【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
推荐试题
【判断题】
贵金属代理交易中,本行仅作为代理方,收取代理手续费,不承担因代理交易产生的盈亏责任。
【判断题】
贵金属代理交易中,柜面渠道可为客户办理贵金属交易资金圈存、圈提、出金、入金、委托申报、交割申报、中立仓申报、撤消申报。
【判断题】
系统不支持非同一证件号码(如新、旧身份证)开户的两个账户间进行签约关系变更,必须确保新旧账户开户时使用的是同一客户名下的同一证件号码。
【判断题】
个人基金产品购买,如果该购买的产品所对应的TA未开户,则系统会自动开户。
【判断题】
个人定期定额业务指基金定投业务,是指投资者与本行签订协议,以固定的周期、固定的金额投资于指定的开放式基金,并由本行按照定投协议自动为投资者发起定期定额申购交易的业务。
【判断题】
客户选择购买的基金产品的风险等级须低于或等于客户风险等级。
【判断题】
个人客户选择购买的基金产品风险高于其风险承受能力,则不予购买。
【判断题】
个人基金业务需投资人或代理人凭有效身份证件和凭证办理。
【判断题】
客户选择购买的基金产品的风险等级须低于或等于客户风险等级。
【判断题】
当出现基金投资人坚持要购买产品风险超越其风险承受能力的基金产品的情况,我行不能给予购买。
【判断题】
若基金存在冻结情况,则基金份额冻结的部分不接受赎回申请,若投资人赎回数量大于该投资人账户中可赎回的基金数量,该赎回无效。
【判断题】
投资者赎回基金须于基金管理公司开放日的交易时间办理申请手续。投资人在开放日交易时间之外的申请,作为赎回申请的预受理,其基金份额申购价格按照下个开放日价格。
【判断题】
机构投资者要求被授权人持企业法人代码证、单位营业执照副本、机构法人对基金业务经办人员的授权书原件、法人代表身份证、被授权人身份证等原件到我行任一网点网点办理签约。
【判断题】
当出现基金投资人坚持要购买产品风险超越其风险承受能力的基金产品的情况,我行要求基金投资人填写《绍兴银行客户风险声明书》进行书面确认,基金销售系统提示基金投资人再次输入密码予以确认。
【判断题】
个人基金业务均需投资人本人凭有效身份证件和凭证办理。
【判断题】
系统自动对机构客户默认的风险评级为高,因此机构客户不必进行风险承受能力测试和风险承受能力评估卷的填写。
【判断题】
如果客户不想进行定期定额的投资,不可以手动的关闭该定投类协议实现。
【判断题】
基金销售业务包括两类:账户类业务与交易类业务。
【判断题】
保管箱内所存物品如因自然原因变质或损坏,或遇不可抗力灾害而导致损失的,本行概不负责。
【判断题】
保管箱业务是租箱人为安全保存贵重物品和重要凭证,向我行租用保管箱进行保管的一项业务。
【判断题】
符合本操作规程的单位和个人均可向本行申请租用保管箱,申请租用保管箱须办理书面申请手续,并遵守相关租约。
【判断题】
目前暂未专门设置保险箱押金科目,故押金金额收取在26200601手机银行卡押金科目下。
【判断题】
目前只有个人客户可向本行申请租用保管箱,申请租用保管箱须办理书面申请手续,并遵守相关租约、说明。
【判断题】
外国人及港、澳、台同胞租用保管箱的,需由大陆居民提供担保。
【判断题】
保管箱到租赁期限届满日为止,如租户既未办理续租手续,又未办理退租手续的,租赁期限届满次日开始自动转为续租一期。
【判断题】
本行保护租用人的合法正当权益,遵循“存取自由,方便快捷,安全保密”的原则。
【判断题】
凡具有完全民事行为能力的中国公民、港澳台同胞和外国人,依法成立并可在中国境内从事经营活动的国内外公司、企业、其他经济组织、社会团体、外国或国际组织驻华机构,均可在本行办理保管箱租赁业务
【判断题】
保管箱内可存放金饰珠宝、字画古董等贵重物品以及存单、存折、屋契、债权、股票等有价证券、党和国家秘密文件和资料
【判断题】
A.保管箱租用人可带其随同人员一起进入保管箱库内
【判断题】
B.保管箱业务租金收取,可不复印客户身份证件
【判断题】
必要时银行可要求保险箱租用人开箱检查。
【判断题】
保管箱的租用时间按期计算,分为一年期、二年期、三年期、五年期共四个租期,不足一个租期按一期计。
【判断题】
保管箱业务中凿箱手续费为500元/次。
【判断题】
挂失费(印鉴、密码、钥匙)手续费为每项10元。
【判断题】
已经具有小额信用循环贷款的兰花卡不能进行银银关系的建立。
【判断题】
B、成功建立银银关系操作顺序为“4501代开兴业结算账户”-“4502建立对应关关系”-“4503客户签约”。
【判断题】
C、银银转出是将客户银行账户资金转入证券资金账户的业务。
【判断题】
签约客户所持有的证券资金账号户名必须与我行开立的个人银行活期结算账户的户名一致,且该业务必须由本人至柜台办理。
【判断题】
对于在我行建立签约关系的客户,银银转账的服务时间为周一至周五(股市交易日)9:00分至15:00分。
