【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
推荐试题
【单选题】
辛亥革命取得的最大成就是___
A. 推翻了封建帝制
B. 促进了资本主义的发展
C. 使人民获得了一些民主自由权利
D. 打击了帝国主义的殖民势力
【单选题】
新文化运动兴起的标志是___
A. 蔡元培“兼容并包”办学方针的采用
B. 民主与科学口号的提出
C. 陈独秀在上海创办《青年》杂志
D. 李大钊发表《庶民的胜利》
【单选题】
前期新文化运动与资产阶级改良派、革命派思想相比,就其作用而言,主要“新”在___
A. 传播了资产阶级民权平等思想
B. 动摇了封建正统思想的统治地位
C. 绝对肯定了西方文化的进步性
D. 深入研究和传播了马克思主义
【单选题】
在20世纪第二个十年,堪称中国历史转折之里程碑的是___
A. 武昌起义、中华民国建立
B. 《新青年》创办、武昌起义
C. 五四运动、《新青年》创办
D. 中华民国建立、五四运动
【单选题】
最能体现五四运动性质的口号是___
A. 废除“二十一条”
B. 还我青岛
C. 外争国权,内惩国贼
D. 拒绝在和约上签字
【单选题】
在中国大地上率先举起马克思主义旗帜的是___
A. 李大钊
B. 陈独秀
C. 张国焘
D. 毛泽东
【单选题】
标志着中国新民主主义革命开端的是___
A. 新文化运动
B. 五四运动
C. 中国共产党的诞生
D. 辛亥革命
【单选题】
1920年8月中国工人阶级政党最早的组织成立于___
【单选题】
1921年9月,中国共产党领导创建的第一个农民协会位于___
A. 广东海丰县赤山约
B. 广东陆丰县
C. 浙江萧山县衙前村
D. 湖南衡山县白果
【单选题】
中国共产党第一次提出明确的反帝反封建的民主革命纲领是在___
A. 《新青年》创刊号上
B. 中共“一大”会议上
C. 中共“二大”会议上
D. 中共“三大”会议上
【单选题】
孙中山说:“国民党在堕落中死亡,因此要救活它,就需要新鲜血液。”为此他采取的主要措施是___
A. 接受中共反帝反封建的主张
B. 重新解释三民主义
C. 以党内合作方式同共产党合作
D. 建立黄埔军校,培养新式军事干部
【单选题】
新三民主义之所以成为第一次国共合作的政治基础,主要原因是___
A. 它与中国共产党的最高纲领一致
B. 它适应了时代发展的潮流
C. 它与中共的民主革命完全一致
D. 它与中共民主革命纲领若干原则一致
【单选题】
近代以来中国人民第一次从帝国主义手中收回被侵略的一些侵略权益是___
A. 关税自主权
B. 片面最惠国待遇
C. 领事裁判权
D. 汉口、九江英租界
【单选题】
大革命取得的最突出的成就是___
A. 促使工农运动蓬勃开展
B. 进行了北伐战争
C. 基本推翻了北洋军阀的统治
D. 扩大了中国共产党在群众中的影响
【单选题】
第一次国共合作终于全面破裂的历史事件是___
A. “四·一二”政变
B. 马日事变
C. 夏斗寅叛乱
D. “七·一五”政变
【单选题】
大革命的失败,给中共最深刻的教训是___
A. 无产阶级必须掌握革命领导权和革命武装
B. 要建立巩固的工农联盟
C. 要警惕统一战线内部的野心家
D. 要制定彻底的革命纲领
【单选题】
1927年南昌起义的最大意义在于___
A. 开始与国民党反动派武装对抗
B. 确立党对军队的绝对领导
C. 建立了第一个无产阶级革命政权
D. 开创了“工农武装割据”的革命道路
【单选题】
南昌起义、秋收起义、广州起义中得出的深刻教训是___
A. 必须武装反抗国民党反动派
B. 必须建立党对军队的绝对领导
C. 必须建立新型的人民军队
D. 走适合中国国情的革命道路
【单选题】
八七会议前后,中共发动的几次大规模武装起义均以夺取大城市为目标,这种情况表明___
A. 我党在城市拥有相对强大的革命力量
B. 敌人在某些大城市力量不足
C. 我党的革命道路脱离实际
D. 我党尚未充分认识到农民是革命的动力
【单选题】
井冈山根据地的建立与巩固___
A. 开辟了农村包围城市武装夺取政权的道路
B. 确立党对军队的绝对领导
C. 是中共独立领导武装斗争的开端
D. 是土地革命战争时期的开始标志
【单选题】
1927年下半年,中国革命呈现出的根本趋势是___
A. 中共的工作重心开始由城市转移到农村
B. 中共发动武装起义夺取城市
C. 中共发动了一系列罢工,反对国民党统治
D. 中共党内出现了“左”倾机会主义错误
【单选题】
中国革命必须走农村包围城市最后夺取城市这样一条道路,主要取决于___
A. 中国农民人口多
B. 中国革命的发展趋势
C. 中国半殖民地半封建社会性质
D. 敌人在农村力量薄弱
【单选题】
确立党对人民军队的绝对领导这个根本原则是在___
A. 古田会议
B. 三湾改编
C. 《中国革命战争的战略问题》
D. 《战争和战略问题》
【单选题】
中国民主革命的基本问题___
A. 武装斗争问题
B. 党的建设问题
C. 统一战线问题
D. 农民问题
【单选题】
从1927年到1930年上半年,中国共产党领导的农村革命根据地和红军得到了迅速发展,其根本措施是___
A. 肃清右倾投降主义路线
B. 工农武装割据波浪式推向全国
C. 纠正“左”倾军事冒险计划
D. 开展“打土豪、分田地”的土地革命
【单选题】
中国革命历史上制定的第一个土地法是___
A. 兴国土地法
B. 井冈山土地法
C. 中国土地法大纲
D. 土地问题
【单选题】
1928年召开的中共“六大”认为,民族资产阶级是最危险的敌人之一,国民党的各个派别都是一样的反革命。这一观点表明___
A. 大会仍未肃清“左”倾思想
B. 中共着力纠正“左”倾思想
C. 中共认清了革命的对象与动力
D. 大会纠正了右倾主义路线
【单选题】
20世纪30年代,中国共产党内最早提出反对教条主义任务的领导人是___
A. 毛泽东
B. 刘少奇
C. 周恩来
D. 张闻天
【单选题】
第五次反“围剿”的失败充分证明了___
A. 良好的群众基础是红色政权存在的重要条件
B. 全国的革命形势对红色政权的影响巨大
C. 相当力量的正式红军的存在,是造成工农武装割据的重要条件
D. 中国共产党的正确领导是红色政权存在的最重要条件
【单选题】
下列会议,结束了王明“左”倾冒险主义在党中央的统治的是___
A. 瓦窑堡会议
B. 遵义会议
C. 中共“六大”
D. 晋绥干部会议
【单选题】
陈独秀的右倾投降主义和王明“左”倾冒险主义都给中国带来严重危害,这两次错误路线产生的根源在于___
A. 共产国际错误指导
B. 错误领导人排挤毛泽东
C. 中共处于幼年时期,理论思想尚不成熟
D. 国民党分化破坏活动
【单选题】
1932年1月28日,奋起抵抗日军进攻上海的是___
A. 第二十九军
B. 第十九路军
C. 第二十六路军
D. 第二十五军
【单选题】
促进了中华民族的觉醒,标志着中国人民抗日救亡运动新高潮到来的是___
A. 一二九运动
B. 五卅运动
C. 五四运动
D. 一二一运动
【单选题】
1935年12月,中共中央提出了抗日民族统一战线的政策会议是___
A. 洛川会议
B. 瓦窑堡会议
C. 八七会议
D. 十二月会议
【单选题】
标志着十年内战的局面结束,国内和平基本实现,成为时局转换枢纽的是___
A. 国民党五届三中全会的召开
B. 西安事变的和平解决
C. 中共瓦窑堡会议的召开
D. 蒋介石发表庐山谈话
【单选题】
在惨绝人寰、震惊中外的南京大屠杀中,日军共杀害中国军民达___
A. 10万以上
B. 30万以上
C. 5万
D. 50万以上
【单选题】
日本全面侵华战争开始的标志是___
A. “九一八”事变
B. 华北事变
C. 卢沟桥事变
D. “一二八”事变
【单选题】
1937年8月,中国共产党制定抗日救国十大纲领的会议是___
A. 洛川会议
B. 瓦窑堡会议
C. 八七会议
D. 十二月会议
【单选题】
抗战时期,取得全民族抗战以来中国军队第一次重大胜利的军事行动是___
A. 忻口战役
B. 台儿庄战役
C. 平型关
D. 凇沪战役
【单选题】
抗日战争时期,根据地政权民主建设主要体现为___
A. 建立中华苏维埃共和国
B. 实行“三三制原则”
C. 开展整风运动
D. 推行精兵简政政策
