【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
推荐试题
【判断题】
个人账户久悬处理时效是五年未进出转久悬,俗称:休眠。
【判断题】
当日一经做久悬激活,要次日才可以做回正常转久悬。
【判断题】
因挂失原因,久悬账户的激活,必须是本人。如果因特殊需要而代理进行了激活,激活后必须进行销户。
【判断题】
结转方式要按交易显示的账户状态作相应的选择,无人申领---选择收益转正常,休眠状态的,选择久悬转正常。
【判断题】
久悬户可委托代理人办理销户手续,只需出示申请人有效身份证件。
【判断题】
账户时效一年未进出转久悬,转久悬后一年未进出转收益。
【判断题】
久悬账户处理包括:久悬转正常,收益转正常,正常转久悬三种。本人和代理人均可办理。
【判断题】
对于久悬账户,代理要求挂失,可以先行久悬激活。
【判断题】
久悬户激活需本人携带有效证件到我行任一营业网点办理。
【判断题】
久悬户激活需本人携带有效证件到账户开户网点办理。
【判断题】
久悬激活时,若客户提供的户名和我行留存的户名不一致,但客户提供了相关证明材料且能确认为本人的,激活后仍可正常使用。相关证明材料与其他资料一并做附件。
【判断题】
“定存冠”绑定账户为“久悬户”,如代理人来办理定存冠销户,柜员只能要求客户本人前来久悬转正常后才能办理销户手续。
【判断题】
时效是三年未进出对私活期账户转久悬,俗称:休眠。转久悬后一年未进出转收益,俗称:无人申领。
【判断题】
久悬业务办好后,回单交给客户,客户无需签字。
【判断题】
对私活期久悬户可委托代理人办理销户手续,但需出示申请人及代理人有效身份证件。
【判断题】
未在我行开立账户的单位,不得办理批量业务。
【判断题】
批量开户成功后,必须打印成功清单,放入当日传票。
【判断题】
代发工资开户时,若非单位法人办理的,只需提供经办人身份证件及授权书。
【判断题】
代发工资企业必须为我行开立的基本账户。
【判断题】
使用非基本账户代发工资的企业,需遵守新版《绍兴银行代发工资业务协议书》,但已签订老版协议的企业,无需再次补签。
【判断题】
未在我行开立结算账户的行政事业单位,不得办理代发工资业务。
【判断题】
批量开户时单位经办人须联网核查身份证件,其他开户员工不需要进行联网核查身份证件。
【判断题】
未在我行开立结算账户的行政事业单位可以在我行办理代发工资业务,需提供营业执照或上级机构批文或其他证明文件,并留存复印件。
【判断题】
进账单第一联并加盖清讫章作转账业务回单,二联通用凭证第二联并加盖清讫章作代发开户回单,开户完成的凭证,此处为存单,加盖业务公章、柜员私章后递交客户。
【判断题】
申请单位没有预先在我行开户,现在需要办理批量业务的,则在客户号输入“999999999”,回车后显示蓝色框选中的银行内部户即为客户名称。
【判断题】
“是否短信通知”,若选“是”则表示客户可以去6207交易开通批量短信业务,该短信业务只表示“批量代发”时可以发送短信给客户,否则一般客户都选“否”不去批量开通短信通知。
【判断题】
批量开户清单每页须加盖单位财务章或单位公章。
【判断题】
办理批量代发业务时,单位提供的清单上必须要有合计金额,若无可由经办柜员补记并加盖柜员私章。
【判断题】
企业网银开通代发工资功能。企业网银代发工资银行级限额执行如下标准:单笔金额500万元(含),日累计金额1000万元(含)。
【判断题】
存款人只能在银行开立一个基本存款账户,银行不得在同一网点为单位客户开立基本存款账户和一般存款账户。
【判断题】
除基本账户外,其他账户开立后一个月内,应由客户经理或指定人员到单位客户的经营(办公)场所进行实地回访核实。
【判断题】
注册验资的临时存款账户在验资期间只收不付,注册验资的汇缴人与出资人可以不一致
【判断题】
银行工作人员严禁代理客户办理各类单位银行结算账户的开户手续。
【判断题】
账户开立后,开户单位的开户资料和预留印鉴,一律不准再由开户单位或他人经手,也不准在银行内部违规调阅、复印和使用。
【判断题】
基本存款账户是存款人办理日常转账结算和现金收付的账户,存款人的工资、奖金等现金的支取,只能通过该账户办理。
【判断题】
开户行必须遵循“了解你的客户”的原则,通过外部网站查询企业资质,落实实际经营地实访等方式,勤勉尽职,做好企业存款人的调查工作,识别企业身份及其实际控制人、收益所有人身份,了解企业开户目的及用途,并根据反洗钱要求填制《单位客户尽职调查表》。
【判断题】
开户手续完成后,应交给开户单位的有关资料、印鉴卡等物品,需填制移交清单,直接交给有权人,如果客户不在,也可以由客户经理转交。
