【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
推荐试题
【填空题】
64. 安防监控室应当配备___,并明确岗位职责。
【填空题】
65. 非授权人员进入保密要害部门、部位应当履行___、登记,并采取___措施。
【填空题】
66. 未经批准,不得将具有___功能的设备和具备___、___等功能的电子设备带入保密要害部门、部位。
【填空题】
67. 涉及保密要害部门、部位的工程建设项目要符合安全保密要求,与工程项目___、___、___、___。
【填空题】
68. 涉及武器装备科研生产事项的新闻宣传、展览、发表著作和论文等,应当经单位业务主管部门___。
【填空题】
69. 涉及武器装备科研生产事项的___、采访,应当按照规定履行审批程序。
【填空题】
70. 涉密会议应当确定___,在具备___条件的场所召开。
【填空题】
71. 涉密会议应当严格控制与会人员范围,并对进入会场人员进行___。
【填空题】
72. 涉密会议未经批准不得将具备___、___功能的设备带入会议场所。
【填空题】
73. 重要涉密会议,主办部门应当制定___,落实___,必要时保密工作机构应当派人___。
【填空题】
74. 外场试验单位应当制定___,指定___。
【填空题】
75. 试验现场的保密管理工作由___组织协调,参试人员应当遵守试验现场的保密管理规定。
【填空题】
76. 外场试验___应当定期对试验现场的保密工作进行检查。
【填空题】
77. 分包涉密项目,应当选择具有___的单位。
【填空题】
78.《武器装备科研生产许可专业___名录》之外的应急或者短期生产秘密级项目,选择非保密资格单位的,分包单位应当按照有关保密规定和程序对承制方进行___,签订保密协议,提出___,履行保密监督责任。
【填空题】
79. 严格控制分包项目的涉密内容,不得提供项目研制___的涉密信息。
【填空题】
80. 与协作配套单位签订的合同中,应当有保密条款或者签订保密协议,明确界定合同文本和项目的___、___和保密责任。
【填空题】
81. 对外交流、合作和谈判等外事活动应当制定___,明确___,采取相应的保密措施,执行保密___制度。
【填空题】
82. 接待境外人员来访,应当按照有关规定履行___,对来访人员进行身份确认,明确活动区域,采取必要的安全保密防范措施。
【填空题】
83. 对外交流内容、谈判口径、提供资料和产品应当经过___。
【填空题】
84. 单位应当每___组织一次保密检查。
【填空题】
85. 涉密部门应当___进行一次自查,自查及整改情况报单位___。
【填空题】
86. 单位应当根据工作情况组织开展___。
【填空题】
87. 单位应当根据日常管理和检查情况,对单位存在的___进行分析,提出___,并督促落实。
【填空题】
88. 发生泄密事件应当按照有关规定及时报告和采取___,并报告___情况。
【填空题】
89. 保密管理工作经费用于单位___工作。
【填空题】
90. 单位应当每年对保密工作成绩突出的部门和个人给予___。
【填空题】
91. 保密管理工作经费计算标准为核心涉密人员每人每年度___,重要涉密人员___,一般涉密人员___。
【填空题】
92. 保密管理工作经费应当单独列入单位___,根据工作需要保证___。
【填空题】
93. 保密资格单位应当建立保密工作档案,由___和___按照职责分工分别建立。
【填空题】
94. 保密工作档案内容应当完整___,反映单位保密工作开展实际情况。
【填空题】
95. 保密工作档案应当按照规定保存,保存期限一般不少于___年。
【单选题】
巡视配电间时,进出房间应随手关门。发生带电设备接地时,室内不得接近故障点( )米以内。[1分] ___
【单选题】
凡停供气、回路切换等涉及调度部门管辖范围的设备设施上的工作均应向()申请并得到批准[1分] ___
A. 检修部门
B. 技术部门
C. 调度部门
D. 输气站场
【单选题】
职业病病人的诊疗、( )费用,伤残以及丧失劳动能力的职业病病人的社会保障,按照国家有关工伤保险的规定执行。[1分] ___
【单选题】
《职业病防治法》是根据( )有关规定制定。[1分] ___
【单选题】
发布输气设备设施停役(包括撤出备用)、复役(包括恢复备用)或投入运行指令,是()的安全职责。[1分] ___
A. 输气站长
B. 工作负责人
C. 值班调度
D. 调度主任
【单选题】
取样与动火间隔不得超过( )[1分] ___
A. 20分钟
B. 30分钟
C. 15分钟
D. 60分钟
【单选题】
应将高后果区作为管道日常巡护的重点,巡线密度为( ),对巡线员应进行高后果区知识普及。[1分] ___
A. 3次/天
B. 2次/周
C. 2次/天
D. 2次/天
【单选题】
安规中所称已投运是指(),但一经操作即可能输送天然气的输气管道所处状态。[1分] ___
A. 正在输送天然气
B. 虽未输送天然气
C. 正在输送天然气或虽未输送天然气
D. 以上都是
