【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
推荐试题
【单选题】
下列POS设备属性要求唯一的是()___
A. A.分光器名称
B. B.归属OLT
C. C.上级分光器名称
D. D.生命周期状态
E.
F.
【单选题】
设备管理安全可采取哪些措施?___
A. A.其他选项都正确
B. B.源地址限制
C. C.使用安全管理协议
D. D.使用中/强密码
E.
F.
【单选题】
升级软件步骤中,下面哪些注意事项描述是正确的( )___
A. 不管升级单个单纯文件和合并版本,都可以使用自动升级
B. 升级合并版本成功后,不用手动重启。系统会自动重启ONU
C. 自动升级成功后,网管会提示手动重启软件
D. 正在进行自动升级时可以同时进行批量升级ONU的操作
E.
F.
【单选题】
生成树拓扑收敛过程的第一步是( )___
A. 选举根桥
B. 确定每个网段的指定端口
C. 阻塞非指定端口
D. 选择指定中继端口
E. 激活每个网段的根端口
F.
【单选题】
生成树协议是通过( )的实现方法来构造一个无环的网络拓扑.___
A. 阻塞冗余链路
B. 禁用冗余链路
C. 阻塞冗余端口
D. 禁用冗余端口
E.
F.
【单选题】
施工单位应当建立、健全教育培训制度,加强对职工的教育培训;未经教育、培训或考核不合格的人员()。___
A. 应当下岗
B. 不得上岗作业
C. 可以上岗作业
D. 调到其他岗位任职
E.
F.
【单选题】
使用NMAP工具软件对目标网络进行扫描时发现,某一个主机开放了53端口,此主机最有可能是什么.( )___
A. 文件服务器
B. 邮件服务器
C. WEB服务器
D. DNS服务器
E.
F.
【单选题】
使用WireShark软件抓网络包时,过滤指定的IP地址的消息的命令是( )___
A. ip.addr==XXX.XXX.XXX.XXX
B. host XXX.XXX.XXX.XXX
C. sip
D. ad
E.
F.
【单选题】
使用路由器将一个交换网络分成两个的结果是___
A. 增加了冲突域的数量
B. 降低了广播域的数量
C. 连接了网段1和网段2的广播
D. 隔断了网段1和网段2之间的广播
E.
F.
【单选题】
使用子网规划的目的是( )___
A. 将大的网络分为多个更小的网络
B. 提高IP地址的利用率
C. 增强网络的可管理性
D. 以上都是
E.
F.
【单选题】
ZXCTN设备上C-POS单板是将( ),通道化单板是将( )___
A. 下游业务的E1信号映射至STM-1信号;下游业务的FE信号映射至STM-1信号
B. 下游业务的FE信号映射至STM-1信号;下游业务的E1信号映射至STM-1信号
C. 下游业务的E1信号映射至FE信号;下游业务的FE信号映射至STM-1信号
D. 下游业务的FE信号映射至STM-1信号;下游业务的FE信号映射至STM-1信号
E.
F.
【单选题】
下列PTN950设备中提供电接口板的为( )___
A. EF8F
B. D2EF8F
C. D2EG2
D. EF8T
E.
F.
【单选题】
数据分段是OSI七层模型中的_____完成的___
A. 物理层
B. 网络层
C. 传输层
D. 接入层
E.
F.
【单选题】
数据封装的正确过程是()___
A. 数据段->数据包->数据帧->数据流->数据
B. 数据流->数据段->数据包->数据帧->数据
C. 数据->数据包->数据段->数据帧->数据流
D. 数据->数据段->数据包->数据帧->数据流
E.
F.
【单选题】
私有AS号的范围:( )___
A. 65410-65535
B. 1-64511
C. 64512-65535
D. 64511-65535
E.
F.
【单选题】
私有corba的配置域管理工具是什么( )___
A. client
B. zpath
C. killer
D. itadmin
E.
F.
【单选题】
私有corba的自测工具叫什么( )___
A. zpath
B. client
C. killer
D. eot
E.
F.
【单选题】
私有corba升级的时候不需要备份的有( )___
A. EMS CORBA SERVER文件夹
B. 向上层网管对接时提供的工程名
C. 当前corba的安装包
D. 当前网管的OTNM2000安装包
E.
F.
【单选题】
私有corba使用的端口是多少( )___
A. 60000
B. 50000
C. 40000
D. 30000
E.
F.
【单选题】
私有corba有几个服务( )___
A. 1个
B. 2个
C. 3个
D. 4个
E.
F.
【单选题】
私有接口在没有设置相应的用户名和密码的情况下,用户名可以自定义,我们自定义用户名的密码为( )___
A. admin
B. vislecaina
C. WELCOME
D. 123qwer
E.
F.
【单选题】
添加静态路由的命令为( )___
A. add -p 目的地址 mask 掩码 下一跳
B. add -p 源地址 mask 掩码 下一跳
C. add -p 目的 地址 掩码 下一跳
D. add -p 源地址 掩码 下一跳
E.
F.
【单选题】
下列PTN产品的物理链路与保护技术对应关系正确的是___
A. POD41,LAG
B. CD1,LAG
C. 10GE,LAG
D. GE,LMSP
E.
F.
【单选题】
包过滤防火墙不能 ( )___
A. 防止企业外网用户访问内网的主机
B. 防止感染了病毒的软件或文件的传输
C. 防止企业内网用户访问外网的主机
D. 读取通过防火墙的数据内容
E.
F.
【单选题】
通过network命令把路由信息注入到BGP 的路由表,并通告给其它BGP 邻居的条件是( )___
A. 通告的路由必须下一跳可达
B. 通告的路由必须是本地直连路由
C. 通告的路由必须是非本地直连路由
D. 通告的路由必须是存在于IP 路由表
E.
F.
【单选题】
通过网页登陆的VPN属于哪种VPN( )___
A. pptp
B. L2tp
C. ssl
D. ipsec
E.
F.
【单选题】
同一个MSTP网络中,两个骨干节点所带的扩展域ID( )___
A. 可以相同
B. 不能相同
C. 既可相同又可不同
D. 没关系
E.
F.
【单选题】
同一故障造成5条以上AAA级互联网专线业务中断超过2小时的,属于( )___
A. 一般故障
B. 严重故障
C. 重大故障
D. 可暂缓处理
E.
F.
【单选题】
我国基群速率为()___
A. 64Kb/s
B. 1.5Mb/s
C. 2Mb/s
D. 155Mb/s
E.
F.
【单选题】
下列单板中不可以对接的组合是( )___
A. ET1D与ET1S
B. EF1与EFS0
C. EF1与ET1
D. EMS0与EFT
E.
F.
【单选题】
下列关于IPv6协议优点的描述中,准确的是( )___
A. IPv6协议支持光纤通信
B. IPv6协议支持通过卫星链路的Internet连接
C. IPv6协议具有128个地址空间,允许全局IP地址出现重复
D. IPv6协议解决了IP地址短缺的问题
E.
F.
【单选题】
下面那一个TCP/UDP端口范围将被客户端程序使用.( )___
A. 1到1023
B. 1024 and above
C. 1到256
D. 1到65534
E.
F.
【单选题】
下面选项不属于子网操作的是:( )___
A. 通道搜索
B. 子网反算
C. 重做网元交叉
D. 网元交叉
E.
F.
【单选题】
下列板卡中不具备背板VC12总线处理能力的是哪个 ___
A. P240EOS
B. P240FE
C. ESW-2GE
D. EOP-FE8E1
E.
F.
【单选题】
下面有关BGP 协议描述,错误的是( )___
A. BGP 是一个很健壮的路由协议
B. BGP 可以避免路由环路
C. BGP 只支持手动聚合
D. BGP 是继承EGP 而来的
E.
F.
【单选题】
采用 CSMA/CD 的网络中发生冲突时,需要传输数据的主机在回退时间到期后做何反应.( )___
A. 造成冲突的主机重新传输最后16个帧
B. 主机延长其延迟时间以便快速传输。
C. 主机恢复传输前侦听模式
D. 造成冲突的主机优先发送数据
E.
F.
【单选题】
下面有关生成树协议的互通性描述,错误的为 ___
A. RSTP可以和STP完全互通
B. 运行RSTP的交换机,如果和运行STP的交换机互联,则运行RSTP的交换机会将该端口迁移到STP模式下
C. 与STP桥相连的端口发送的是STP报文
D. RSTP报文和STP报文完全相同,所以能够完全互通
E.
F.
【单选题】
下面有关子网交叉和网元交叉的描述正确的有( )___
A. 子网交叉和网元交叉存储在数据库中不同的位置
B. 在子网交叉界面中对业务做了修改后,需要在网元交叉中手工进行相应的修改
C. 在网元交叉中改动了业务配置后,子网交叉中自动进行了相应的改动
D. 在子网交叉配置好业务后,进行交叉下载时网管软件会自动生成相应的网元交叉并下发到设备
E.
F.
【单选题】
向通道保护环的触发条件是( )告警___
A. MS-AIS
B. B、MS-RDI
C. C、LOS
D. D、TU-AIS
E.
F.
【单选题】
性能历史数据最长可以保存( )时间记录___
A. 一年
B. 一月
C. 一日
D. 15分钟
E.
F.
