【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
推荐试题
【多选题】
收费碰到出口恶意冲卡的车辆,下列处理方法正确的是。___
A. 确保自身安全,提高安全防范意识
B. 收费班长及时上报车辆的相关信息
C. 收费班长将处理结果记录在班长日志里
D. 通行费由管理人员事后进行追缴
【多选题】
绿农产品目录中甘薯类主要包括以下哪几种?___
A. 白薯
B. 红薯
C. 山药
D. 芋头
E. 紫薯
【多选题】
目前收费道口发现的ETC违规车辆分两类,一是办理环节,二是使用环节。具体违规分以下那几种情况?___
A. 违规办理ETC
B. ETC车型不符
C. 车牌不符
D. 假冒集装箱使用ETC
【多选题】
关于ETC操作,下列描述正确的是。___
A. ETC专用车道有误闯车队列没有清除时,可能使后续的正常ETC车辆交易成功,但栏杆不抬
B. 司机提供CPU卡前,已刷复合卡,则重判车型,刷CPU卡;复合卡做已写未发卡,上交收费站销卡
C. 刷CPU卡后,发现车型误判:重判车型,再刷CPU卡
D. 如CPU卡故障、失效、入黑名单,则发放复合卡,并提醒驾驶员出口时走MTC车道(交复合卡),必要时,提醒驾驶员去服务点处理
【多选题】
国家高速公路网命名规则中联络线的编号为4位数,由组成。___
A. 主线编号
B. 数字“1”
C. 联络线顺序号
D. 英文字母
【多选题】
目前高速公路主要有哪几种偷逃通行费的行为?___
A. 调换通行卡
B. 扰乱计重数据
C. 伪造盗窃非法使用军警车辆号牌
D. 假冒绿色通道车
E. 冲卡
【多选题】
关于国际标准集装箱车辆,表述不正确的是。___
A. 集装箱车辆车货总重超限的按照超限车辆的收费方式收费
B. 出口收费员对装载二只20英尺或一只40英尺箱体的集装箱车应判七类车
C. 六类车、七类车分别与四类车、五类车的费率相对应
D. 以箱体为依据,未装载集装箱的挂车按普通货车收费
【多选题】
下列关于持CPU卡车辆从MTC车辆车道出口操作流程说法正确的是。___
A. 收费员等待车辆驶近,输入该车辆车型(含客车、货车)
B. 收费员刷CPU卡后,核对入口车牌(CPU 卡内的发行车牌)与出口车牌是否一致
C. 若车牌一致,选择“CPU 卡支付”,再次刷CPU 卡,选择“CPU付款”。支付成功后,确认放行车辆
D. 车牌不符,选择现金付费,付款后,确认放行车辆
【多选题】
公路按其在路网中的地位分为。___
A. 国道
B. 省道
C. 市道
D. 县道
E. 乡道
【多选题】
对绿色通道政策,以下描述正确的有。___
A. 从2010年12月1日起,全国所有收费公路(含收费的独立桥梁、隧道)全部纳入鲜活农产品运输“绿色通道”网络范围
B. 对整车合法装载运输鲜活农产品车辆免收车辆通行费
C. 对《目录》范围内的鲜活农产品与其他产品混装,且混装的其他产品不超过车辆核定载质量或车厢容积20%的车辆,比照整车装载鲜活农产品车辆执行
D. 考虑车辆计重设备可能出现的合理误差,对超限超载幅度不超过5%的鲜活农产品运输车辆,比照合法装载车辆执行
E. 运输的货物不属于农产品(含农产品装载比例低于10%的)属于绿农车严重恶意违规情况之一
【多选题】
以下哪些车道需要开启节假日免费模式。___
A. ETC入口专用车道
B. ETC出口专用车道
C. MTC入口车道
D. MTC出口车道
【多选题】
非ETC车辆或已列入黑名单车辆进入ETC车道后,收费员应。 ___
A. 阻止后面的车辆驶入本ETC车道
B. 要求误闯车倒车退出ETC专用车道,引导至MTC车道进行处理
C. 提醒驾驶员去服务点处理
D. ETC车道程序中,清车辆队列
【多选题】
假冒集装箱车持CPU卡在MTC车道出口时,操作正确的是。___
A. 核实相关证单,确定是假冒集装箱车的,按货车计重收费
B. 要求司机改为现金等其它方式支付通行费
C. 收缴CPU卡
D. 报ETC服务处,将此车辆列入黑名单
【多选题】
下列哪些规定不属于超限车辆。___
A. 集装箱车货总重45吨
B. 车货总高度从地面算起4米以上
C. 双联轴每侧双轮胎载质量14吨
D. 车货总宽度2.6米
【多选题】
若通行卡损坏(有明显痕迹),以下操作正确的是。 ___
A. 若卡中信息正常读出,则按通行卡入口站点打票收费,并收取通行卡工本费
B. 若卡中信息不能正常读出,则进行系统查询,信息相符,按正常车辆处理,并收取通行卡工本费
C. 若卡中信息不能正常读出,则进行系统查询,信息相符,按正常车辆处理,不收取通行卡工本费
D. 若确认无理由,按车辆可能行驶最远里程收费,并收取通行卡工本费
【多选题】
遇恶劣天气封道时,下列正确的是。___
A. 在广场放置告示牌
B. 允许收费员锁门后离开收费亭
C. 收费员应提前做好开通准备
D. 班长应加强广场巡逻
【多选题】
为确保高速公路行车安全而设置的交通标志设施有。___
A. 警告标志
B. 禁令标志
C. 指示标志
D. 指路标志
E. 公路情报板
【多选题】
假币的主要识别方法有。___
A. 纸张识别
B. 水印识别
C. 凹印技术识别
D. 荧光识别
E. 安全线识别
【多选题】
下列哪些情况不需要回收公务卡。___
A. 公务卡超出使用范围
B. 公务卡不可读且无效
C. 公务卡超过有效期
D. 卡内车牌与实际不符
【多选题】
出口车道收费员刷CPU卡操作步骤有。___
A. 输入客车车型
B. 输入车牌
C. 读卡
D. 收费员应核对入口车牌(CPU卡内的发行车牌)与出口车牌一致才允许按CPU卡支付
E. 收取通行费,系统显示付费方式选择的提示信息,操作员可按↑、↓键或数字键“7”选择CPU 卡付费
F. 放行车辆
【多选题】
联网路段对装有通风和监控设施且长度1000-2500米,2500-4000米,10000米以上的遂道,叠加通行费每次分别为几元?___
A. 1元
B. 2元
C. 5元
D. 10元
E. 15元
【多选题】
票据”键可用作以下哪些处理功能? ___
A. 更改发票号码
B. 发票重新打印
C. 预销票
D. 更改免费票号码
【多选题】
下列车驾号第一个数字的含义表述正确的是。___
A. 1代表载货汽车
B. 2代表越野汽车
C. 3代表牵引车
D. 4代表轿车
E. 5代表厢式汽车
F. 6代表自卸汽车
【多选题】
公路法所称的公路包括。___
A. 公路桥梁
B. 公路隧道
C. 公路渡口
D. 高速公路
E. 一级公路
F. 县乡道路
【多选题】
下列哪些属于入口车道票据键功能? ___
A. 更改缴费凭证号码
B. 更改免费票号码
C. 重新打印发票
D. 预销票处理
【多选题】
变造币是将真币用各种手段升值的人民币,它是一种破坏人民币的非法行为,其主要形式有。 ___
【多选题】
灭火器压力显示器指针在区域时,不需要重新检修。___
【多选题】
ETC电子标签可否自行拆卸修理,标签不慎脱落如何处理?___
A. 电子标签内有防拆卸功能,如果自行拆卸将导致信息丢失,无法正常使用
B. 电子标签出现故障后,需要到不停车收费服务处进行维修
C. 如果电子标签不慎脱落,需由服务处工作人员帮您重新安装才能正常使用
D. 如果电子标签不慎脱落,可以根据说明书自己安装
【多选题】
机动车在高速公路应当按车道指示的标志标明的允许通行的行驶。___
A. 车型
B. 最高行驶车速
C. 最低行驶车速
D. 方向
【多选题】
下列哪几条国家级高速公路在浙江省境内。___
A. G3
B. G15
C. G50
D. G2
E. G42
F. G56
【多选题】
车辆如在MTC车道出口,驾驶员在出示通行卡的情况下,后又出示CPU卡,收费员该如何进行操作? ___
A. 收费员先读复合通行卡
B. 选择CPU卡的付费方式
C. 读CPU卡核对车牌后收费放行
D. 按现金收费方式收费放行
【多选题】
以下哪几种绿农产品,可以享受免费绿农政策? ___
A. 海参
B. 鹌鹑
C. 核桃
D. 银杏
E. 杏子
【多选题】
关于办理偷逃高速公路通行费的若干司法意见中哪几种情况偷逃通行费数额较大的,可以处诈骗罪处罚。___
A. 采用调换车辆通行卡等方法减少实际通行计费里程
B. 使用伪造、变造的车辆通行卡支付
C. 使用伪造、变造、盗窃的其他车辆交费优惠证明
D. 假冒绿色通道免费车辆
E. 采用影响计重的方式,隐瞒车辆实际载重
F. 使用伪造、盗窃、买卖或者他人非法提供的武装部队车辆号牌
【多选题】
由于各种原因漏标(或误标)造成的卡内路径信息不准,采用如下规则。___
A. 系统自动容错后还能唯一确定路径的,按实际路径收费
B. 识别为多条路径的,系统提示多条路径,由班长旁证人工选择后再收费
C. 无法识别的,按最远路径收费
D. 无法识别的,按最短路径收费
【多选题】
有下列情形之一的,劳动合同终止。___
A. 劳动合同期满的
B. 劳动者开始依法享受基本养老保险待遇的
C. 劳动者死亡,或者被人民法院宣告死亡或者宣告失踪的
D. 用人单位被依法宣告破产的
E. 用人单位被吊销营业执照、责令关闭、撤销或者用人单位决定提前解散的
F. 法律、行政法规规定的其他情形
【多选题】
下列哪些情况,可订立无固定期限劳动合同。 ___
A. 老王在单位连续工作15年
B. 老赵在单位连续工作13年且距法定退休年龄还有11年的,今年单位第一次实行劳动合 同制度
C. 连续订立二次固定期限劳动合同小王患病后,在规定的医疗期满后不能从事原工作,无法继续从事单位安排的其他工作
D. 连续订立二次固定期限劳动合同,小张经年度考核不合格,经过培训或者调整工作岗位, 仍不能胜任工作的
E. 老陈在某国有大型企业已经11年,还有3年就要退休,今年企业进行改制重新订立劳动 合同
【多选题】
收费公路的权益包括。___
A. 收费权
B. 广告经营权
C. 服务设施经营权
D. 转让权
【多选题】
遇系统完全瘫痪收费员应做好那几项工作?___
A. 入口启用缴费凭证
B. 出口启用定额票
C. 入口发放免费票
D. 出口登记入口站点、金额、车型
【多选题】
下列对持有 浙江警通证的车辆操作正确的是。___
A. 入口不得阻拦
B. 出口迅速放行
C. 遇ETC系统故障时立即使用人工操作,快速免费放行
D. 核实行驶证后放行
