【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
推荐试题
【单选题】
某封闭式理财产品按金额设置分段收益,5-20万对应的预期年化收益率为5%,20-50万对应的预期年化收益率5.1%,50万以上对应的预期年化收益率为5.2%,期限180天,客户老李先后购买该理财产品10万元、30万元,则该理财到期后他收到的收益总额为___?
A. 10060.28元
B. 10060.58元
C. 10060.88元
D. 10061.58元
【单选题】
某封闭式理财聚富1708期224天,募集期8月28日-8月31日,8月26日9:30开始预约,8月29日17:00预约失效,以下选项正确的是___。
A. 客户小赵在A网点预约20万,8月28日购买15万后,剩余的5万额度仍能保留至8月29日17:00
B. 客户小王在A网点预约10万元,B网点预约15万元,C网点预约变更金额10万元为5万元
C. 客户小李在A网点预约10万元,B网点预约15万元,B网点购买25万,则A网点销量增加10万元,B网点销量增加15万元
D. 客户小张在A网点预约10万元,B网点预约15万元,后在手机银行购买,小张手机银行绑定卡的发行行为A网点,则A网点销量增加25万元
【单选题】
理财客户信息同步用于核心客户信息替换理财销售系统客户信息,个人理财客户信息同步时,凭证类型可选择___?
A. 卡
B. 折
C. 卡/折
D. 卡/折/账号
【单选题】
某理财产品为A分行专享,以下不允许购买的情况有___?
A. B分行的卡在A分行一级支行购买
B. 持A分行的卡在A分行营业部购买
C. 持A分行的卡在网上银行购买
D. 持B分行的卡在手机银行购买
【单选题】
我行对违反销售专区录音录像管理制度的销售人员及相关责任人,视情节轻重程度给予相应___扣分,可累计扣分,并根据《绍兴银行员工诫勉制度与违规积分管理办法(试行)》给予相应处分。
A. 2-6分
B. 2-5分
C. 3-6分
D. 4-8分
【单选题】
___负责对当日录音录像文件进行查阅、检查。
A. 经办柜员
B. 网点主办会计
C. 网点负责人
D. 网点录音录像系统管理人员
【单选题】
客户可在___中查看已到期兑付理财产品收益。
A. 当前持仓
B. 交易明细查询
C. 到期交割单
D. 认购交割单
【单选题】
银证转账业务是我行与___合作,通过银银平台为客户提供证券三方托管业务相关服务的业务。
A. 兴业银行
B. 农业银行
C. 上海银行
D. 中信银行
【单选题】
目前我行的银银三方业务最多可以签约___家证券公司。
【单选题】
对于首次来我行购买理财产品的客户以及客户在我行上次登记风险属性超过___期限的客户在购买理财产品前需要填写客户风险属性评估测试表。
【单选题】
本行对理财产品的风险评级共分为5级,由低至高分别为R1(低风险)、R2(中低风险)、R3(中风险)、R4(中高风险)和R5(高风险),下列各项说法错误的是___
A. R1级理财产品,总体风险程度低,收益波动小,产品本金安全性高,不存在收益不能实现的情况。
B. R2级理财产品,总体风险程度较低,收益波动较小,虽然存在一些可能对产品本金和收益安全产生不利影响的因素,但产品本金出现损失的可能性较小。
C. R3级理财产品,总体风险程度适中,收益存在一定的波动,产品本金出现损失的可能性不容忽视。
D. R4级理财产品,总体风险程度较高,收益波动较明显,产品本金出现损失的可能性高。
【单选题】
根据我们理财产品风险评级规定,R5级理财产品单一客户销售起点不得低于___万元人民币。
【单选题】
私人银行客户是指金融净资产达到___万元人民币及以上的本行客户。
A. 200
B. 600
C. 800
D. 1000
【单选题】
各级销售机构对超过___岁(含)的客户进行风险承受能力评估时,应当充分考虑客户年龄和相关投资经验等因素。
【单选题】
本行根据风险匹配原则在理财产品风险评级与客户风险承受能力评估之间建立对应关系:风险等级为R1的产品适合风险属性为___的客户。
A. C1
B. C2、C3
C. C4、C5
D. C1、C2、C3、C4、C5
【单选题】
理财产品名称中含有拟投资资产名称的,拟投资该资产的比例须达到该理财产品规模的___(含)以上
【单选题】
银银平台理财门户代理客户在___内进行贵金属买卖、资金清算和实物交割等交易。
A. 上海黄金交易所
B. 上海期货交易所
C. 郑州商品交易所
D. 伦敦黄金交易所
【单选题】
下列属于黄金延期交收产品的是___
A. Au100g
B. Au(T+D)
C. Ag(T+D)
D. Au99.95
【单选题】
我行银银贵金属业务交易时间规定不正确的是___
A. 每周一至周四21:00-02:30
B. 每周一至周五09:00-11:30
C. 每周一至周五13:30-15:30
D. 每周一至周五21:00-02:30
【单选题】
商业银行应当在___内,将理财产品相关材料按照有关规定向当地银监会派出机构报告。
A. 开始发售理财计划之日起5个工作日
B. 开始发售理财计划之日起10个工作日
C. 开始发售理财计划前5个工作日
D. 开始发售理财计划前10个工作日
【单选题】
银行A与B是竞争对手,为了赢得市场份额,A以低于成本价的价格销售理财产品,则A的做法___
A. 不符合公平竞争
B. 符合公平竞争
C. 在公司想获得市场优势时可鼓励采用
D. 正常情况下不符合公平竞争,但在公司业务发展陷入困境时可以采用
【单选题】
个人理财业务是经___批准的一项银行中间业务。
A. 中国银行业协会
B. 中国证监会
C. 中国人民银行
D. 中国银监会
【单选题】
进行双录视频补上传工作时,需输入___
A. 客户证件信息
B. 理财产品代码
C. 理财交易流水
D. 理财合同编号
【单选题】
“理财乐”POS机业务单笔刷卡金额下限为___
A. 5000元
B. 10000元
C. 50000元
D. 100000元
【单选题】
“理财乐”业务经办人对业务的真实性、准确性负责。真实性是指业务对应的( )必须真实有效;准确性是指___与真实情况一致无误。
A. 理财产品;交易凭证的信息
B. 理财购买;交易凭证的信息
C. 理财产品;客户提供的信息
D. 理财购买;客户提供的信息
【单选题】
“理财乐”业务手续费由___承担。
A. 客户本人
B. 分支行
C. 总行
D. 银联
【单选题】
办理个人理财产品质押时,需要确认产品的___作为质押物金额
A. 购买份额
B. 起息份额
C. 实际份额
D. 可用份额
【多选题】
客户风险测试评估有效期限是___。
A. 1年
B. 2年
C. 0.5年
D. 1.5年
【多选题】
本行对___岁以上(含)的客户进行风险评估时,将其风险承受能力上限限定为中级。
【多选题】
理财系统中账户密码连输___次将会被锁定。
【多选题】
李明因工作忙,可以请其母亲代理办理的是___
A. 个人理财签约
B. 个人理财购买
C. 个人理财账户变更
D. 所购理财款项到账,支取款项
【多选题】
单位客户购买理财时不需填定客户风险属性测试书,其风险承受能力默认为___
【多选题】
我行客户申请变更理财签约账号可以通过___办理
A. 帐户开户网点
B. 账户所属一级分支行
C. 我行任意网点
D. 手机银行网上银行
【多选题】
柜面认购封闭式理财产品截止至募集期最后一天___
A. 16:00
B. 16:30
C. 16:40
D. 16:45
【多选题】
理财签约,一个客户(同一客户号)允许有___个签约账户。
【多选题】
风险评级为低风险、中低风险的理财产品,单一客户销售起点金额不得低于 ( )万元人民币;风险评级为中风险、中高风险的理财产品,单一客户销售起点金额不得低于 ( )万元人民币;风险评级为高风险的理财产品,单一客户销售起点不得低于( )万元人民币。___
A. 5 5 10
B. 5 10 10
C. 5 10 20
D. 5 20 20
【多选题】
理财产品(计划)包含的相关交易工具面临的风险不包括___
A. 信用风险
B. 操作风险
C. 声誉风险
D. 流动性风险
【多选题】
我行理财系统中,连续输入错误密码第___次时将被锁定
【多选题】
___是指客户过过理财规划所要实现的目标或满足的期望。
A. 理财目标
B. 投资目标
C. 理财目的
D. 投资目的
【多选题】
关于货币性理财产品,以下描述错误的是___
A. 主要投资于货币市场
B. 投资期短,资金赎回灵活
C. 收益安全性高
D. 本金保证
