【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
【单选题】
1.三相刀开关的图形符号与交流接触器的主触点符号是___。
A. 一样的
B. 可以互换
C. 有区别的
D. 没有区别
推荐试题
【多选题】
企业生产过程中所使用的各种生产要素一般被划分为 ___
A. 土地
B. 企业家才能
C. 资本
D. 劳动
【多选题】
关于成本和利润的表述正确的有 ___
A. 企业所有的显成本和隐成本共同构成企业的总成本
B. 企业的经济利润是指企业的总收益和总成本之间的差额
C. 企业所追求的最大利润,指的是最大的正常利润
D. 经济利润也称为超额利润
【多选题】
质押担保的范围包括_______ ___
A. 主债权及利息
B. 质物保管费用
C. 实现质权的费用
D. 贷款担保费用
【多选题】
巴塞尔委员会将商业银行面临的风险划分为八大类,其中包括__________
A. 系统风险
B. 信用风险
C. 操作风险
D. 战略风险
【多选题】
信用风险的主要形式包括__________
A. 结算风险
B. 流动性风险
C. 非系统风险
D. 违约风险
【多选题】
操作风险可以分为七种表现形式,其中包括__________
A. 聘用员工做法和工作场所安全性
B. 业务中断和系统失灵
C. 客户、产品及业务做法
D. 实物资产损坏
【多选题】
下列关于资本作用的说法,正确的有__________
A. 资本为商业银行提供融资
B. 吸收和消化损失
C. 支持商业银行过度业务扩张和风险承担
D. 维持市场信心
【多选题】
下列关于经风险调整的业绩评估方法的说法,正确的有__________
A. 在经风险调整的业绩评估方法中,目前被广泛接受和普遍使用的是经风险调整的资本收益率(RAROC)
B. 在单笔业务层面上,RAROC可用于衡量一笔业务的风险与收益是否匹配,为商业银行是否开展该笔业务以及如何定价提供依据
C. 在资产组合层面上,商业银行在考量单笔业务的风险和资产组合效应之后可依据RAROC衡量资产组合的风险与收益是否匹配
D. 经风险调整的业绩评估方法是以监管资本配置为基础的
【多选题】
下列属于市场风险的有__________
A. 利率风险
B. 股票风险
C. 违约风险
D. 汇率风险
【多选题】
国家风险可分为__________
A. 政治风险
B. 信用风险
C. 社会风险
D. 经济风险
【多选题】
关于商业银行区域限额管理的以下说法,正确的有__________
A. 在我国,区域限额管理包括国家限额管理
B. 发达国家一般不对一个国家内的某一地区设置地区风险限额
C. 在一定时期内,我国商业银行实施区域风险限额管理是很有必要的
D. 在我国,区域风险限额在一般情况下经常作为指导性的弹性限额
【多选题】
下列可能给某商业银行带来声誉风险的有__________
A. 关于银行高比例不良资产的媒体报道
B. 银行对长期合作且信用良好的贷款客户大幅削减信贷额度
C. 市场流传次贷危机使得银行蒙受巨额亏损的消息
D. 银行工作人员长期对待客户态度粗暴
【多选题】
战略风险来自__________
A. 商业银行战略目标缺乏整体兼容性
B. 商业银行经营目标不能按时实现
C. 为实现战略目标而制定的经营战略存在缺陷
D. 为实现目标所需要的资源匮乏
【多选题】
巴塞尔委员会认为商业银行公司治理应遵循八大原则,其中包括__________
A. 商业银行应保持公司治理的透明度
B. 董事会和高级管理层应有效发挥内部审计部门.外部审计单位及内部控制部门的作用
C. 董事会应核准商业银行的战略目标和价值准则,并监督其在全行的传达贯彻
D. 董事会应确保对高级管理层是否执行董事会政策实施适当的监督
【多选题】
商业银行内部控制包括的主要因素有__________
A. 内部控制环境
B. 风险识别与评估
C. 内部控制措施
D. 信息交流与反馈
【多选题】
商业银行风险监测的具体内容包括__________
A. 开发风险计量模型
B. 监测各种可量化的关键风险指标的变化和发展趋势
C. 监测各种不可量化的风险因素的变化和发展趋势
D. 报告商业银行所有风险的定性/定量评估结果
【多选题】
商业银行风险管理部门的主要职责有__________
A. 监控各类金融产品和所有业务部门的风险限额
B. 在限额违规的情况下及时向风险管理委员会报告
C. 负责核准复杂金融产品的定价模型
D. 协助财务控制人员进行复杂金融产品价格评估
【多选题】
风险文化一般由_______三个层次组成。___
A. 风险管理理念
B. 风险模型
C. 制度
D. 知识
【多选题】
下列关于《巴塞尔新资本协议》中压力测试的说法,不正确的有__________
A. 压力测试必须具有意义且足够审慎
B. 进行压力测试的目标是要求商业银行必须考虑最差的情景
C. 在评估资本充足性时,采用内部评级法的商业银行不必具有压力测试过程
D. 除了一般的压力测试,商业银行必须进行信用风险压力测试
【多选题】
下列关于风险预警方法的说法中,正确的有__________
A. 黑色预警法不引进警兆指标变量,只考察警素指标的时间序列变化规律
B. 蓝色预警法侧重定量分析
C. 指数预警法利用警兆指标合成的风险指数进行预警
D. 统计预警法对警兆与警素之间的相关关系进行时差相关分析
【多选题】
下列关于银行利率风险的说法,正确的有__________
A. 如果银行以短期存款作为长期固定利率贷款的融资来源,则存在重新定价风险
B. 如果银行以长期固定利率存款作为长期浮动利率贷款的融资来源,则存在重新定价风险
C. 如果银行利息收入和利息支出所依据的基准利率变动不一致,则存在基准风险
D. 如果银行利息收入和利息支出依据相同的基准利率,该利率波动剧烈,则存在基准风险
【多选题】
下列关于金融期货的说法,正确的有__________
A. 利率期货包括以长期国债为标的的长期利率期货
B. 货币期货交易目的包括规避汇率风险
C. 股指期货是指以股票为标的的期货合约
D. 股指期货不涉及股票本身的交割
【多选题】
下列关于各类期权的说法,正确的有__________
A. 买方期权对买方来说是买入一个买入交易标的物的权利
B. 卖方期权对卖方来说是卖出一个卖出交易标的物的义务
C. 美式期权的买方在期权到期日前任意时点,可以随时要求卖方履行期权合约
D. 买权的执行价格低于现在的市场价格,则该期权属于价外期权
【多选题】
下列关于久期缺口的理解,正确的有__________
A. 当久期缺El为正值时,如果市场利率下降,银行的市场价值将增加
B. 当久期缺口为负值时,如果市场利率下降,银行的市场价值将减少
C. 当久期缺口为正值时,如果市场利率上升,银行的市场价值将减少
D. 久期缺口的绝对值越小,银行对利攀的变化越敏感
【多选题】
《巴塞尔新资本协议》对商业银行客户评级/评分的验证提出了许多要求,包括__________
A. 商业银行必须定期进行模型的验证
B. 商业银行必须建立一个健全的体系,用来检验评级体系.过程和风险因素评估的准确性和一致性
C. 商业银行必须定期比较每个信用等级的实际违约率和预期违约率
D. 商业银行必须在实际违约概率持续高于预期值的情况下下调预期值
【多选题】
《巴塞尔新资本协议》的新增内容包括__________
A. 将资本充足率作为保证银行稳健经营.安全运行的核心指标
B. 在资本充足率的计算公式中全面反映了信用风险.市场风险.操作风险的资本要求
C. 将银行资本分为核心资本和附属资本两类
D. 引入计量信用风险的内部评级法
【多选题】
《巴塞尔新资本协议》提出的内部评级法要求商业银行建立健全的内部评级体系,自行预测_______等信用风险因素,并根据权重公式计算每笔债项的信用风险资本要求。___
A. 违约概率
B. 违约损失率
C. 违约风险暴露
D. 违约原因
【多选题】
下列关于久期的说法,正确的有__________
A. 久期也称持续期
B. 久期是对金融工具的利率敏感程度或利率弹性的直接衡量
C. 久期的数学公式为.DP÷Dy=DXP÷(1÷Y)
D. 久期是以未来收益的现值为权数计算的现金流平均到期时间
【多选题】
市场风险内部模型的主要优点包括__________
A. 可以将不同业务.不同类别的市场风险用一个确切的数值来表示
B. 能在不同业务和风险类别之间进行比较和汇总
C. 将隐性风险显性化之后,有利于进行风捡的监测.管理和控制
D. 风险价值具有高度的概括性,简明易懂
【多选题】
下列关于计算VAR值参数选择的说法,正确的有__________
A. 如果模型是用来决定与风险相对应的资本,置信水平就应该取高
B. 如果模型用于银行内部风险度量或不同市场风险的比较,置信水平的选取就并不重要
C. 如果模型的使用者是经营者自身,则时间隔取决于其资产组合的特性
D. 如果模型的使用者是经营者自身,资产组变动频繁,则时间间隔应该长
【多选题】
市场风险是指因市场价格的不利变动而使银行的表内和表外业务发生损失的风险,其中的市场价格包括__________
A. 利率
B. 汇率
C. 工资率
D. 股票价格
【多选题】
下列关于衍生产品与市场风险关系的说法,正确的有__________
A. 衍生产品可用来防范市场风险
B. 衍生产品会产生新的市场风险
C. 衍生产品的杠杆作用可以完全消灭市场风险
D. 衍生产品的杠杆作用对市场风险具有放大作用
【多选题】
下列关于远期和期货的说法,正确的有__________
A. 远期合约允许投资者在不确定的未来时间购买或出售某项资产
B. 期货合约允许投资者按不确定的价格购买或出售某项资产
C. 远期合约是非标准化的.期货合约是标准化的
D. 远期合约一般通过金融机构或经纪商柜台交易,合约持有者面临交易对手的违约风险,而期货合约一般在交易所交易,由交易所承担违约风险
【多选题】
“9.11”事件给很多银行及企业造成了极大的损失,为应对此类事件,商业银行应当注意__________
A. 灾难备份
B. 强制员工休假
C. 审慎选择经营地址
D. 制定应急和连续营业方案
【多选题】
根据《巴塞尔新资本协议》的定义,当_______发生时,债务人即被视为违约。___
A. 债务人已经破产并因此将不履行偿还银行债务
B. 商业银行认定,除非采取追索措施,如变现抵押品(如果存在的话),借款人可能无法全额偿还对商业银行的债务
C. 债务人对于商业银行的实质性信贷债务逾期30天以上(含)
D. 银行停止对债务人贷款计息
【多选题】
期权的价值由哪几部分组成__________
A. 时间价值
B. 内在价值
C. 执行价格
D. 标地资产价格
【多选题】
个人客户评分方法中,信用评分常用的风险评分是预测消费者__________
A. 违约风险的大小
B. 开户后给商业银行带来潜在收益
C. 破产风险的大小
D. 坏账风险的大小
【多选题】
下列关于信用价差的说法,正确的有__________
A. 以无风险利率为基准的信用价差:贷款的收益率一对应的无风险债券的收益率
B. 信用价差增加表明贷款信用状况恶化
C. 信用价差减少表明贷款信用状况恶化
D. 信用价差增加表明贷款信用状况改善
【多选题】
常用的风险识别方法有__________
A. 专家调查列举法
B. 高级计量法
C. 情景分析法
D. 分解分析法
【多选题】
建立高效的风险管理部门应当固守的两个基本准则是__________
A. 风险管理部门是财务部门的辅助机构
B. 风险管理部门必须具备高度独立性
C. 风险管理部门不具有或只具有非常有限的风险管理策略执行权
D. 风险管理部门是风险管理策略的唯一执行部门
