确的是()___
A. 一个MAC地址可以对应多个IP地址
B. 一个IP地址可以对应多个MAC地址
C. 一个IP地址只能对应一个MAC地址
D. 一个MAC地址只能对应一个IP地址
E.
F.
【多选题】
在以下的动作中,有可能用到ARP协议的有 ( )___
A. 同一个局域网中的两台PC通信
B. LAN Switch转发数据包
C. 路由器向局域网发送数据包
D. 接入服务器向拨号的PC发送数据包
E.
F.
【多选题】
在应用层的各协议中( )协议提供文件传输服务___
A. FTP
B. TELNET
C. WWW
D. TFTP
E.
F.
【多选题】
在资源管理系统中“公众业务产品”界面,FTTH接入模式小区内产品和端口的关联操作时,需要配置下挂ONU的必填信息包括( )___
A. 设备型号
B. 设备标识
C. 设备名称
D. 实占端口序号
E.
F.
【多选题】
支路板的某一通道的保护属性设置为“有保护”,表示 ( )___
A. 在复用段保护环时,该通道的业务有保护
B. 在通道保护环时,该通道的业务有保护
C. 在SNCP保护环时,该通道的业务有保护
D. 在链形保护时,该通道的业务有保护
E.
F.
【多选题】
支路输入信号丢失告警的产生原因有( ) 。___
A. 外围设备信号输入丢失
B. 传输线路损耗增大
C. DDF架与SDH设备之间的电缆障碍
D. 支路盘接收故障
E.
F.
【多选题】
直连网线和交叉网线的线序是( )___
A. 绿白,绿,橙白,蓝,蓝白,橙,棕白,棕;
B. 橙白,橙,绿白,蓝,蓝白,绿,棕白,棕。
C. 橙白,橙,绿白,蓝,蓝白,绿,棕白,棕
D. 绿白,绿,橙白,蓝,蓝白,橙,棕白,棕。
E.
F.
【多选题】
制作BNC 2M接线头,需要哪些工具___
A. 75欧姆做线工具一套
B. 2M平衡线做线工具一套
C. 电烙铁
D. 剪刀
E.
F.
【多选题】
制作网线需要准备哪些工具()___
A. 网线钳
B. RJ45水晶头
C. 电烙铁
D. 5类线
E.
F.
【多选题】
中国移动IP承载网采用单一自治域方式组网.构成IP承载网的路由器可以分为( )___
A. 核心层路由器(CR)
B. 汇聚层路由器(BR)
C. 接入层路由器(AR)
D. 反射器路由器(RR)
E.
F.
【多选题】
中兴厂家PTN网管查询历史性能步骤包括( )___
A. 在网管客户端界面,选择[视图→性能管理],进入性能管理页面
B. 在客户端操作窗口,单击[查看→历史性能]菜单,打开历史性能页签
C. 在全网资源中的资源树下选择网元
D. 单击过滤按钮,在弹出过滤条件对话框中设置过滤条件,点击差选
E.
F.
【多选题】
驻地网小区现场巡检是指对家客业务运行情况,包括( )等开展的主动性、预防性的检查.___
A. 设备
B. 现场环境
C. 客户信息点
D. 维护资料
E.
F.
【多选题】
驻地网小区线缆标签应使用:具有( )等特性的标签,标签格式统一、标签描述准确、清晰、规范,贴于线缆两端醒目位置.___
A. 防火
B. 防刮
C. 防水
D. 防油
E.
F.
【单选题】
以下哪一项不属于行政强制措施的种类:( )。
A. 限制公民人身自由
B. 查封场所、设施或者财物
C. 扣押财物
D. 责令停产停业
【单选题】
以下不属于行政强制执行的方式的是( )。
A. 加处罚款或者滞纳金
B. 划拨存款、汇款
C. 吊销许可证、执照
D. 拍卖或者依法处理查封、扣押的场所、设施或者财物
【单选题】
行政强制执行由( )设定。
A. 法律
B. 行政法规
C. 地方性法规
D. 行政规章
【单选题】
以下不可以设定行政强制措施的法律规范是( )。
A. 法律
B. 行政法规
C. 地方性法规
D. 行政规章
【单选题】
需要立即清除道路、河道、航道或者公共场所的遗洒物、障碍物或者污染物,当事人不能清除的,行政机关可以决定立即实施( )。
【单选题】
以下哪项不是行政强制措施的种类( )
A. 限制公民人身自由
B. 查封场所、设施或者财物
C. 扣押财物
D. 划拨存款、汇款
【单选题】
以下哪项不是行政强制执行的方式( )
A. 冻结存款、汇款
B. 加处罚款或者滞纳金
C. 排除妨碍、恢复原状
D. 代履行
【单选题】
法律没有规定行政机关强制执行的,作出行政决定的行政机关应当( )
A. 放弃执行
B. 申请本级政府强制执行
C. 申请人民法院强制执行
D. 申请上级机关强制执行
【单选题】
某县卫生行政部门因某饭馆的卫生质量存在问题,遂以违反《公共场所卫生条例》为由,对其作出吊销卫生许可证的处罚决定。这一行为属于( )
A. 行政处罚
B. 行政强制措施
C. 行政强制执行
D. 行政监督检查
【单选题】
某食品厂因食品安全事故被卫生部门作出以下处理:(1)查封不符合卫生标准的货物2000箱;(2)追究公司法人代表责任;(3)罚款10000元。上述决定中属于行政强制的是:( )
A. 查封不符合卫生标准的货物2000箱
B. 罚款10000元
C. 追究公司法人代表责任
D. 无
【单选题】
黄州市交警大队以赵某违章停车为由,依有关规定,决定暂扣赵某1个月的驾驶执照。这一行为属于下列哪个选项?( )
A. 行政强制执行
B. 行政监督检查
C. 行政处罚
D. 行政强制措施
【单选题】
某企业非法集资,被处以资金冻结,这是属于( )。
A. 财产罚
B. 行政强制措施
C. 申诫罚
D. 能力罚
【单选题】
公民、法人或者其他组织对人民法院的行政强制中的违法行为或者扩大强制执行范围受到损害的( )
A. 享有陈述权
B. 享有抗辩权
C. 享有复议权
D. 享有赔偿权
【单选题】
商礼市工商银行未将行政强制执行的款项划入国库或者财政专户,而转移至有业务往来的商业公司账户。对此,应由金融业监督管理机构责令改正,并处以违法划拨款项( )的罚款。
