【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
推荐试题
【多选题】
正常生产时,裂解单元废水的来源有___。
A. 裂解炉超高压蒸汽汽包间断排污
B. 稀释蒸汽汽包连续排污
C. 稀释蒸汽汽包间断排污
D. 装置区域内雨水和雪水
【多选题】
在急冷水塔与急冷水沉降槽之间通常要设置“平衡线”,其目的是___。
A. 平衡气相组分
B. 平衡液相组分
C. 平衡两者间的压力
D. 平衡两者间的液位
【多选题】
提高列管式换热器换热效率的方法或措施主要有___。
A. 提高传热面积
B. 提高平均温差
C. 提高传热系数
D. 增大列管直径
【多选题】
装置开停工过程中,换热器应缓慢升温和降温,避免造成压差过大和热冲击,同时应遵循以下原则___。
A. 开工时“先冷后热”
B. 开工时“先热后冷”
C. 停工时“先热后冷”
D. 停工时“先冷后热”
【多选题】
换热器发生内漏的判断方法有___。
A. 看低压侧的压力是否明显升高
B. 看低压侧的温度变化是否明显
C. 分析低压侧的组成
D. 观察换热效果
【多选题】
下列各项中,可能影响炉管结焦的是___。
A. 辐射段炉管的排列形式
B. 裂解气压缩机的吸入压力
C. 裂解炉烧嘴的排列型式
D. 对流段炉管的排布型式
【多选题】
乙烯装置事故照明回路电压是___。
A. 交流220伏
B. 直流100伏
C. 交流36伏
D. 交流12伏
【多选题】
炉膛负压波动时,正确的处理方法是___。
A. 调整烟道挡板的开度
B. 稳定燃料气流量
C. 稳定裂解炉进料量
D. 停止对流段吹灰
【多选题】
乙烯装置循环冷却水的特点是___。
A. 用量大
B. 品质要求严格
C. 故障产生的影响面广、危害大
D. 因水质不稳定造成的影响滞后性强且后果严重
【多选题】
下列四种情况下,容易发生水锤现象的有___。
A. 蒸汽管线暖管速度过快
B. 饱和蒸汽经过阀门后被节流
C. 蒸汽冷凝速度过快
D. 已经正常投用的过热蒸汽管线
【多选题】
在投油初期调整裂解炉炉膛负压的方法有___。
A. 调整烟道挡板开度
B. 调整烧嘴风门开度
C. 调整燃料气量
D. 调整投油量
【多选题】
合理控制急冷水塔塔釜温度的主要目的是___。
A. 尽量回收急冷水中的热量
B. 确保急冷水不发生乳化
C. 有利于控制急冷水塔塔顶温度
D. 有利于控制汽油分馏塔塔顶温度
【多选题】
蒸汽透平润滑油系统在启动透平前,正确的状态有___。
A. 润滑油辅助油泵已经启动,润滑油压力正常
B. 润滑油冷却器已经正常投用
C. 两台润滑油过滤器一台已经正常投用,另一台已经充液备用
D. 润滑油油箱满液位
【多选题】
下列选项中,可作为伴热蒸汽的是___。
A. 工艺蒸汽(PS)
B. 低压蒸汽
C. 中压蒸汽
D. 高压蒸汽
【多选题】
下列各项中,对结焦程度有影响的是___。
A. 稀释蒸汽流量
B. 原料种类
C. 炉出口温度
D. 炉管材质
【多选题】
急冷水塔塔釜温度过高的调节措施包括___。
A. 提高中部急冷水返回量
B. 提高上部急冷水返回量
C. 调节急冷水用户压差
D. 加大急冷水冷却器冷却水流量
【多选题】
急冷水塔水侧液位高的原因有___。
A. 水系统排污量大
B. 系统补入中压蒸汽量小
C. 系统补入中压蒸汽量偏大
D. 系统排污量偏小
【多选题】
对于裂解炉烧嘴来说,正常巡检时,应该重点观察___。
A. 检查烧嘴前燃料气压力
B. 检查各烧嘴的燃烧情况
C. 检查烧嘴是否有堵塞现象
D. 检查烧嘴前燃料气支管活接头是否泄漏
【多选题】
机械维修人员对关键机组的特护应开展设备点检,采用“看、听、摸、嗅、测”等常规检查方法,检查设备及配管的___等变化情况。
【多选题】
裂解炉对流段的主要作用,是___。
A. 将原料预热、汽化并过热至裂解温度
B. 回收烟气中的废热,提高裂解炉热效率
C. 使原料有足够时间,充分裂解
D. 增加一次反应,减少二次反应
【多选题】
进设备作业前须对受限空间进行气体采样分析,下列分析结果中合格的是:___
A. 可燃气体浓度0.2%
B. 氧含量19.5%
C. H2S浓度10mg/m3
D. 一氧化碳浓度10mg/m3
【多选题】
回收急冷水中低位热量的途径有___。
A. 裂解部分原料预热
B. 分离单元丙烯精馏塔热源
C. 压缩单元裂解气过热
D. 冷却外送裂解燃料油
【多选题】
超高压蒸汽发生系统管线化学清洗过程中,要分别进行酸洗和碱洗,其中不是碱洗的目的是___。
A. 除去泥砂
B. 除去管壁上附着的铁锈
C. 除去防锈油(脂)
D. 除去焊渣等机械杂质
【多选题】
下列各项中属于急冷区日常分析项目的有___。
A. 工艺水pH值
B. 急冷水pH值
C. 稀释蒸汽汽包排污pH值
D. 稀释蒸汽凝液pH值
【多选题】
正常生产时,裂解单元废渣的来源有___。
A. 烧焦罐焦粒
B. 急冷油循环泵入口过滤器焦粒
C. 急冷油循环泵出口过滤器焦粒
D. (减粘后)裂解燃料油采出泵入口过滤器焦粒
【多选题】
减粘塔依靠___作用,将急冷油中最重的组分脱离出来。
A. 汽提
B. 重力沉降
C. 离心沉降
D. 冷凝
【多选题】
安全阀按照开启度分类,可分为___。
A. 全启式
B. 微启式
C. 中启式
D. 敞开式
【多选题】
关于裂解炉的维护内容,下列说法正确的是___。
A. 烟气横跨温度不得超过设计指标的0℃以上
B. 炉出口压力不得超过设计值
C. 裂解炉炉膛应保持在一定的负压下运行,不允许正压操作
D. 烟气含氧量应维持在2~3%之间,并保证烟囱不冒黑烟
【多选题】
蒸汽透平润滑油系统在启动透平前,正确的状态有___。
A. 润滑油辅助油泵已经启动,润滑油压力正常
B. 润滑油冷却器已经正常投用
C. 两台润滑油过滤器一台已经正常投用,另一台已经充液备用
D. 润滑油油箱满液位
【多选题】
设置汽油分馏塔中段回流的目的有___。
A. 提高汽油分馏塔的热负荷
B. 降低汽油分馏塔的热负荷
C. 提高汽油分馏塔的处理能力
D. 降低汽油分馏塔的处理能力
【多选题】
当裂解炉烧嘴出现脱火现象时,正确的调整手段有___。
A. 适当加大燃料气量
B. 关小烧嘴风门
C. 适当降低燃料气压力
D. 开大烧嘴风门
【多选题】
可以有效延长裂解炉运行周期的方法包括___。
A. 提高稀释比
B. 降低COT
C. 降低进料量
D. 调整燃烧模型
【多选题】
联锁系统的输入信号可以是___。
A. 压力信号
B. 温度信号
C. 液位信号
D. 流量信号
【多选题】
安全阀按其工作原理可分为___。
A. 弹簧式
B. 重锤式
C. 杠杆式
D. 导向式
【多选题】
下列各项中,对结焦程度有影响的是___。
A. 稀释蒸汽流量
B. 原料种类
C. 炉出口温度
D. 炉管材质
【多选题】
下列各项中,可能会造成裂解炉排烟温度高的是___。
A. 对流段吹灰
B. 辐射段窥视孔漏风
C. 汽包排污过大
D. 烧嘴燃烧情况不佳
【多选题】
下列各项中,有利于降低急冷油粘度的调整方法是___。
A. 减小侧线采出量
B. 适当降低急冷器出口温度
C. 适当降低DS压力
D. 外接调质油
【多选题】
裂解炉辐射段炉管断裂时的紧急处理应该包括___。
A. 切断裂解炉原料供应
B. 停急冷油
C. 切大阀
D. 切断裂解炉燃料供应
【多选题】
因循环水水质不稳定而引起的常见故障有___。
A. 结垢故障
B. 腐蚀故障
C. 生物故障
D. 粘泥故障
