【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
推荐试题
【单选题】
(25)我国正在建设中的“三峡水利枢纽工程”主要是为了解决___
A. 水污染问题
B. 水资源时间分配不均的问题
C. 水资源空间分布不均的问题
D. 水资源总量不足的问题
【单选题】
(27)对细胞的概念,近年来比较普遍的提法是:有机体的___
A. 形态结构的基本单位
B. 形态与生理的基本单位
C. 结构与功能的基本单位
D. 生命活动的基本单位
【单选题】
(28)要观察细胞的生命活动,通常需要借助 ___
A. 放大镜
B. 望远镜
C. 显微镜
D. 反光镜
【单选题】
(29)与洋葱细胞相比,家兔细胞缺少的结构是 ___
A. 细胞膜
B. 细胞质
C. 细胞壁
D. 细胞核
【单选题】
(30)自然界的生物可以分为三大类,这就是 ___
A. 动物、植物与微生物
B. 海洋生物、陆地生物与高山生物
C. 动物、植物与昆虫
D. 高等生物、低等生物与微生物
【单选题】
(31)香樟是一种在长江三角洲地区常见的树种,它是属于 ___
A. 常绿针叶树种
B. 落叶针叶树种
C. 常绿阔叶树种
D. 落叶阔叶树种
【单选题】
(32)老虎与豹是属于同一科大动物。下列动物中也属该科的是___
【单选题】
(33)生物是人类不可缺少的“朋友”,但目前正遇到 ___
A. 人工培育威胁
B. 种类减少威胁
C. 自相残杀威胁
D. 天外来客威胁
【单选题】
(34)被发现在南非的古沉积岩中,地球上最早出现的绿色植物是___
A. 蕨类植物
B. 地衣
C. 蓝藻
D. 苔藓
【单选题】
(35)城市道路两旁普遍种植大叶法国梧桐,既能绿化,又能吸尘。“法国梧桐”其实是___
A. 原产法国,是从法国引进栽培的
B. 原产东南欧、印度及美洲的悬铃木
C. 属于梧桐科的一种
D. 不清楚
【单选题】
(36)哺乳动物是胎生的脊椎动物,靠母体分泌的乳汁浦育初生幼体,多生活在陆地,有些也生活在海洋中。下列三种海洋动物哪个是哺乳动物?___
【单选题】
(37)下列动物中,属于鱼类的是___
【单选题】
(40)从已发现的化石看,人类的演化大致可以依次分为从南方古猿阶段到___
A. 能人阶段、直立人阶段到智人阶段
B. 直立人阶段、能人阶段到智人阶段
C. 直立人阶段、智人阶段到能人阶段
【单选题】
(43)植物、藻类利用叶绿素产生的光合作用过程中,在可见光的照射下,能将二氧化碳和水转化为有机物,释放出的是 ___
【单选题】
(44)呼吸作用是生物体内的有机物在细胞内经过一系列的氧化分解,在释放出能量的同时,最终生成的主要是 ___
A. 氧气
B. 二氧化碳
C. 氮气
D. 不知道
【单选题】
(45)晚上,植物与动物都不应该放入卧室内,要将其移到卧室外,这是因为它们会降低卧室内的 ___
A. 空气温度
B. 空气湿度
C. 氧气浓度
D. 氮气浓度
【单选题】
(46)亲代与子代之间传递遗传信息的物质就是“遗传物质”,这种物质的载体被称谓是 ___
A. 染色体
B. 基因
C. 细胞
D. 蛋白质
【单选题】
(47)染色体和遗传基因的关系是 ___
A. 两者互不相干
B. 两者是相同的概念
C. 染色体上携带基因
D. 基因上携带染色体
【单选题】
(48)具有典型细胞结构的生物的遗传物质是 ___
A. RNA
B. DNA
C. DHA
D. PHA
【单选题】
(49)“基因型身份证”主要是利用现在国内外最先进的DNA指纹技术,选取若干个固定的遗传基因位点进行鉴定。2002年9月郑州市民李广利先生正式领到了我国第一张18个位点的基因型身份证。你认为李广利先生这张身份证上的18个位点的信息取自 ___
A. 细胞壁
B. 细胞膜
C. 细胞质
D. 细胞核
【单选题】
(50) “大鱼吃小鱼,小鱼吃虾米,虾米吃泥巴”这句话反映了自然界的一个基本概念,这个概念就是 ___
A. 生态平衡
B. 食物链
C. 物质循环
D. 能量转换
【单选题】
(53) “野生动物上饭桌就是死的,不食用也是浪费”,你对此 ___
A. 很有同感
B. 有些认同
C. 很不支持
D. 难定是非
【单选题】
(54)最早明确提出生物进化论的科学家是 ___
A. 达尔文
B. 牛顿
C. 伽利略
D. 哥伦布
【单选题】
(56)你认为,“保护生物多样性” ___
A. 很有必要
B. 有必要
C. 不太有必要
D. 完全没必要
【单选题】
(57)地球上种类最多、数量最多的动物是什么?___
【单选题】
(58)人体消化系统中的消化道,其起始部分是 ___
【单选题】
(59)将食物分解为人体能够吸收的小分子物质主要依靠 ___
【单选题】
(60)人体中的消化酶有很多种。消化酶都具有生物活性,受外部环境的影响很大,比如温度、湿度,以及 ___
A. 盐度
B. 酸碱度
C. 氧浓度
D. 密度
【单选题】
(61)人体的呼吸系统中不包括: ___
【单选题】
(62)人体与外界环境之间的气体交换过程,称为呼吸,从大气摄取新陈代谢所需要的氧气,排出的是 ___
A. 氮气
B. 二氧化碳
C. 一氧化碳
D. 氨气
【单选题】
(64)人体的呼吸是生命的标志,在呼吸有困难时,就应该 ___
A. 马上就医
B. 马上喝水
C. 增大运动
D. 实施人工呼吸
【单选题】
(65)血液是流动在心脏和血管内的不透明红色液体,成分为 ___
A. 血浆与血细胞
B. 水与白细胞
C. 红细胞与葡萄糖
D. 葡萄糖与血浆
【单选题】
(67)心血管系统是血液循环系统的主体,其动力源于 ___
A. 动脉
B. 静脉
C. 毛细血管
D. 心脏
【单选题】
(70)泌尿系统由肾脏、输尿管、膀胱及尿道组成,主要功能为 ___
【单选题】
(71)尿的生成是在肾中完成的,其生成过程是 ___
A. 持续性的
B. 间断性的
C. 周期性的
D. 无规律的
【单选题】
(73)人们已经了解到人的大脑功能其实是有分工的,“全脑开发”的概念就是为此而提出。其中主管逻辑思维的部分一般认为是 ___
A. 左半脑
B. 右半脑
C. 前半脑
D. 后半脑
【单选题】
(74)人的神经系统主要是由两大部分组成,其中一个部分叫“神经细胞”另一个部分称为 ___
A. 神经元
B. 神经纤维
C. 突触
D. 神经胶质
【单选题】
(75)神经系统对内、外环境的刺激所作出的反应叫 ___
【单选题】
(76)激素对人体的生理作用主要是: ___
A. 发动一次新的新陈代谢过程
B. 影响原有的新陈代谢过程
C. 直接参与物质或能量的转换
D. 不影响所有的新陈代谢过程
【单选题】
(77)很多药品都含有激素,下列药物中不含激素的是 ___
A. 皮炎平
B. 可的松
C. 地塞米松
D. 葡萄糖
