【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
推荐试题
【单选题】
走车电路中某电器线圈烧损短路时,主手柄l位___跳开。
【单选题】
使用接地开关DK及故障开关GK,均无法排除DJ动作时的原因是:___。
A. 主电路正端大线接地
B. 接地继电器DJ故障
C. 低电位点接地
【单选题】
励磁整流柜2ZL整流元件损坏时,机车___。
A. 过流继电器动作
B. 功率不足
C. 功率超高
【单选题】
牵引发电机突然发生短路的原因有:___。
A. 牵引发电机温度过高
B. IZL整流元件击穿
C. 电流互感器1~2LH故障
【单选题】
东风4型机车承载式车体的优点是:___。
A. 减少轴重转移
B. 重显轻、承载能力强
C. 减小了机车噪音
【单选题】
东风4B型客运机车构造速度为:___
A. 120km/h
B. 140km/h
C. 170km/h
【单选题】
机车牵引齿轮传动比越大,则___。
A. 速度越高、牵引力越大
B. 速度越低、牵引力越大
C. 速度越高、牵引力越小
【单选题】
由启动变速箱驱动的装置有:___。
A. 启动发电机、励磁机、测速发电机、后通风机
B. 启动发电机、励磁机、静液压泵、前通风机
C. 启动发电机、励磁机、测速发电机、前通风机
【单选题】
当机车浮沉振动时,油压减振器的鞲鞴与缸筒所形成的上、下油腔容积会发生变化,其中的工作油在流经心阀或进油阀上的节流空时由于___作用而衰减了机车的振动。
【单选题】
使机车车体与转向架在纵向以关节形式连接起来,传递牵引力和制动力,以及车体与转向架间的各种冲击力,该部件是___。
A. 二系悬挂装置
B. 车体侧挡
C. 牵引杆装置
【单选题】
东风4B型机车牵引电动机的悬挂采用了___结构
【判断题】
东风4B型内燃机车膨胀水箱冷却水的装载量为1200kg
【判断题】
运用中,只要机油和冷却水温度超过正常范围,要及时调整温度控制阀,防止机车故障发生
【判断题】
在燃油精滤器的滤网罩上方的最高处设有集中放油的放油管和放油阀,以便排除管路中的燃油
【判断题】
柴油一发电机组的弹性支承,可以避免柴油机在高速或低速时发生共振
【判断题】
盘车机构主要用于盘车检查柴油机运动部件的运动状态
【判断题】
四冲程柴油机转速为1000r/min时,凸轮轴转速为2000r/min
【判断题】
在增压器机油进油管上设有保压阀,用以限制进入增压器的机油压力和流量
【判断题】
柴油机起动循环的油路为:油底壳一起动机油泵一逆止阀一主机油泵出口一机油粗滤器一机油热交换器一柴油机、增压器各润滑处所一油底壳
【判断题】
柴油机冷却水温过低时,将导致混合气体形成的条件恶化,燃烧不完全,破坏了柴油机的热力状态
【判断题】
调速器的功调电阻为回转式滑动可变电阻,电阻滑环上共布置73个电阻,总电492.9Ω
【判断题】
虽然柴油机的紧急停车不会影响柴油机使用寿命,也不宜无故按动紧急停车按钮
【判断题】
增压器进气道帆布过松,会造成柴油机的增压器喘振
【判断题】
柴油机负荷时间过长,是造成水温高的原因之一
【判断题】
柴油机油、水温度低是造成柴油机敲缸的原因之一
【判断题】
致使机油乳化的原因,主要是机油内含水量较高
【判断题】
由于喷油器雾化不良,燃油系统有空气,活塞刮油环反装或刮油性能差,均会导致柴油机冒黑烟
【判断题】
高温水系统水管上的温度控制阀漏油,会造成油水互窜,导致膨胀水箱有油
【判断题】
当柴油机冷却水温度超过88℃时,水温继电器动作,通过中间继电器2ZJ的作用,柴油机卸载
【判断题】
柴油机一发电机组的功率输出端通过传动轴与静液压变速箱连接
【判断题】
回拉手柄时引起柴油机过载的原因是增、减载针阀开度过小
【判断题】
在正常情况下,联合调节器内的最高转速止钉丢失时,不会造成飞车事故
【判断题】
主机油泵出口压力为550kPa时,调整阀开启压力为550kPa
【判断题】
柴油机在空转时转速正常,加载时转速不正常时,多为喷油泵故障或供油齿条卡滞
【判断题】
柴油机润滑间隙过大或过小,同样会造成轴颈或轴瓦的拉伤
【判断题】
柴油机放水后再上水时,必须开放有关排气阀
【判断题】
一个二极管被击穿短路后,1RD将首先熔断,有时出会出现2RD同时熔断现象
【判断题】
感应子牵引励磁机的感应电动势是由定子上的电枢绕组产生并输出的
【判断题】
东风4机车启动接触器QC和主发励磁接触器LC,采用CZO-40/20型电磁接触器
