【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
推荐试题
【单选题】
以下不属于银监会监管的非银行金融机构的是__________
A. 货币经纪公司
B. 期货公司
C. 企业集团财务公司
D. 金融资产管理公司
【单选题】
保证银行稳健经营、安全运行的核心指标是__________
A. 核心资本
B. 资本充足率
C. 附属资本
D. 风险加权资产
【单选题】
单位结算账户中_______是存款人的主办账户。___
A. 一般存款账户
B. 基本存款账户
C. 专用存款账户
D. 临时存款账户
【单选题】
下列关于商业银行进行信贷分析的说法中,错误的是__________
A. 银行信贷分析主要采用财务分析和非财务分析两种方法
B. 财务分析偏重于定量分析
C. 非财务分析偏重于定性分析
D. 财务分析主要包括宏观分析、行业分析、经营分析、管理层分析等
【单选题】
流动比率=___________
A. 流动资产/流动负债
B. 现金/流动负债
C. 速动资产/流动负债
D. 流动资产/所有者权益总额
【单选题】
国内某公司在海外直接投资取得并汇回的利润,应计入国际收支平衡表中经常账户的_______项目。___
A. 收益
B. 经常转移
C. 直接投资
D. 资本转移
【单选题】
以下国际收支调节政策中_______能起到迅速改善国际收支的作用。___
A. 财政政策
B. 货币政策
C. 汇率政策
D. 直接管制
【单选题】
用_______调节国际收支不平衡,常常与国内经济的发展发生冲突。___
A. 财政货币政策
B. 汇率政策
C. 直接管制
D. 外汇缓冲政策
【单选题】
政府征税使社会所付出的代价应以征税数额为限,除此之外不能让纳税人或者社会承受其他的经济牺牲或者额外负担,这是税收的_______原则的要求。___
A. 经济效率
B. 行政效率
C. 公平
D. 公开
【单选题】
欧洲货币市场是__________
A. 经营欧洲货币单位的国家金融市场
B. 经营欧洲国家货币的国际金融市场
C. 欧洲国家国际金融市场的总称
D. 经营境外货币的国际金融市场
【单选题】
关于完全垄断市场的需求曲线的说法,正确的是__________
A. 垄断企业的需求曲线是一条平行于横轴的水平线
B. 整个行业的需求曲线是一条平行于横轴的水平线
C. 垄断企业的需求曲线与完全竞争企业的需求曲线相同
D. 整个行业的需求曲线与垄断企业的需求曲线相同
【单选题】
若一国货币汇率高估,往往会出现__________
A. 外汇供给增加,外汇需求减少,国际收支顺差
B. 外汇供给减少,外汇需求增加,国际收支逆差
C. 外汇供给增加,外汇需求减少,国际收支逆差
D. 外汇供给减少,外汇需求增加,国际收支顺差
【单选题】
对于暂时性的国际收支不平衡,我们应用_______使其恢复平衡。___
A. 汇率政策
B. 外汇缓冲政策
C. 货币政策
D. 财政政策
【单选题】
收入性不平衡是由_______造成的。___
A. 货币对内价值的变化
B. 国民收入的增减
C. 经济结构不合理
D. 经济周期的更替
【单选题】
当一国同时处于通货紧缩和国际收支顺差时,应采用__________
A. 紧缩的货币政策和紧缩的财政政策
B. 紧缩的货币政策和扩张的财政政策
C. 扩张的货币政策和紧缩的财政政策
D. 扩张的货币政策和扩张的财政政策
【单选题】
根据英国经济学家皮考克和魏斯曼提出的“梯度渐进增长理论”,在正常年份财政支出的最高限度是__________
A. 社会财富总量
B. 财政支出需要
C. 公众可以容忍的税收负担
D. 政府举借债务规模
【单选题】
在资产负债表中,根据总账科目余额直接填列的项目是__________
A. 短期借款
B. 应收账款
C. 预付账款
D. 存货
【单选题】
将财政政策分为扩张性政策、紧缩性政策和中性政策,这是根据_______对财政政策进行的分类。___
A. 作用空间
B. 作用时间
C. 调节经济周期的作用
D. 调节经济总量和结构的功能
【单选题】
我国的国际收支中,所占比重最大的是__________
A. 贸易收支
B. 非贸易收支
C. 资本项目收支
D. 无偿转让
【单选题】
具有经济效率特征的资源配置状态是__________
A. 市场处于寡头垄断的状态
B. 市场处于垄断竞争的状态
C. 市场存在外部影响的状态
D. 不存在帕累托改进的状态
【单选题】
欧洲美元是__________
A. 在欧洲区域的银行持有的美元
B. 存放于美国境外的外国银行及美国银行的海外支行的美元存款
C. 不受美国货币管理当局管辖的银行持有的美元
D. 欧洲中央银行发行的美元
【单选题】
在_______情况下,单个证券的收益为无风险收益___
A. 贝塔系数为0
B. 既有系统性风险也有非系统性风险
C. 有系统性风险
D. 没有非系统性风险
【单选题】
财政政策和货币政策协调配合的“双紧”类型,适合于_______时采用。___
A. 经济中出现严重通货紧缩
B. 经济中出现严重通货膨胀
C. 保持经济适度增长的同时尽可能地避免通货膨胀
D. 控制通货膨胀的同时保持适度的经济增长
【单选题】
根据《中华人民共和国物权法》,下列财产中,可以设定抵押的是__________
A. 建设用地使用权
B. 土地所有权
C. 使用权有争议的财产
D. 依法被查封的财产
【单选题】
制约财政收入规模的根本性因素是__________
A. 税率标准
B. 纳税人数量
C. 经济发展水平
D. 居民收入水平
【单选题】
治理通货膨胀可以采取的货币政策是__________
A. 降低再贴现率
B. 增加税收
C. 在公开市场上买入有价证券
D. 提高法定存款准备金率
【单选题】
下列各项中,_______通常不包括在货币政策的三要素中___
A. 传导机制
B. 政策工具
C. 中介指标
D. 政策目标
【单选题】
由于经济衰退而形成的失业属于__________
A. 摩擦性失业
B. 结构性失业
C. 周期性失业
D. 非自愿失业
【单选题】
以下有关债券定价理论的说法不正确的是__________
A. 债券的价格与债券的收益率呈反比例关系
B. 当债券的收益率不变,即债券的息票率和收益率之间的差额固定不变时,债券的到期时间与债券价格的波动幅度成反比关系
C. 对于给定的收益率变动幅度,债券的息票率越高,债券价格的波动幅度越小;反之,债券的息票率越低,债券价格的波动幅度越大
D. 对于期限既定的债券,对于同等幅度的收益率变动,收益率上升给投资者带来的损失数额大于收益率下降给投资者带来的利润
【单选题】
政府为了保护农业生产者,对部分农业产品规定了保护价格。为了采取这种价格政策,应采取相应的措施是__________
A. 取消农业税
B. 对城镇居民实行粮食配给制
C. 当市场上出现农产品过剩的进行收购
D. 扩大农民家电消费
【单选题】
_______是指由于利率、汇率的不利变化而使银行的表内和表外业务发生损失的风险。___
A. 流动性风险
B. 操作风险
C. C市场风险
D. 信用风险
【单选题】
在开放经济中,总需求可以表示为_____。___
A. 总需求=消费+投资+政府购买+净出口
B. 总需求=消费+投资+总出口
C. 总需求=消费+投资+政府购买+出口
D. 总需求=消费+投资+净出口
【单选题】
对外举债因汇率变动而引起的损失称为_____。___
A. 经常性项目风险
B. 进出口贸易风险
C. 资本项目风险
D. 外债风险
【单选题】
自然垄断指的是_______的情况。___
A. 一个企业能以低于两个或更多企业的成本为整个市场供给一种产品
B. 企业垄断某种自然资源
C. 政府对重要自然资产实行完全垄断
D. 两家企业共同控制一个市场
【单选题】
实施价格歧视的基本条件不包括__________
A. 卖方具有垄断地位
B. 企业生产有商品或服务具有耐用品性质
C. 消费者之间存在不同的需求价格弹性
D. 不同消费者所在的市场能被隔离开
【单选题】
资源配置达到帕累托最优状态的标准是__________
A. 还存在怕累托改进的资源配置状态
B. 收入在不同居民之间分配公平
C. 可能由重新组合生产和分配使一个人或多个人的福利增加,而不使其他任何人的福利减少
D. 不可能由重新组合生产和分配来使一个人或多个人的福利增加,而不使其他任何人的福利减少
【单选题】
目前,国际汇率制度的格局是__________
A. 固定汇率制
B. 浮动汇率制
C. 钉住汇率制
D. 固定汇率制和浮动汇率制并存
【单选题】
下列失业类型中,属于自愿失业的是__________
A. 需求不足性失业
B. 摩擦性失业
C. 隐性失业
D. 周期性失业
【单选题】
根据利率评价说,当一国实施紧缩的货币政策时,如果符合马歇尔-勒纳条件,其未来经常账户余额会由平衡变化为__________
A. 逆差
B. 顺差
C. 不变
D. 没有关系
【单选题】
如果政府把经济增长和增加就业作为宏观经济政策的主要目标,就需要实行__________
A. 扩张性财政政策和扩张性货币政策
B. 紧缩性财政政策和紧缩性货币政策
C. 扩张性财政政策和紧缩性货币政策
D. 紧缩性财政政策和扩张性货币政策
