【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
推荐试题
【单选题】
920.(A320)前轮转弯系统中,反馈位置传感器是直接感受___
A. A.角齿轮传感机构的转动角度
B. B.作动筒运动的行程
C. C.转弯手轮的角度
D. D.反馈连杆回到中立位的行程
【单选题】
921.(A320)前起落架后部上方有一个小孔,我们在维护时使用它主要是___
A. A.用于检查减震支柱的油量
B. B.用于检查减震支柱的镜面磨损情况
C. C.拆卸内筒时用于接近内部紧固件
D. D.用于对前起落架内外筒之间的轴承进行润滑
【单选题】
922.(A320)如果选择了最大刹车,中断起飞时反推放出,但忘记把地面减速板预位,自动刹车会工作吗___
A. A.会
B. B.不会
C. C.需要机组预先设定这个备用程序
D.
【单选题】
973.(A320)使用绿系统进行正常刹车操作时,下面说法错误的是___
A. A.刹车组件上只有一半数量的作动活塞作动
B. B.在驾驶舱停留刹车三针指示表上将不显示刹车压力
C. C.刹车压力由BSU通过刹车选择valve并协同防滞系统进行控制
D. D.当备用低压液压系统油路中有空气时,并不影响刹车,但脚蹬反馈力会偏大
【单选题】
974.(A320)在备用刹车情况下,当机组感觉刹车脚蹬偏软时,下面哪个因素是可能的___
A. A.备用低压液压系统油路中有空气
B. B.绿液压系统油路里有空气
C. C.刹车控制钢索张力偏低
D. D.停留刹车关断valve没有完全打开
【单选题】
975.(A320)在哪种情况下,前轮转弯系统仍然可以工作___
A. A.地面人工维护时打开前起落架舱门
B. B.重力放起落架后
C. C.BSU两个通道均失效
D. D.滑行速度大于130节
【单选题】
976.(A320)当地面维护接通黄系统电动泵并关断PTU时,此时踩刹车脚蹬___
A. A.刹车压力的大小通过备用低压液压系统将信号传递给备用刹车控制系统,但防滞功能仍由BSCU控制
B. B.此时在停留刹车压力表上看不到刹车压力
C. C.刹车毂上的两组活塞(正常和备用)均由黄系统压力作动
D. D.以上都不正确
【单选题】
977.(A320)当飞机顶起在空中状态时,使用地面维护手柄打开起落架舱门后___
A. A.起落架收放功能被抑制
B. B.舱门收放功能被抑制
C. C.起落架和舱门收放功能都被抑制
D. D.都不受影响
【单选题】
978.(A320)当前起落架镜面有油迹时,表明___
A. A.前轮转弯作动筒漏油
B. B.起落架内筒漏油
C. C.润滑内外筒转动轴承时渗漏出来的油
D. D.都有可能
【单选题】
979.(A320)关于起落架灌充的说法,下面正确的是___
A. A.在不同情况下,内筒的灌充压力读数可能是不同的
B. B.每架飞机灌充完后在地面的镜面高度都应该是一样的
C. C.每架飞机灌充完后在地面的内筒压力都应该是一样的
D. D.需要考虑飞机的重量变化对灌充的影响
【单选题】
980.(A320)关于前起落架,下面说法正确的是___
A. A.灌充时需要对比上下两个气腔的压力值
B. B.当主封严失效时可以通过备用封严作动valve来转换成备用封严
C. C.使用起落架底部的valve进行灌充
D. D.以上答案都不正确
【单选题】
当起落架控制手柄置位于收上(UP)位时___
A. A.液压系统首先作动打开起落架下锁机构
B. B.LGCIU控制液压切断valve打开
C. C.两个LGCIU进行控制转换
D. D.以上答案都不正确
【单选题】
下列关于起落架上锁机构叙述正确的是___
A. A.其是由液压开锁,液压锁定的
B. B.其是由液压开锁,机械锁定的
C. C.其是由机械开锁,液压锁定的
D. D.其是由机械开锁,机械锁定的
【单选题】
下列关于起落架收放的叙述正确的是___
A. A.起落架收放可以由绿系统或黄系统提供液压动力
B. B.LGCIU控制起落架的正常收放
C. C.液压切断valve是由起落架控制手柄控制开关的
D. D.起落架控制手柄通过钢索作动液压选择valve
【单选题】
关于客舱阅读灯叙述不正确的是()___
A. CIDS系统调节其亮度
B. PTP面板能测试阅读灯的灯泡好坏
C. PTP面板能测试阅读灯系统中PCB的好坏(PCB:印刷电路板)
D. 可单独更换灯泡
【单选题】
当飞机正常供电时关于厕所内的荧光灯和辅助照明灯叙述正确的()___
A. 厕所门关上且上锁,两种灯照明无变化
B. 厕所门关上,两种灯照明更亮
C. 厕所门关上,两种灯照明无变化
D. 厕所门关上且上锁,两种灯照明更亮
【单选题】
对外接电源面板(108VU)做灯光测试时叙述不正确的是()___
A. 只要飞机电瓶可用,就可以启动对ADIRU/AVNCSVENT灯测试
B. 飞机有外接电源时,可以对面板上的所有灯光测试
C. 飞机只有APU供电时,可以对面板上的所有灯光测试
D. 飞机只有APU供电时,仅能对ADIRU/AVNCSVENT灯光测试
【单选题】
对于飞机标志(LOGO)叙述不正确的是()___
A. 与导航灯共用开关
B. 当开关打开时LOGO灯就肯定亮
C. 标志灯的工作状态与起落架位置,SLAT.FLAP位置有关
D. 照射垂直安定面
【单选题】
关于驾驶舱DOME灯下面叙述正确的是()___
A. 飞机在地面仅有维护电源时,只有正驾驶的DOME灯亮
B. 在地面仅有电瓶电源时(BAT1,2ON),只有副驾驶的DOME灯亮
C. A,B叙述都正确
D. A,B叙述都不正确
【单选题】
关于着陆灯的叙述不正确的是()___
A. 着陆灯因故障原因收不起时,不影响飞行高度与速度
B. 左右着陆灯分别由AC1和AC2提供电源
C. 着陆灯放下时在上ECAM上有绿色的状态记忆信息
D. 着陆灯上有两个调节螺帽调节的角度可以大于90.5o
【单选题】
驾驶舱内部灯光控制器提供()___
A. 0~5VDC电压
B. 0~10VDC电压
C. 0~10VAC电压
D. 0~5VAC电压
【单选题】
客舱的左前入口荧光灯当发动机启动好且驾驶舱门打开时()___
A. 亮度无变化
B. 亮度调至100%
C. 亮度调至50%
D. 亮度调至10%
【单选题】
客舱中的顶灯与窗灯()___
A. 每个DEUA控制相同侧的四个顶灯的亮度
B. 每个DEUA控制相同侧的四个窗灯的亮度
C. 每个DEUA控制相同侧最近的两个顶灯和两个窗灯的亮度
D. 通过PTP面板可以测试顶灯与窗灯的工作状态
【单选题】
跑道转弯灯的电门置于打开位,那么跑道转弯灯什么时候亮()___
A. 起落架收起的时候
B. 一直亮
C. 起落架放出的时候
D. 与起落架无关
【单选题】
什么时候应急灯光系统由EPSU内部电瓶供电()___
A. 应急出口灯电源在“接通”位置
B. 当FAP上的应急灯光按钮在接通位置,并且直流主汇流条无电时
C. 当主灯光系统失效
D. 任何时候都由EPSU内部电瓶供电
【单选题】
以下关于着陆灯描述错误的是()___
A. 它可以在任何速度下放出
B. 它的照射光线与飞机纵轴线保持平行
C. 当放出接通后此灯亮
D. 它只能在空速小于100海里时才能放出
【单选题】
在紧急电源构型下,哪些驾驶舱灯光保持照明()___
A. 左边主仪表面板照明,左边顶灯(DOME)照明
B. 右边主仪表面板照明,右边顶灯(DOME)照明
C. 右边主仪表面板照明,左边顶灯(DOME)照明
D. 左边主仪表面板照明,右边顶灯(DOME)照明
【单选题】
在做通告灯测试时()___
A. MASTERWARNING灯和MASTERCAUTION灯是由通告灯变压器提供6.3V电压
B. MASTERWARNING灯和MASTERCAUTION灯是由通告灯变压器提供4.3V电压
C. MASTERWARNING灯和MASTERCAUTION灯是由通告灯变压器提供5V电压
D. 下ECAM页上不会出现巡航页
【单选题】
我司A319飞机头顶面板按钮灯光采用什么照明?___
A. 可拆卸灯泡
B. LED
C. 可拆卸灯管
D.
【单选题】
在应急构型下,驾驶舱内什么灯光依然保持燃亮?___
A. 机长一侧的顶灯以及中部仪表板照明的左侧area
B. 副驾驶一侧的顶灯以及中部仪表板照明的左侧area
C. 副驾驶一侧的顶灯以及中部仪表板照明的右侧area
D.
【单选题】
客舱阅读灯测试在什么地方可以进行测试?___
A. FAP面板、MCDU
B. FAP、PTP
C. PTP、MCDU
D.
【单选题】
什么area的灯光采用日光灯管和整体式的镇流器?___
A. 旅客阅读灯、乘务员area照明
B. 客舱照明、登机入口灯以及洗手间照明
C. 卫生间标志照明
D.
【单选题】
A319飞机应急灯控制开关有几个位置?___
A. OFF
B. ARM
C. ON
D. 以上答案均正确
【单选题】
EPSU的测试可在什么地方进行?___
【单选题】
EPSU可将28VDC转换为___
A. 26/115VAC
B. 6VDC
C. 8VDC
D.
【单选题】
EPSU可进行什么BITE测试?___
A. 系统测试
B. 电瓶容量测试
C. A+B
D.
【单选题】
应急灯系统包括___
A. 客舱应急照明系统
B. 紧急出口引导标志
C. 滑梯标志灯
D. 以上答案均正确
【单选题】
滑行-起飞灯共有几种工作模式模式?___
A. 滑行模式
B. 起飞-滑行模式
C. A+B
D.
