【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
推荐试题
【单选题】
在填列资产负债表时,下列通过分析才能填列的项目是___。
A. 长期借款|
B. 长期股权投资|
C. 短期借款|
D. 在建工程|
【单选题】
下列属于经营活动的是___。
A. 销售商品|
B. 从银行借款|
C. 购买固定资产|
D. 分配股利|
【单选题】
所有者权益变动表是___。
A. 主要报表且是年度报表|
B. 主要报表且是中期报表|
C. 利润表的附表|
D. 资产负债表的附表|
【单选题】
下列不属于企业主要报表的是___。
A. 资产负债表|
B. 利润表|
C. 现金流量表|
D. 利润分配表|
【单选题】
产品销售过程的广告费应计入___
A. 销售费用|
B. 生产成本|
C. 主营业务成本|
D. 管理费用|
【单选题】
银行存款日记账由___根据审核无误的收.付款凭证逐日逐笔进行登记。
A. 会计主管入员|
B. 审核入员|
C. 记账入员|
D. 出纳入员|
【单选题】
95.登记现金日记账时,误将记账凭证中的“200”抄成“2000”,应采用的错账更正方法是___。
A. 划线更正法|
B. 红字更正法|
C. 补充登记法|
D. 蓝字更正法|
【单选题】
如果发现记账凭证所用的科目正确,只是所填金额大于应填金额,并已登记入账,应采用___更正。
A. 划线更正法|
B. 红字更正法|
C. 平行登记法|
D. 补充登记法|
【单选题】
银行存款余额调节表是___
A. 对银行和本单位产生的未达账项进行余额试算平衡的表格|
B. 通知银行更正错误的依据|
C. 调整银行存款账簿记录的依据|
D. 更正本单位银行存款日记账记录的依据|
【单选题】
对于银行已经入账,本单位尚未入账的未达账项,企业应该___
A. 立即入眼|
B. 任意处理|
C. 等结算凭证到达后入账
【单选题】
《中国共产党机构编制工作条例》的制定依据是()。(出题单位:市委编办)
A. 中国共产党章程
B. 中国共产党党内法规制定条例
C. 中国共产党党内法规和规范性文件备案审查规定
【单选题】
机构编制工作的导向是()。(出题单位:市委编办)
A. 坚持和加强党的全面领导
B. 完善和发展中国特色社会主义制度、推进国家治理体系和治理能力现代化
C. 推进党和国家机构职能优化协同高效
【单选题】
扫黑除恶专项斗争的主要特点是()。(出题单位:长宁区委宣传部)
A. 已上升至国家战略
B. 斗争对象更加广泛
C. 斗争手段更加丰富、更加强调依法打击
D. 所有答案都对
【单选题】
党支部书记一般应当具有( )以上党龄。(出题单位:杨浦区人民检察院)
【单选题】
党的十九大报告指出,要相互尊重、平等协商,坚决摒弃冷战思维和强权政治,走( )的国与国交往新路。(出题单位:杨浦区人民检察院)
A. 合作共赢、互不侵犯
B. 开放包容、平等互利
C. 对话而不对抗、结伴而不结盟
【单选题】
为了深化国家监察体制改革,加强对()的监督,实现国家监察全面覆盖,深入开展反腐败工作,推进国家治理体系和治理能力现代化,根据宪法,制定《中华人民共和国监察法》。(出题单位:杨浦区纪委监委)
A. 全体党员
B. 公务员
C. 领导干部
D. 所有行使公权力的公职人员
【单选题】
()位于上海中心城区东北部,杨浦区东南部的黄浦江下游,是浦江内唯一的封闭式内陆岛。(出题单位:杨浦区人民检察院)
A. 复兴岛
B. 崇明岛
C. 大金山岛
D. 长兴岛
【单选题】
长乐路613弄沪江别墅为上海市优秀历史建筑,其建筑类型为()。(出题单位:徐汇区住房保障和房屋管理局)
A. 花园洋房
B. 新式里弄
C. 石库门
D. 新公房
【单选题】
坐落于徐汇区漕溪北路595号的()是一座融展示与活动、参观与体验为一体的,涵盖了文物收藏、学术研究、社会教育、陈列展示等功能的行业博物馆。它既是满足大众电影文化需求的艺术殿堂,也是上海电影乃至中国电影最为重要的展示窗口之一。(出题单位:徐汇区委宣传部)
A. 上海电影艺术中心
B. 上海电影展览馆
C. 上海影视博物馆
D. 上海电影博物馆
【单选题】
上海是我国警察制度的发源地之一。1999年9月11日,我国首座公安主题博物馆——(),在徐汇区瑞金南路正式开馆。其具有丰富的馆藏,其中国家一级文物49件套。(出题单位:徐汇区委宣传部)
A. 徐汇公安博物馆
B. 上海公安博物馆
C. 上海公安历史博物馆
D. 中国公安主题博物馆
【单选题】
第二届中国国际进口博览会是由中华人民共和国商务部和上海市人民政府主办的大型博览会,在中国上海国家会展中心举行,时间是:(出题单位:闵行区经委)
A. 11月3日-11月8日
B. 11月4日-11月9日
C. 11月5日-11月10日
【单选题】
( )创建于1983年,是上海市最早成立的两个国家级开发区之一。(出题单位:闵行区江川路街道)
A. 陆家嘴金融贸易区
B. 闵行经济技术开发区
C. 金桥出口加工区
D. 漕河泾新兴技术开发区
【单选题】
1925年5月15日,内外棉七厂工人、共产党员顾正红为维护工人利益,在与日本资本家的斗争中英勇牺牲。成为()的导火线。(出题单位:普陀区档案局(馆))
A. 五卅运动
B. 五四运动
C. 六五罢工
D. 反日大罢工
【单选题】
()是解放后新中国第一个工人新村。(出题单位:普陀区档案局(馆))
A. 曹杨新村
B. 甘泉新村
C. 宜川新村
D. 长风新村
【单选题】
“最后一公里”自动代客泊车被认为是自动驾驶具有商业落地前景的路径之一,自动代客泊车的英文简称是_____。(出题单位:上汽集团)
A. HWP
B. LKA
C. AVP
D. APA
【单选题】
上海国际马拉松赛于()年起举办,赛事路线穿过上海中心城市地标,如今已成为上海名片赛事,深受跑者喜爱,成为国内顶级赛事之一。(出题单位:东浩兰生(集团)有限公司)
A. 1998
B. 1996
C. 2012
D. 2000
【单选题】
请问下列四个日期中哪一天地球到太阳的距离最远( )?(出题单位:上海大学中欧工程技术学院)
A. 三月初
B. 六月初
C. 七月初
D. 十二月初
【单选题】
河豚鱼含毒素最多的部位是( ) 。(出题单位:上海大学生命科学学院)
A. 鱼肉
B. 血液和皮肤
C. 卵巢和肝
D. 胃肠
【单选题】
黑恶不扫,社会难稳。黑恶不除,()难安。(出题单位:长宁区委宣传部)
【单选题】
扫黑除恶专项斗争()是各级党委书记和政府主要负责人,()是各级政法机关主要负责同志。(出题单位:长宁区委宣传部)
A. 第一责任人 直接责任人
B. 直接责任人 第一责任人
C. 第一责任人 主要责任人
D. 主要责任人 直接责任人
【单选题】
()集中统一领导全国机构编制工作。(出题单位:市委编办)
【单选题】
党中央设立中央机构编制委员会,作为党中央决策议事协调机构,在()领导下开展工作。(出题单位:市委编办)
A. 中央政治局
B. 中央政治局常委会
C. 中央政治局及其常委会
【单选题】
对国家规定的应当整理归档的材料,必须按照规定,定期向本单位的()移交,任何人不得据为己有。(出题单位:上海市档案局)
A. 领导
B. 档案机构或档案工作人员
C. 管理部门
【单选题】
档案与图书、报刊本质属性上的区别在于档案是()历史记录。(出题单位:上海市档案局)
A. 真实的
B. 可靠的
C. 原始的
D. 重要的
【单选题】
各级监察委员会是行使()的专责机关。(出题单位:杨浦区纪委监委)
A. 党和国家审查职能
B. 国家监督职能
C. 国家监察职能
D. 党和国家监察职能
【单选题】
国家监察工作严格遵照宪法和法律,以事实为根据,以法律为准绳;在适用法律上一律平等,保障当事人的合法权益;();()。(出题单位:杨浦区纪委监委)
A. 权责对等,注重监督;教育与惩处相结合
B. 权责对等,严格监督;惩戒与教育相结合,宽严相济
C. 秉持诚实,恪守承诺;惩戒与引导相结合,宽严相济
D. 权利和义务相统一;教育与引导相结合,宽严相济
【单选题】
坚持和完善党对人民军队的()制度,确保人民军队忠实履行新时代使命任务。党对人民军队的绝对领导是人民军队的建军之本、强军之魂。(出题单位:嘉定区委宣传部)
A. 绝对领导
B. 完全领导
C. 全面领导
D. 基本领导
【单选题】
要坚持马克思主义在意识形态领域的指导地位,坚持以()引领文化建设制度,健全人民文化权益保障制度,完善坚持正确导向的舆论引导工作机制,建立健全把社会效益放在首位、社会效益和经济效益相统一的文化创作生产体制机制。(出题单位:嘉定区委宣传部)
A. 社会主义先进文化
B. 人民精神力量
C. 文化自信
D. 社会主义核心价值观
【单选题】
统一战线是指不同的()在一定的历史条件下,为了实现一定的共同目标,在某些共同利益的基础上组成的政治联盟。(出题单位:杨浦区委统战部)
A. 集团
B. 社会政治力量
C. 政党
D. 阶级
【单选题】
中国共产党在各个历史时期建立的统一战线,具体性质、目标、任务各有不同,但实现()始终是一个永恒的主题。(出题单位:杨浦区委统战部)
A. 增进友谊
B. 保护自身利益
C. 大团结、大联合
D. 促进共同发展
