【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
推荐试题
【判断题】
接入网络必须通过互联网络进行国际联网。
【判断题】
国家对国际联网实行统筹规划、统一标准、分级管理、促进发展的原则。
【判断题】
公安部信息监控小组负责协调、解决有关国际联网工作中的重大问题。
【判断题】
单位和个人的计算机信息网络直接进行国际联网时,可以自由选择信道进行国际联网。
【判断题】
任何单位和个人不得自行建立或者使用其他信道进行国际联网。
【判断题】
国际出人口信道提供单位、互联单位和接入单位,应当建立相应的网络管理中心,依照法律和国家有关规定加强对本单位及其用户的管理,做好网络信息安全管理工作,确保为用户提供良好、安全的服务。
【判断题】
专业计算机信息网络,是指为行业服务的计算机信息网络。
【判断题】
专业计算机信息网络,是指为行业服务的专用计算机信息网络。
【判断题】
《中华人民共和国计算机信息网络国际联网管理暂行规定实施办法》中的个人用户一定具有联网账号。
【判断题】
国际出入口信道,是指国际联网所使用的物理信道。
【判断题】
企业计算机信息网络,是指为企业服务的专用计算机信息网络。
【判断题】
国家对国际联网的建设布局、资源利用进行统筹规划。
【判断题】
企业计算机信息网络,是指为行业服务的专用计算机信息网络。
【判断题】
在中国已建立的四个互联网络中,两个公益性互联网络所使用的信道的资费应当享受优惠政策。
【判断题】
《中华人民共和国计算机信息网络国际联网管理暂行规定实施办法》规定的企业计算机信息网络,是指企业内部和外部相连接的计算机信息网络。
【判断题】
国际联网实行分级管理,即:对互联单位、接人单位、用户、国际出入口信道逐级管理。
【判断题】
66。在中国已建立的四个互联网络中,两个经营性互联网络不应享受同等的资费政策和技术支撑条件。
【判断题】
企业计算机信息网络和其他通过专线进行国际联网的计算机信息网络可不受限制地经营国际互联网络业务。
【判断题】
接人单位申请书、用户登记表的格式由互联单位主管部门按照《中华人民共和国计算机信息网络国际联网管理暂行规定实施办法》的要求统一制定。
【判断题】
经营性接入单位凭经营许可证向提供电信服务的企业办理所需通信线路手续。提供电信服务的企业应当在半年内为接人单位提供通信线路和相关服务。
【判断题】
用户有权获得接人单位提供的各项服务;有义务交纳费用。
【判断题】
用户向接人单位申请国际联网时,应当提供有效身份证明或者其他证明文件。
【判断题】
国际出入口信道提供单位、互联单位、接人单位每两年向国务院信息化工作领导小组办公室提交有关网络运行、业务发展、组织管理的报告。
【判断题】
87,企业计算机信息网络和其他通过专线进行国际联网的计算机信息网络,只限于内部使用。
【判断题】
进行国际联网的专业计算机信息网络可经营国际互联网络业务。
【判断题】
国际出入口信道提供单位与互联单位应当签定相应的协议,严格履行各自的责任和义务。
【判断题】
制定《中华人民共和国计算机信息系统安全保护条例)是为了促进我国计算机的应用和发展,保障社会主义现代化建设的顺利进行。
【判断题】
计算机信息系统,是指由计算机及其相关的和配套的设备、设施(含网络)构成的。
【判断题】
计算机信息系统的建设和应用,应当遵守法律、行政法规和国家其他有关规定。
【判断题】
公安部、国家安全部、国家保密局、国务院是计算机信息系统安全保护工作的主管部门。
【判断题】
计算机机房的建设应当符合国家标准和国家有关规定。在计算机机房附近施工,不得危害计算机信息系统的安全。
【判断题】
除从事国家安全事务的人员外,任何组织和个人都不得利用计算机信息系统从事危害国家利益和公民合法利益的活动。
【判断题】
在计算机机房附近施工,不负有维护计算机信息系统安全的责任和义务。
【判断题】
进行国际联网的计算机信息系统,由计算机信息系统的使用单位报当地人民政府公安机关备案。
【判断题】
计算机信息系统的使用单位自愿建立健全安全管理制度,负责本单位计算机信息系统的安全保护工作。
【判断题】
查处危害计算机信息系统安全的违法犯罪案件不是公安机关对计算机信息系统安全保护工作的监督职权。
【判断题】
监督、检查、指导计算机信息系统安全保护工作是公安机关对计算机信息系统安全保护工作中的监督职权之一。
【判断题】
不按规定时间报告计算机信息系统中发生的案件的行为违反了《中华人民共和国计算机信息系统安全保护条例》的规定,将由公安机关作出处理。
【判断题】
违反计算机信息系统安全等级保护制度及计算机信息系统国际联网备案制度,危害计算机信息系统安全的其他行为的,将由公安机关处以警告或者停机整顿。
【判断题】
公安部在紧急情况下,可以就涉及计算机信息系统安全的特定事项发布专项通令。
