【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
推荐试题
【单选题】
当增压器进油压力降到一定值后,YK4和___油压继电器动作使柴油机停机。
【单选题】
东风7C型机车使用固定发电运行遇风泵打风时,只有___能吸合。
【单选题】
东风7C型机车运行中突然卸载,电器失电顺序是___。
A. LLC→LC→C1~C6
B. C1~C6→LC→LLC
C. LC→C1~C6→LLC
【单选题】
东风7C型机车启机按下AN1,QC不吸合的原因有___。
A. FLC反联锁不良
B. QBC正联锁不良
C. QC正联锁不良
【单选题】
东风7C型机车启机时,QD转动,柴油机不爆发的原因有___。
A. Rdls断路
B. YK4故障
C. DLS故障
【单选题】
东风7C型机车QD不发电的原因有___。
A. ZK1跳开
B. ZK2跳开
C. ZK12跳开
【单选题】
东风7C型机车电流表显示放电,电压表显示96V的原因是___。
A. RD1熔断
B. RD2熔断
C. RD3熔断
【单选题】
东风7C型机车加载运行中,牵引发电机电压应不超过___。
【单选题】
东风7C型机车运用中抱轴瓦温度不得高于___
【单选题】
柴油机冒蓝烟的主要原因是因为___进入燃烧室参加燃烧而随废气排出造成的。
【单选题】
东风8B型内燃机车柴油机装车功率为___kw。
【单选题】
东风8B型机车扫石器距轨面的高度为___mm。
【单选题】
东风8B型内燃机车构架主要由左侧梁、右侧梁、___、前端梁和后端梁等组成全焊接“目”字型结构。
【单选题】
东风8B型内燃机车转向架采用___支承的橡胶堆旁承。
【单选题】
东风8B型内燃机车闸瓦间隙自动调整装置的作用是用来保证闸瓦与轮箍踏面之间的间隙___。
A. 保持最小值
B. 保持最大值
C. 保持恒定值
【单选题】
东风8B型内燃机车液压系统使柴油机机油、冷却水温度保持在规定的范围内是由___来控制的。
【单选题】
东风8B型机车撒砂系统的控制方式有___种。
【单选题】
当低温冷却水温度下降至___℃时,冷却风扇进入调速阶段,直至停转。
A. 70-60
B. 65-55
C. 60-50
【单选题】
东风8B型内燃机车撒砂阀受___的控制。
【单选题】
东风8B型内燃机车设计轴重为___t。
【单选题】
JZ -7型空气制动机自阀放风阀的功用是:自阀手柄在___时,自阀的放风阀凸轮推开放风阀,直接排出制动管内的压力空气,以达到紧急制动的目的。
A. 最大减压位
B. 手柄取出位
C. 紧急制动位
【单选题】
16V280柴油机配气相位规定:下止点后___,进气门关。
【单选题】
为了达到增压的目的,柴油机需要有进、排气管路,增压器及___等组成的增压系统。
【单选题】
柴油机-发电机组通过___个支承安装于机车上,用于承受柴油机---发电机组的重量和减少柴油机振动对车架的影响。
【单选题】
造成柴油机转速失控的原因之一:步进电机的___及司机控制器的电气线路故障。
【单选题】
柴油机加载、减载时,一般从空载加载至满负荷,或从满负荷减载至空负荷,其时间不少于___s。
【单选题】
柴油机的___是指每个工作循环的供油量不变时,其主要性能指标和参数随转速而变化的规律。
【单选题】
柴油机调速试验要求:当柴油机的负荷为最大运用功率时,转速在___r/min时,突卸负荷至零,超速停车装置不应动作。
【单选题】
如果柴油机功率不足,拉杆系统又没有故障,供油齿条刻线却拉不出来,一般是___或机车电气故障所致。
【单选题】
柴油机运转中因燃油系统故障造成柴油机功率不足的原因有___或喷油器发生故障。
【单选题】
在柴油机启动工况时,启动发电机QD作为直流___,由蓄电池XDC(96V)供电,驱动柴油发电机组。
A. 他励电动机
B. 他励发电机
C. 串励电动机
【单选题】
磁场削弱接触器XC由微机控制,当微机发生故障时可通过转换开关___手动过渡和返回。
【单选题】
同步主发电机F的励磁是由励磁机L发出的三相交流电经___整流后供给的。
【单选题】
为保证柴油机机体支承的隔振效果,应使两个拼紧螺母下的垫圈与支承有___的间隙。
【单选题】
当柴油机超速时,超速停车装置通过控制拉杆装置将喷油泵齿条拉至___,迫使柴油机停机。
【单选题】
东风11型内燃机车喷油泵柱塞全行程为___mm。
【单选题】
东风11型内燃机车柴油机运行一段时间后由于水温的升高,使膨胀水箱的水位稍有上升约为___左右,这是正常的。
