【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
推荐试题
【多选题】
RITP研究结果中,说法错误的是?
A. 利妥昔单抗不降低治疗失败率
B. 初始反应率是 50%
C. 1年反应率是38%
D. 5年反应率是21%
【多选题】
RITP研究结果中,说法错误的是?
A. 利妥昔单抗不降低治疗失败率
B. 初始反应率是 50%
C. 1年反应率是38%
D. 5年反应率是21%
【多选题】
RITP研究结果中,疗效反应率是指?
A. 血小板计数>30 x 10^9/L
B. 血小板计数>50 x 10^9/L
C. 血小板计数>70 x 10^9/L
D. 血小板计数>100 x 10^9/L
【多选题】
关于利妥昔单抗,说法错误的是?
A. RCT研究中,与安慰剂相比,利妥昔单抗组的治疗失败率、脾切除率、总体反应率、完全反应率均无显著差异
B. 利妥昔单抗起效较慢(中位起效时间2个月)
C. 持续反应率随时间逐渐降低,5年持续反应率40%左右
D. 利妥昔单抗治疗成人ITP具有较好的安全性
【多选题】
关于重组人血小板生成素(rh-TPO),以下说法错误的是?
A. 作用机制是利用基因重组技术制成的全长糖基化血小板生成素
B. 与TPO受体结合,刺激巨核细胞生长及分化,促进血小板生成
C. 用于特发性血小板减少性紫癜(ITP)的辅助治疗,适用对象为血小板低于30×10^9/L的糖皮质激素治疗无效
D. 用法用量是300U/kg/天,皮下注射,连续应用14天
【多选题】
关于重组人血小板生成素(rh-TPO),以下说法错误的是?
A. 开始治疗后7天,25%的患者达疗效反应
B. 疗效反应率在50%左右
C. 短期治疗ITP耐受性良好
D. 国外早期研究显示,rh-TPO在部分受试者中诱导抗TPO抗体的产生,导致持续性血小板减少
【多选题】
关于艾曲泊帕剂量延伸(EXTEND)研究,说法错误的是?
A. 治疗中位时间是865天(2.37年; 2天-8.76年)
B. 艾曲泊帕治疗中85.8%的患者至少获得一次治疗反应
C. 治疗反应定义为缺乏抢救性治疗药物,血小板计数至少一次 ≥50,000/µL
D. 血小板疗效维持长达8.76年
【多选题】
关于艾曲泊帕的以下说法,不正确的是?
A. 艾曲泊帕为25 mg(白色) 的薄膜衣片
B. 在日本,有规格为12.5mg的片剂,且与欧洲和美国相比,有不同的获批的治疗方案
C. 达到最大浓度时间2-6小时(血浆)
D. 半衰期是21-28 小时(血浆)
【多选题】
关于艾曲泊帕的剂量初始和调整方案,说法错误的是?
A. 初始剂量:25mg/d,为了获得≥50 x 109/L的血小板计数,最高可调整为75mg
B. 至少2周治疗后血小板 <50 x 109/L,以25mg的量增加每日剂量,最高至75mg
C. "血小板 ≥50 x 109/L~≤150 x 109/L,使用最低剂量的艾曲泊帕和/或同时进行ITP治
D. 血小板>150 x 109/L,停止使用艾曲泊帕。增加血小板监测的频率到每周两次
【多选题】
艾曲泊帕的服用方法,错误的是?
A. 食用影响艾曲泊帕吸收的药物前2小时或4小时后再服药
B. 早餐服药宜选择:凌晨6点-上午9点
C. 晚餐服药宜选择:下午3点-晚上9点
D. 口服,每天一次
【多选题】
会影响艾曲泊帕的吸收的食物或药物,不包括?
A. 乳制品或富含钙的食物
B. 抗酸药
C. 一些矿物质和维生素添加剂
D. 富含脂肪的食物
【多选题】
瑞弗兰的目标患者群是?
A. 既往放化疗有血小板减少症史,拟再次接受放化疗的患者
B. 一线糖皮质激素治疗失败或复发的慢性免疫性血小板减少症患者
C. 脾切除及至少一种免疫抑制剂治疗无效的慢性ITP患者
D. 新诊断ITP患者一线联合治疗
【多选题】
以下哪个药物不是临床常见的ITP二线治疗药物?
A. 环孢素
B. 特比奥
C. 甲强龙
D. 硫唑嘌呤
【多选题】
瑞弗兰可用于治疗?(中国适应症)
A. 糖皮质激素、免疫球蛋白或脾切除疗效不佳的成人及12岁及以上慢性免疫性血小板减少症(ITP)患者
B. 需要初始和维持干扰素治疗的慢性丙肝合并血小板减少症的患者
C. 糖皮质激素、免疫球蛋白或脾切除疗效不佳的1岁及以上儿童慢性免疫性血小板减少症(ITP)患者
D. 免疫抑制治疗疗效不佳的重度再生障碍性贫血患者
【多选题】
瑞弗兰的推广口号是?
A. 快速升板,方便安全
B. 快速升板,安全方便
C. 瑞享人生,弗兰相伴
D. 快速升板,方便安心
【多选题】
下列选项不是瑞弗兰核心推广策略的是?
A. 使现有TPO制剂使用者优先选择瑞弗兰
B. 与被视为“治愈”的现有二线治疗方案进行品牌区隔
C. 从新定义ITP一线激素治疗疗效评价标准,明确何时应启动二线治疗
D. 与一线糖皮质激素联合使用,提升新诊断ITP患者的治疗效果
【多选题】
瑞弗兰的核心推广信息有?
A. 首个也是唯一获得批准的口服小分子非肽TPO受体激动剂
B. 与TPO受体的跨膜区选择性的相互作用,不会与内源性TPO竞争,不会诱导TPO抗体
C. 大规模临床研究显示瑞弗兰能快速有效提高ITP患者的血小板水平,且安全性良好,不良反应可控
D. 以上都是
【多选题】
在全球范围内,瑞弗兰已批准的适应症可以治疗如下患者,除了?
A. 新诊断的免疫性血小板减少症患者
B. 新诊断的重型再生障碍性贫血患者
C. 丙肝应用干扰素治疗导致血小板较少症的患者
D. 大于1岁的慢性免疫性血小板减少症儿童患者二线治疗
【多选题】
以下说法错误的是?
A. 瑞弗兰需要终身服药
B. 瑞弗兰是TPO受体激动剂
C. 瑞弗兰不会诱导TPO抗体产生
D. 瑞弗兰与特比奥作用位点不同
【多选题】
ITP的治疗目标不包含?
A. 提升患者血小板至安全水平
B. 尽可能减少临床出血事件
C. 改善患者的生活质量
D. 尽可能减少治疗花费
【多选题】
艾曲波帕的半衰期是12–21 小时(血浆)?
【多选题】
艾曲波帕的结合位点与TPO的结合位点不同,因此与内源性TPO可能产生协同效应?
【多选题】
EXTEND研究中,52%的患者减少伴随用药剂量?
【多选题】
EXTEND研究中安全性结果与早期研究报道相一致,在长达8.76年的随访过程未发现新的安全性问题?
【多选题】
东亚ITP受试者血浆中艾曲波帕药时曲线下面积(AUC)和峰值浓度(Cmax)分别比白种人高1.85和1.6倍?
【多选题】
国研究中,艾曲波帕初始剂量为25mg/日,如果血小板疗效(>50 ×109/L)未达到,每2周按25mg/日的剂量增加,直至达最大值75mg/日?
【多选题】
RAISE研究中,血小板计数高于400x10^9/L时应中断艾曲泊帕治疗,待低于150 x 10^9/L时以更低剂量恢复治疗?
【多选题】
RAISE研究中,艾曲泊帕组出现疗效反应的几率是安慰剂组的8.2倍?
【多选题】
RAISE研究中,治疗两周直至治疗结束期间,艾曲泊帕组患者中位血小板计数维持在50 x 10^9/L以上?
【多选题】
利妥昔单抗:40%患者治疗无效,起效较慢?
【多选题】
利妥昔单抗有两种用法,其中大剂量为1000mg,静脉滴注,用2次,间隔14天?
【多选题】
重组人血小板生成素(rh-TPO) 可用于治疗实体瘤化疗后所致的血小板减少症,适用对象为血小板低于100×10^9/L且医生认为有必要升高血小板治疗的患者?
【多选题】
国外早期曾研发过重组人非全长型TPO,单检测到rh-TPO抗体的产生,对内源性TPO具有交叉免疫作用,中和其生物学活性?
【多选题】
艾曲泊帕与TPO的结合位点不同,因此不会与内源性TPO竞争?
【多选题】
EXTEND研究中,基线时血小板计数≥50,000/µL患者不接受伴随药物治疗?
【多选题】
EXTEND研究中,8.76年随访中获得高治疗反应,艾曲泊帕治疗中85.8%患者至少获得一次治疗反应?
【多选题】
中国研究中,首次达到血小板计数>50×109/L中位时间是6.12周?
【多选题】
" RAISE 研究中,艾曲泊帕组 79%患者至少出现一次治疗反应 (vs 28% 安慰机组;
【多选题】
RAISE研究中,艾曲泊帕较安慰剂显著降低出血,出血降低与生活质量的改善相关?
【多选题】
艾曲泊帕一日一次,服用方便,亚洲人的初始剂量为25mg?
