【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
推荐试题
【多选题】
An administrator has been tasked with enabling High Availability ___ on a cluster in a vSphere 6.x environment with default settings. The cluster configures properly and there are no errors. The next day when powering on a virtual machine, an error is presented: <Not Enough Failover Resources>. Which three scenarios are likely causes of this error message? (Choose three.)(CDE)
A. The default VM Monitoring Sensitivity is set too high.
B. There are not enough datastore heartbeat datastores configured by default.
C. The default slot size in the cluster is set too high.
D. There are virtual machines with large CPU reservations.
E. A host is in maintenance mode for a replacement of a failed Hard Drive.
【多选题】
vMotion can be performed between which three physical boundaries? (Choose three.)___
A. Between two vCenter Server Systems
B. Between two vSphere Distributed Virtual Switches
C. Between two vCenter Server Datacenter objects
D. Between two VMware NSX Layer 4 segments
E. Between two NFS datastores
【多选题】
An administrator configures vSphere Replication for a virtual machine and enables multiple point in time (PIT) instances under the recovery settings in the Configure Replication wizard. Which two statements are correct for vSphere Replication with multiple point in time instances enabled? (Choose two.)___
A. vSphere Replication retains a number of snapshot instances of the virtual machine on the target site based on the retention policy that you specify.
B. vSphere Replication uses the virtual machine's snapshot instances to define the target site Point in Time instance based on the retention policy that you specify.
C. vSphere Replication does not support virtual machines with snapshots.
D. vSphere Replication supports virtual machines with snapshots.
【多选题】
An administrator is virtualizing a physical application server and adding it to an existing multi-tiered vApp. The application license is currently tied to the physical NIC's MAC address, so the administrator needs to ensure the license will function properly in the virtual machine. Which two actions can the administrator take to satisfy this task? (Choose two.)___
A. Set the MAC address for the vNIC in the guest operating system.
B. Install the physical server's NIC into the ESXi host.
C. Configure the MAC address for the vNIC using the vSphere Web Client.
D. Assign the physical server NIC's MAC address in the vSphere Distributed Switch.
【多选题】
Which two Fibre Channel zoning options are supported with vSphere 6.x? (Choose two.)___
A. Single-Initiator
B. Single-Initiator-Single-Target
C. Multiple-Initiators-Single-Target
D. Multiple-Initiators-Multiple-Targets
【多选题】
An administrator is attempting to remove an ESXi 6.x host from a vSphere Distributed Switch (vDS). When the administrator attempts to remove the host, the following error is observed: <The resource '16' is still in use.> What three steps are needed to successfully remove the host from the switch? (Choose three.)___
A. Select Manage Ports on the vDS for the host.
B. Locate all ports currently in use on the vDS for the host.
C. Migrate or delete any vmkernel or virtual machine adapters associated with the switch.
D. Remove all network cards from the switch before trying to remove the host.
E. Create a standard switch for everything to be automatically be migrated to.
【多选题】
Which two Virtual SAN related actions might start resynchronization of virtual machine objects? (Choose two.)___
A. Editing a virtual machine storage policy to increase the number of replicas.
B. Editing a virtual machine storage policy to reduce the number of replicas.
C. Editing a virtual machine storage policy to increase the number of disk stripes.
D. Editing a virtual machine storage policy to reduce the number of disk stripes.
【多选题】
An administrator is troubleshooting basic network connectivity issues. Which two scenarios are potential issues that this administrator might face? (Choose two.)___
A. The vSwitch is not attached to the correct physical network.
B. The portgroup is not configured to use correct VLAN.
C. Traffic shaping is configured incorrectly.
D. Jumbo frames is configured incorrectly.
【多选题】
Which three items should be validated prior to installing ESXi 6.x? (Choose three.)___
A. Remote Storage has been disconnected.
B. Installation media is available.
C. Server hardware clock is set to UTC.
D. Storage has been partitioned with a VMFS volume.
E. Network cards have been setup to use Jumbo
F. rames.
【多选题】
An administrator is performing an interactive installation of ESXi 6.x. Which three options are available for installation? (Choose three.)___
A. DVD
B. USB
C. PXE
D. Scripted
E. Auto Deploy
【多选题】
After installation of a host in your test environment, you need to move it to production. The only major change that needs to be made is that the hostname of the server needs to change. What are two ways that an administrator can change the host name without editing configuration files on the host directly? (Choose two.)___
A. Login to the Direct Console User Interface and change it from here.
B. Edit the Default TCP/IP Configuration from the vSphere Web Client.
C. Use the Ruby vSphere Client to send a script to the ESXi host that updates the hostname.
D. Update the information in DNS and the
E. SXi host will automatically update with these changes.
【多选题】
An administrator has unsuccessfully attempted several times to install an Operating System inside a virtual machine. The administrator finds that the installation fails at random intervals. Which two actions can be taken to resolve this issue? (Choose two.)___
A. Verify the md5sum and if invalid, download the installation files again.
B. Attempt the installation an additional time.
C. Attempt to use a different installation media or installation method.
D. Create a new virtual machine and attempt the installation with the existing media.
【多选题】
VMware tools is failing to install on a Microsoft Windows virtual machine. What are two possible situations that would prevent the installation? (Choose two.)___
A. The VMware tools installation media is corrupt.
B. The incorrect Operating System was selected in the virtual machine options.
C. The software prerequisites have not been installed.
D. The prerequisite services have not been started.
【多选题】
As part of a multisite Single Sign-On (SSO) deployment what two steps are required to ensure that a change to one Single Sign-On instance is propagated to the other instances? (Choose two.)___
A. Schedule a Replication Task on the primary instance
B. Select the first instance during the installation of subsequent instances
C. During the installation of each instance choose Linked-Mode
D. Enable Synchronize to Active Directory on each instance
【多选题】
You need to add an object to an existing vApp using the vSphere Web Client. How is this accomplished?___
A. Create an Object Inside the vApp.
B. Add an Object to a vApp.
C. Add an Object to the
D. atastore the vApp is located in.
【多选题】
Which three steps must be taken to use vSphere Update Manager 6.x to upgrade an ESXi 5.5 host to vSphere 6.x? (Choose three.)___
A. Download an ESXi Image.
B. Configure the vSphere Update Manager Download Service.
C. Create a baseline and attach it to the ESXi Host.
D. Scan the vCenter Content Library for the
E. SXi Image.
【多选题】
Which two options would allow a database administrator, with no access to the vSphere infrastructure, to connect to a virtual machine? (Choose two.)___
A. Use the Virtual Machine Remote Console (VMRC).
B. Use Remote Desktop Protocol (RDP) to connect.
C. Ask the vSphere administrator to grant permission to access the console through vCenter Server.
D. Ask the vSphere administrator to grant permission to access with the Horizon View Direct Connect Client.
【多选题】
Which three are architecture components of vRealize Operations? (Choose three.)___
A. Identity Server
B. Administrative Server
C. Analytics Server
D. Database Server
E. Connection Broker
【单选题】
金克拉金克拉撒旦蒂萨里大儿童家爱丽丝打开就撒开绿灯技术的()
A. 手动阀手动阀
B. 撒旦
C. 反对法
D. 第三方
【单选题】
金克拉金克拉撒退热贴开绿灯技术的()
A. 是否
B. 阿斯顿
C. 撒旦
D. 感到反感
【单选题】
而非热舞法国会开绿灯技术的()
A. 撒的
B. 热个股分化
C. 返回
D. 而我认为
【单选题】
十大富豪不给发货返回返回返回()
A. dfdfgd
B. 梵蒂冈梵蒂冈
C. 广泛大概
D. 热
【多选题】
马克思主义哲学所讲的静止是指___
A. 运动的一种特殊形式
B. 绝对不动
C. 排斥运动
D. 事物处于量变状态
E. 事物在特定参考系中未发生位置变动
【多选题】
物质和运动的关系是___
A. 运动是物质的固有属性
B. 物质是运动的承担者
C. 运动是物质的存在方式
D. 运动不一定是物质的运动
E. 物质不一定都在运动
【多选题】
社会的物质性体现在___
A. 劳动是社会产生和存在的决定性因素
B. 在社会中不存在精神的现象和活动
C. 物质资料的产生是社会历史的前提
D. 全部社会生活在本质上是实践的
E. 社会生活中不存在物质关系以外的其他关系
【多选题】
意识的能动作用表现在___
A. 反映客观世界
B. 创造物质世界
C. 通过实践改造客观世界
D. 创造理论体系
E. 为自然界创造秩序
【多选题】
金克拉金克拉撒旦蒂萨里大儿童家爱丽丝打开就撒开绿灯技术的()
A. 手动阀手动阀
B. 撒旦
C. 反对法
D. 第三方
【多选题】
金克拉金克拉撒退热贴开绿灯技术的()
A. 是否
B. 阿斯顿
C. 撒旦
D. 感到反感
【多选题】
而非热舞法国会开绿灯技术的()
A. 撒的
B. 热个股分化
C. 返回
D. 而我认为
【多选题】
十大富豪不给发货返回返回返回()
A. dfdfgd
B. 梵蒂冈梵蒂冈
C. 广泛大概
D. 热
【判断题】
金克拉金克拉撒旦蒂萨里大儿童家爱丽丝打开就撒开绿灯技术的()
【填空题】
金克拉金克拉撒旦蒂萨里大儿童家爱丽丝打开就撒开绿灯技术的()