【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
推荐试题
【判断题】
网络空间是亿万民众共同的精神家园,但它和现实社会不一样,只需要提倡自由,可以不保持秩序。
【判断题】
旗帜鲜明反对和抵制各种错误观点不用区分政治原则问题、思想认识问题、学术观点问题。
【判断题】
社会主义核心价值观和社会主义核心价值体系的方向不一致,前者体现了社会主义意识形态的本质要求, 后者却是体现了社会主义制度在思想和精神层面的质的规定性。
【判断题】
正确处理人民内部矛盾,特别是涉及广大人民群众切身利益的矛盾,是保持社会安定团结良好局面的关 键。
【判断题】
消除贫困、改善民生、逐步实现共同富裕,是社会主义的本质要求,是我们党的重要使命。
【判断题】
新时代我国面临的安全和发展环境并不复杂,各种可以预见和难以预见的风险因素明显减少。
【判断题】
党和政府应加强和创新对建设社会主义和谐社会各项工作的领导,把发展经济、提高国家文化软实力 作为社会建设的根本任务。
【判断题】
虽然说生态兴则文明兴,生态衰则文明衰,但随着人类文明的发展,生态环境可以找到替代品。
【判断题】
在生态系统保护和修复中,把利用自然力修复生态系统放在首位。
【判断题】
全面小康,覆盖的人口要全面,是惠及全体人民的小康。全面小康,覆盖的区域要全面,是城乡共同 发展的小康。
【判断题】
国家治理体系和治理能力是一个国家的制度和制度执行能力的集中体现。
【判断题】
严格依法办事是法治区别于人治的重要标志。
【判断题】
党的十一届三中全会明确提出了“ 发展社会主义民主、健全社会主义法治” 的重大方针。
【判断题】
“ 坚持党要管党、全面从严治党” 是新时代党的建设的根本方针。
【判断题】
全面小康,覆盖的领域要全面,是“ 三位一体” 全面进步的小康。
【判断题】
改革是经济社会发展的强大动力,发展是解决一切经济社会问题的前提,稳定是改革发展的关键。
【判断题】
法律具有规范社会行为、调节社会关系、维护社会秩序的作用。道德不具有这些方面的作用。
【判断题】
党的组织建设的核心是保持党同人民群众的血肉联系。
【判断题】
依法治军是人民军队建军之本、强军之魂。
【判断题】
实现把人民军队全面建成世界一流军队目标的时间是在 2035年。
【判断题】
党委统一的集体领导下的首长分工负责制是党领导军队的根本制度。
【判断题】
和平共处五项原则一直是我国处理对外关系的基本准则。
【判断题】
实现中华民族伟大复兴的中国梦的奋斗目标,必须要有和平国际环境。
【判断题】
中国坚定不移地奉行独立自主的和平外交政策,是由我国的社会主义性质和在国际上的地位所决定的。
【判断题】
推动建立新型国际关系,要坚决维护国家核心利益。
【判断题】
“ 一带一路” 与构建人类命运共同体没有关系。
【判断题】
构建人类命运共同体既是中国外交的崇高目标,也是世界各国的共同责任和历史使命。
【判断题】
中国共产党的领导地位是历史和人民的选择。
【判断题】
历史表明,中国共产党领导中国人民开辟的中国特色社会主义道路是正确的,必须长期坚持、永不动 摇。
【判断题】
历史表明,中国共产党和中国人民扎根中国大地、吸纳人类文明优秀成果、独立自主实现国家发展的 战略是正确的,必须长期坚持、永不动摇。
【判断题】
实现中华民族伟大复兴关键在全面依法治国。
【判断题】
中国特色社会主义是改革开放以来党的全部理论和实践的主题,是党和人民历尽千辛万苦、付出巨大 代价取得的根本成就。
【判断题】
坚持中国共产党的领导,是党和国家的根本所在、命脉所在。
【单选题】
有正式党员( )人以上的党支部,应当设立党支部委员会。(出题单位:上海市普陀区区委组织部)___
【单选题】
建立健全党支部按期换届提醒督促机制。根据党组织隶属关系和干部管理权限,上级党组织对任期届满的党支部,一般提前()以发函或者电话通知等形式,提醒做好换届准备。对需要延期或者提前换届的,应当认真审核、从严把关,延长或者提前期限一般不超过() 。出题单位:上海市委宣传部基层工作处(统战处)___
A. 6个月 1年
B. 3个月 半年
C. 6个月 2年
D. 3个月 1年
【单选题】
党支部党员大会是党支部的议事决策机构,由全体党员参加,一般()召开()。出题单位:上海市委宣传部基层工作处(统战处)___
A. 每个月 1次
B. 每季度 1次
C. 每年 1次
D. 每年 2次
【单选题】
经过长期努力,中国特色社会主义进入了新时代,这是我国发展新的( )。(出题单位:杨浦区委宣传部)___
【单选题】
中国共产党人的初心和使命,就是为中国人民____ ,为中华民族____。这个初心和使命是激励中国共产党人不断前进的根本动力。(出题单位:黄浦区委网信办)___
A. 谋幸福,谋未来
B. 谋生活,谋复兴
C. 谋幸福,谋复兴
D. 谋生活,谋未来
【单选题】
党支部委员会会议一般每月召开()次,根据需要可以随时召开,对党支部重要工作进行讨论、作出决定等。党支部委员会会议须有()委员到会方可进行。重要事项提交党员大会决定前,一般应当经党支部委员会会议讨论。出题单位:上海市委宣传部基层工作处(统战处)___
A. 1次 全部
B. 2次 半数以上
C. 2次 全部
D. 1次 半数以上
