【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
【单选题】
1.三相刀开关的图形符号与交流接触器的主触点符号是___。
A. 一样的
B. 可以互换
C. 有区别的
D. 没有区别
推荐试题
【判断题】
根据《保险销售从业人员监管办法》第十六条规定判断:只要持有保险销售从业人员资格证书,保险公司、保险代理机构就可以委托其从事保险销售
【判断题】
根据《保险销售从业人员监管办法》第四条规定:保险销售从业人员应当符合中国保监会规定的资格条件,取得中国保监会颁发的资格证书,执业前取得所在保险公司、保险代理机构发放的执业证书
【判断题】
根据《保险销售从业人员监管办法》第十七条规定:执业证书持有人的执业地域不得超出资格证书规定的从业地域范围
【判断题】
根据《保险销售从业人员监管办法》第十九条规定:保险销售从业人员可以在保险公司、保险代理机构的授权范围外从事保险销售
【判断题】
根据《保险销售从业人员监管办法》第十九条规定: 保险销售从业人员从事保险销售,应当出示执业证书,保险代理机构的保险销售从业人员还应当告知客户所代理的保险公司名称
【判断题】
根据《保险销售从业人员监管办法》第二十一条规定:保险公司委托保险代理机构销售保险产品,应当对保险代理机构的保险销售从业人员进行培训。培训内容至少应当包括本公司保险产品的相关知识
【判断题】
根据《保险销售从业人员监管办法》第二十二条规定:保险公司、保险代理机构不得发布有关保险销售从业人员收入或者其他利益的误导性广告,不得以购买保险产品作为发放执业证书的条件
【判断题】
根据《保险销售从业人员监管办法》第二十三条规定:保险公司、保险代理机构发现保险销售从业人员在保险销售中存在违法违规行为的,应当立即予以纠正,并向中国保监会派出机构报告
【判断题】
根据《保险销售从业人员监管办法》第二十七条规定:任何机构、个人不得扣留或者变相扣留他人的资格证书
【判断题】
根据《关于规范激活注册式意外险业务经营行为的通知》第一条规定:保险公司以激活注册方式销售意外险,应当向投保人明示保单生效的条件
【判断题】
根据《关于规范激活注册式意外险业务经营行为的通知》第二条规定:本通知自下发之日起,禁止以激活注册方式销售乘客人身意外险、旅游景点意外险等极短期意外险
【判断题】
根据《关于加强保险公司与商业银行保单质押贷款业务合作管理有关问题的通知》第一条规定:商业银行在开展保单质押贷款业务中,可以以贷款发放为条件,要求客户先购买保险,然后将保单到银行质押,或者用取得贷款的一定比例购买保险,再到银行进行质押
【判断题】
根据《关于加强人身保险收付费相关环节风险管理的通知》第一条第一款规定:现金收付费是指保险公司直接或通过第三方以现金的形式收付费
【判断题】
根据《关于加强人身保险收付费相关环节风险管理的通知》第一条第三款规定:保险营销员不得接受投保人委托代缴保险费、代领退保金,但经投保人同意的除外
【判断题】
根据《关于进一步加强投资连结保险销售管理的通知》第二条规定:保险公司委托银行代理销售投资连结保险的,可以通过储蓄柜台、理财中心或理财柜销售
【判断题】
根据《人身意外伤害保险业务经营标准》第一条第一款规定:意外险纸质保单应由总公司印制,经总公司授权,省级分公司和中心支公司也可以印制
【判断题】
根据《人身意外伤害保险业务经营标准》第一条第一款规定:保险公司可以授权保险中介机构或个人印制具有保单性质的保险信息单、保障告知卡等单证
【判断题】
根据《人身意外伤害保险业务经营标准》第二条第一款规定:保险公司及保险代理人(经纪人)销售意外险,应实现系统联网电脑出单,禁止手工出单,但尚不具备条件的地区可以脱机打印
【判断题】
根据《商业银行代理保险业务监管指引》第九条规定:保险公司和商业银行合作期间内,如果一方出现对双方合作关系有实质影响的不利情形,另一方可以提前中止合作
【判断题】
根据《商业银行代理保险业务监管指引》第十条规定:经保险公司同意,商业银行可以将保险代理业务转委托给其他机构或个人
【判断题】
根据《商业银行代理保险业务监管指引》第十一条规定:商业银行代理保险业务的,每个营业网点在代理保险业务前取得中国保监会颁发的经营保险代理业务许可证即可,无需获得商业银行一级分支机构(含省、自治区、直辖市和计划单列市分行)的授权
【判断题】
根据《商业银行代理保险业务监管指引》第十三条规定:保险公司和商业银行的一级分支机构(含省、自治区、直辖市和计划单列市分公司、分行等)可根据自身发展需要自行签订代理协议
【判断题】
根据《商业银行代理保险业务监管指引》第二十六条规定:除银保专管员外,商业银行不得允许保险公司人员派驻银行网点
【判断题】
根据《商业银行代理保险业务监管指引》第二十八条规定:商业银行和保险公司应当加强战略性合作,在依法合规、风险可控的前提下,可合作开展电话销售、网上销售等创新销售模式
【判断题】
根据《健康保险管理办法》第三条规定:保险期间不超过一年但含有保证续保条款的健康保险,应划分为长期健康保险
【判断题】
根据《健康保险管理办法》第三条规定:保证续保条款是指,在前一保险期间届满后,投保人提出续保申请,保险公司必须继续承保的合同约定,但保险公司可以对约定费率和原条款进行修改
【判断题】
根据《健康保险管理办法》第十四条规定:长期健康保险中的疾病保险产品,可以包含死亡保险责任,但死亡给付金额不得高于疾病最高给付金额
【判断题】
根据《健康保险管理办法》第十四条规定:医疗保险产品和疾病保险产品不得包含生存给付责任
【判断题】
根据《健康保险管理办法》第二十条规定:含有保证续保条款的健康保险产品可以约定在续保时保险公司有调整保险责任和责任免除范围的权利
【判断题】
根据《健康保险管理办法》第二十二条规定:保险公司设计费用补偿型医疗产品,不得区分被保险人是否拥有公费医疗、社会医疗保险的不同情况,在保险条款、费率以及赔付金额等方面予以区别对待
【判断题】
根据《健康保险管理办法》第三十一条规定:保险公司以附加险形式销售无保证续保条款的健康保险产品的, 健康保险的保险期限不得小于主险保险期限
【判断题】
根据《健康保险管理办法》第三十二条规定:保险公司销售定额给付型个人医疗保险产品,应当在犹豫期内对投保人进行回访
【判断题】
根据《健康保险管理办法》第三十三条规定:保险公司承保团体健康保险,应当以通知书等形式书面告知每个被保险人其参保情况及相关权益
【判断题】
根据《人身保险新型产品信息披露管理办法》第七条规定:利益演示应当坚持审慎的原则,用于利益演示的分红保险、投资连结保险的假设投资回报率或者万能保险的假设结算利率不得超过中国保监会规定的最高限额
【判断题】
根据《人身保险新型产品信息披露管理办法》第七条规定:保险公司及其代理人进行新型产品的信息披露,可以使用比率性指标与其他保险产品以及银行储蓄、基金、国债等进行简单对比
【判断题】
根据《人身保险新型产品信息披露管理办法》第十条规定判断:通过电话、信函、会见等所有方式均不能成功回访的,保险公司可以放弃回访,不需记录
【判断题】
根据《人身保险新型产品信息披露管理办法》第十四条规定判断:除总公司以外,保险公司的其他各级分支机构均不得设计、印刷和修改新型产品的信息披露材料
【判断题】
根据《人身保险新型产品信息披露管理办法》第十六条规定:保险公司及其代理人不得使用与新型产品的保险条款、产品说明书不一致的信息披露材料
【判断题】
根据《人身保险新型产品信息披露管理办法》第三十条规定判断:分红保险的产品说明书应当包含“利益演示”的内容,并要求:利益演示应当用醒目字体标明该利益演示是基于公司的精算及其他假设,不代表公司的历史经营业绩,也不代表对公司未来经营业绩的预期,保单的红利分配是确定的
【判断题】
根据《人身保险新型产品信息披露管理办法》第三十一条规定:保险公司可以使用分红率、投资回报率等比率性指标描述分红保险的红利分配情况
