【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
推荐试题
【单选题】
ETC车道天线具有固定安装方式,支持户外安装,防护等级满足IP65要求,宜采用顶挂方式吊装于车道正中,高度不低于______。___
A. 5m
B. 5.5m
C. 6m
D. 6.5m
【单选题】
人工收费车道,车辆通过收费站的时间平均由14秒降低到______。 ___
A. 5条,3秒
B. 3条,5秒
C. 3条,3秒
D. 5条,5秒
【单选题】
军车使用ETC车载设备由______统一制作、核发和管理。___
A. 设备厂家
B. 省交通主管部门
C. 发行方
D. 中国人民解放军总后勤部军事交通运输部
【单选题】
的性能指标要求。___
A. 不小于700辆/小时
B. 不小于650辆/小时
C. 不小于600辆/小时
D. 不小于550辆/小时
【单选题】
下列选项中不属于ETC车道相控阵天线应用优点的是:___。
A. 采用高精度二维定位实现精确交易,有效缓解邻道干扰及跟车问题;
B. 通信区域可软件设定形状,适应弯道、无隔离等不同车道形式;
C. 定位扫描使OBU处于信号最强区,且识别两车最小跟车距离≤80cm;
D. 高度集中的波束发射缩小交易距离,提高车辆通行速度和过车效率;
【单选题】
相控阵天线通信区域长度可在______范围内,宽度可在_____范围内通过软件调节,保证较快车辆通行速度的同时,适应单车道到多车道安装要求。___
A. 1m~15 m2.5m~4 m
B. 1m~10m2.5m~4 m
C. 1m~15 m2m~4 m
D. 5m~15 m2m~4 m
【单选题】
ETC车道车牌识别仪能识别到行驶速度为______的车辆,且单车牌识别时间______。 ___
A. 1-60Km/h, ≤50ms
B. 0-60Km/h, ≤200ms
C. 0-40Km/h, ≤50ms
D. 1-40Km/h, ≤200ms
【单选题】
省界站ETC车道监测评价系统中,ETC车道通过率是其中一项关键指标,其计算公式为______。___
A. ETC用户交易成功的次数/总交易数量
B. ETC用户交易成功并通过的次数/车道总流量
C. ETC用户交易成功的次数/(总交易数量-逻辑失败交易数量)
D.
E. TC用户交易成功并通过的次数/总交易数量
【单选题】
ETC用户状态名单(黑名单)是由______产生的针对OBU、用户卡的拒收名单。___
A. 发行方
B. 服务方
C. 国家中心
D. 省中心
【单选题】
ETC车道对黑名单上的OBU或用户卡应拒绝交易。黑名单的产生及撤销均由______完成。___
A. 发行方
B. 服务方
C. 国家中心
D. 省中心
【单选题】
发行方每日9:00发送全量ETC黑名单,此后每______发送一次增量ETC黑名单。___
A. 30小时
B. 1小时
C. 2小时
D. 6小时
【单选题】
跨省投诉处理信息通过国家中心综合业务系统进行交换,跨省投诉原则上由______受理。___
A. 服务方
B. 发行方
C. 国家中心
D. 12328投诉平台
【单选题】
增量更新用户状态名单数据包,是发送方只告知接收方发生数据内容改变的记录,接收方根据增量内容______从而达到数据同步。___
A. 备份增量名单
B. 替换现有名单
C. 修改现有名单
D. 删除现有名单
【单选题】
工作车管理软件是为了更好的管理工作车的使用,下列选项不属于工作车管理软件查询功能的是______。___
A. 车牌查询
B. 公务类型查询
C. 业主查询
D. 路径查询
【单选题】
ETC专用车道比MTC车道的外部设备多______设备,电动栏杆为高速栏杆。___
A. RSU
B. OBU
C. 车牌识别仪
D. IC卡读写器
【单选题】
争议处理负责人将争议交易数据作为正常交易,由______全额付款,是处理争议交易的两种结果之一。___
A. 服务方
B. 发行方
C. 国家中心
D. 合作银行
【单选题】
争议处理负责人将交易作为______,发行方不进行支付,也是处理争议交易的两种结果之一。___
【单选题】
我省各收费站MTC车道读卡器中配置______,用以实现ETC全国联网非现金支付业务的消费功能。___
A. 二次发行PSAM 卡
B. 部级PSAM卡
C. 省级PSAM卡
D. 主控母卡
【单选题】
下列选项中不属于提高ETC车道交易成功率措施的是______。___
A. 更改车道软件及线圈的过车逻辑
B. 优化天线交易流程
C. 提高ETC车道交易量
D. 更换为相控阵天线或双天线
【单选题】
ETC 车道系统交易时应显示相关信息,针对记账卡显示车牌信息、交易金额等,对于储值卡还应显示______。___
A. 卡片余额
B. 车辆重量
C. 车辆型号
D. 超载率
【单选题】
逾期超过______个自然日的交易数据应作为确认拒付的争议交易数据。 ___
【单选题】
为保证收费公路联网收费数据安全,非现金支付卡数据不包括______信息。___
A. 密钥数据
B. 卡中的业务数据
C. 清账数据
D. 安全认证数据
【单选题】
联网区域内ETC车辆、车载单元、非现金支付卡绑定关系为______。___
A. 一车可绑定多张卡
B. 一卡可在多辆车绑定
C. 一车可绑定多个车载单元
D. 一车一标签一卡
【单选题】
ETC车道日志内容通常不包括___
A. 出入口状态
B. 收费站\收费车道编号
C. 收费员编号
D. 终端机编号以及车辆图像数据
【单选题】
关于ETC车道自动栏杆岛内布局模式表述错误的是:___
A. 自动栏杆设置在收费岛后端,处于常闭状态;
B. 无线通信区域设置在收费岛前端;
C. 自动栏杆距通信区域的距离较远,两者之间会形成队列。
D. 相对于MTC车道需要延长收费岛,用于安装ETC设备
【单选题】
RSU是ETC车道的必备设备,是ETC车道机快速操作ETC用户卡的要求。其实现方式是ETC车道机与RSU(路侧单元)连接,再通过RSU的天线检测装有OBU车辆进行通信,其______装在RSU的控制器中,通过DSRC(专用短信通信)无线模式进行通行费交易。___
A. 消费密钥PSAM卡
B. 加密密钥PSAM卡
C. 一次发行密钥PSAM卡
D. 二次发行密钥PSAM卡
【单选题】
ETC 出/入口车道应包含OBU有效性、非现金支付卡有效性、OBU和非现金支付卡的发行属地一致性判断、车卡绑定以及黑名单查询等基本判定流程。下列表述正确的是___
A. 其中任一项不符合,ETC车道不应自动放行,转人工处理。
B. 其中任一项不符合,ETC车道应自动放行。
C. 其中任一项符合,ETC车道应自动放行。
D. 其中任一项不符合,应扣留ETC设备。
【单选题】
一车多卡、一车多签是指在联网区域内ETC用户在同一发行方或多个发行方办理多个电子标签和非现金支付卡。下列表述错误的是:___
A. 增大全网运营管理难度
B. 造成重复扣费、干扰车道逻辑、用户逃费等不良后果
C. 增加退费、投诉的处理压力
D. 有利于用户指标的提高
【单选题】
关于ETC争议交易的类型表述错误的是:___
A. 验证未通过
B. 测试交易
C. 卡超过有效期
D. 非重复交易
【单选题】
持有用户卡的车辆在人工车道通行时,车道系统需对车辆的用户卡进行合法性检查,以下不是用户卡合法性检查项目的是______。___
A. 卡片有效期
B. 卡片发行属地
C. 卡片的余额
D. 卡片黑名单检查
【单选题】
持有用户卡的车辆在人工车道出口缴费通行时,若用户卡中余额不足时,以下处理正确的是______。___
A. 车道系统应先将用户卡中的余额扣除,剩余的通行费转为现金支付
B. 车道系统应将全部通行费金额转为现金支付,不允许使用此用户卡支付部分通行费
C. 车道系统应先将用户卡中的余额扣除,剩余的通行费使用另外一张用户卡进行支付
D. 收费员应将用户卡扣留,然后免费放行车辆
【单选题】
ETC车道监测评价系统中,ETC车道交易平均耗时是指在一定时间范围内(车道统计日当天0:00-23:59:59),计算方法为某条车道______。___
A. 成功交易次数/该车道的成功交易总时间
B. 成功交易总时间/该车道的成功交易次数
C. 不成功交易总时间/该车道的成功交易次数
D. 成功交易总时间/该车道的不成功交易次数
【单选题】
因车道故障或其他原因多收ETC用户通行费,应由______退还多收款项。___
A. 二次发行方
B. 发行方
C. 收费公路经营管理单位
D. 合作银行
【单选题】
国家中心每日应向省中心发送前1日接收到的争议交易;省中心应在收到争议交易后的______个工作日内完成争议处理,将处理结果反馈至国家中心。___
【单选题】
ETC用户对交易数据记录如有异议,应自月结单发布之日起______内提出。___
A. 15日
B. 30日
C. 45日
D. 60日
【单选题】
车载设备(OBU)配置至少______的用户存储空间,支持不少于50条最新交易记录的存储,交易可采用DSRC方式或有线方式读出;___
A. 4k
B. yte B. 16k Byte
C. 32k Byte
D. 64k Byte
【单选题】
货车非现金支付使用率是指 占全部货车总交易量的比例。___
A. 货车现金交易笔数
B. 货车非现金交易笔数
C. 公路收费站收缴的货车非现金通行费总额
D. 公路收费站收缴的货车现金通行费总额
【单选题】
ETC栏杆机前置布局模式下,RSU触发线圈布置在车道最前端,距离RSU立柱约______。___
A. 5-6米
B. 7-8米
C. 4-5米
D. 3-4米
【单选题】
ETC 车道所有设备供电均应接入______。___
A. 收费站发电机组
B. 收费站 UPS 回路
C. 收费站市电回路
D. 太阳能供电
【单选题】
省际共建站采用单 ETC 车道系统方式,由出口车道所在省设置一套 ETC 出口车道系统、入口车道所在省设置一台入口车道机,出入口车道机间通过______进行通讯。___
A. 并口
B. 串口
C. 以太网口
D. 光纤连接
