【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
推荐试题
【单选题】
银行从业人员服务语言要规范、()简洁、语句清晰()___
A. 准确,音量适中
B. 标准、音量稍低
C. 正确,音量适中
D. 准确,音量稍高
【单选题】
标准化服务规程规定,柜员在上班时间不得有如下举止()。___
A. 更换打印纸
B. 理财营销
C. 与同事耳语议论客户
D. 与客户谈话
【单选题】
以下哪些不属于良好的沟通习惯? 。 ___
A. 在与客户沟通时,非常严肃,从不笑
B. 注意客户的旋外之音
C. 控制自己的谈话时间
D. 适当做笔记
【单选题】
服务类工单指客户对银行产品、服务质量、硬件设施不满,服务类工单应于()个工作日内作出处理并完成回访,当天()时以后接收的工单,系统处理日期延长一天,双休及法定节假日顺延。___
A. 1,18
B. 2,17
C. 3,17
D. 5,18
【单选题】
建议表扬类工单应于()个工作日内做出处理并完成回访,并对客户满意的产品或体验服务做好记录,回复内容包括建议内容是否采纳,对被表扬人员是否有实质性奖励等要素。___
【单选题】
疑难类工单应于()个工作日内作出处理并完成回访。___
【单选题】
客户表达购买意向时,客户(理财)经理按规定对客户进行必要、客观、真实的 、风险认知和风险承受能力等相关内容测试,并得到客户本人 确认,确保将合适的产品和服务提供给合适的客户。___
A. 风险爱好,书面
B. 风险偏好,口头
C. 风险偏好,口头
D. 风险偏好,书面
【单选题】
在处理投诉中补偿性的主动服务错误是 。___
A. 为客户提供费率的优惠、赠送礼品或与客户建立个人交往等
B. 在情感上给客户的一种弥补和安抚
C. 只用于银行对客户的伤害或给客户造成的损失是无法改正或补偿的时候
D. 可以代替整个预期的服务
【单选题】
我联社目前开展的ETC业务分为哪几类___。
A. 储值卡,借记卡
B. 储值卡,记账卡
C. 储值卡,信用卡.
D. 借记卡,信用卡
【单选题】
ATM长款业务差错处理应在___个工作日内将款项上划至省联社资金清算中心。
【单选题】
新版电子银行自助签约账户转账单笔限额是( )元,日累计限额是( )元。___
A. 0.5万,2万
B. 0.2万,0.5万
C. 5万,20万
D. 2万,5万
【单选题】
新版个人手机银行转账单笔限额是( )元,日累计限额是( )元。___
A. 5万,20万
B. 20万,200万
C. 20万,100万
D. 100万,500万
【单选题】
新版个人网银转账单笔限额是( )元,日累计限额是( )元。___
A. 5万,20万
B. 500万,2000万
C. 200万,5000万
D. 500万,5000万
【单选题】
河南省农村信用社手机银行中的无卡取款业务日累计限额(),每日可进行()次无卡取款。___
A. 5000元,3次
B. 5000元,5次
C. 20000元,3次
D. 20000元,5次
【单选题】
我社自助设备支持单笔取款最高额度为?___
A. 3000元
B. 5000元
C. 10000元 D.20000元
【单选题】
以下哪个功能手机银行无法实现___
A. 网点查询
B. 贷款申请
C. 购买贵金属
D. 订购外卖
【单选题】
网银批量转账最大笔数为___笔
A. 100
B. 200
C. 300 D.500
【单选题】
网银最大代发笔数为___笔
A. 1000
B. 2000
C. 3000 D.5000
【单选题】
新客户可在河南省农村信用社所有网点开立不超过___张一类户金燕卡。
A. 1张
B. 2张
C. 3张 D.5张
【单选题】
微信银行中的无卡取款单笔限额是 元,日累计限额是 元。___
A. 5000,10000
B. 5000,5000
C. 5000,20000
D. 3000,5000
【单选题】
个人电子银行VIP额度设置中转账单笔限额最高是( )元,日累计限额最高是( )元。___
A. 1亿,10亿
B. 10亿,100亿
C. 100亿,100亿
D. 不限制,不限制
【单选题】
自助设备视频监控系统中录像资料进行刻录复制,保存时间不少于___个月。
【单选题】
自助设备每周至少做()次轧账,时间间隔不得超过___天。
A. 两,三
B. 三 三
C. 三,两
D. 两 ,两
【多选题】
《河南省农村信用社员工违规行为处理办法》对违规人员的处理种类有:___。
A. 经济处罚
B. 纪律处分
C. 批评教育
D. 开除
【多选题】
经济处罚包括:___。
A. 扣减绩效收入
B. 赔偿经济损失
C. 批评教育
D. 开除
【多选题】
有下列情形之一的,可以从轻或减轻处理:___。
A. 初次违规、过失违规且情节轻微的
B. 集体不当决策造成违规事件发生,尚未造成损失或社会不良影响的
C. 违规后认识错误态度较好,能主动检查纠正错误或交待问题,配合调查的
D. 主动赔偿经济损失或退出非法所得的
【多选题】
批评教育包括:___。
A. 责令限期改正
B. 责令书面检查
C. 诫勉谈话
D. 通报批评
【多选题】
组织处理包括:___。
A. 调离岗位、引咎辞职
B. 责令辞职
C. 停职、免职
D. 诫勉谈话
【多选题】
有下列情形之一的,可免予处理:___。
A. 因不可抗力造成损失、毁损的
B. 受到暴力胁迫时行为失当,事后积极补救的
C. 业务创新发生不当行为且损害后果轻微的
D. 已尽职尽责,因国家法律、法规、宏观产业政策发生重大变化,或其他外部因素导致风险或损失,并已积极采取措施的。
【多选题】
严重违反劳动纪律,有下列哪些行为的,给予警告至撤职处分;后果或情节严重的,予以辞退或给予开除处分?___
A. 旷工或者因公外出、请假期满无正当理由逾期不归的
B. 无正当理由经常迟到、早退或者擅自脱岗的
C. 故意刁难、欺骗误导客户,或服务态度恶劣被客户投诉的
D. 对他人进行骚扰、恐吓、侮辱、诽谤或泄露他人隐私的
【多选题】
对违规员工的经济处罚应按员工管理权限进行,一般情况,___。
A. 省联社负责对省联社、市农信办员工和县级行社领导班子成员作出经济处罚决定
B. 县级行社对辖属员工作出经济处罚决定
C. 经省联社授权,市农信办可对本级员工及辖内县级行社领导班子成员作出经济处罚决定
D. 上级机构不可对下级机构管辖员工直接作出经济处罚决定
【多选题】
各级农信社机构或部门负责人有下列行为之一的,给予警告至记大过处分;后果或情节严重的,给予降级至开除处分:___。
A. 超越权限决策的
B. 授意、指使、强令、胁迫下属违规办理业务
C. 违反民主决策程序,个人或少数人决定重大决策、大额资金调度、大额财务开支、大宗物品采购等重大问题,或拒不执行、擅自改变集体决定的
D. 决策不慎,重大改革方案或重大工作安排存在重大疏漏,或执行出现严重失误的
【多选题】
商业银行应当根据投资性质的不同,将理财产品分为___。
A. 固定收益类理财产品
B. 权益类理财产品
C. 商品及金融衍生品类理财产品
D. 混合类理财产品
【多选题】
商业银行应当根据运作方式的不同,理财产品类型有___。
A. 封闭式理财产品
B. 开放式理财产品
C. 定开型理财产品
D. 可赎回型理财产品
【多选题】
销售人员从事理财产品销售活动,应当遵循的原则有___。
A. 勤勉尽职原则
B. 诚实守信原则
C. 公平对待投资者原则
D. 专业胜任原则
【多选题】
国务院金融监督管理机构在反洗钱工作中的职责有___。
A. 参与制定所监督管理的金融机构反洗钱规章
B. 对所监督管理的金融机构提出按照规定建立健全反洗钱内部控制制度的要求
C. 审查新设金融机构或者金融机构增设分支机构的反洗钱内部控制制度方案
D. 对所监督管理的金融机构的可疑交易开展调查
【多选题】
下列属于高风险客户的有___。
A. 国务院有关部门、司法机关、中国人民银行、联合国安理会发布的制裁或关注名单
B. 来自避税天堂的离岸公司或与该公司进行交易的客户
C. 非盈利性事业单位
D. 自然人客户
