【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
【单选题】
1.三相刀开关的图形符号与交流接触器的主触点符号是___。
A. 一样的
B. 可以互换
C. 有区别的
D. 没有区别
推荐试题
【判断题】
严禁高温、带压拆卸和紧固合成塔大、小盖,应按照规程采取降温、卸压、置换、保正压(<0.002MPa)等措施确保作业安全
【判断题】
一般情况下硫化氢以气体形式存在,不会在低注地积聚
【判断题】
乙烯制冷压缩机在升速过程中,必须进行预冷,当压缩机壳体挂霜后方可升速,防止出现设备故障
【判断题】
手提式灭火器宜设置在灭火器箱内或挂钩、托架上
【判断题】
当发生少量硫化氢泄漏时,应选择灰色的MP4过滤罐
【判断题】
只要可燃物、助燃物和引燃源同时具备,就会发生燃烧现象
【判断题】
对于实行安全生产许可的生产经营单位,未进行应急预案备案登记的,在申请安全生产许可证时,可以不提供相应的应急预案备案登记表,仅提供应急预案
【判断题】
在触电急救中,采用心脏复苏法救治包括、人工呼吸法和胸外挤压法
【判断题】
当火炬停止通入保护蒸汽时,会造成火炬气燃烧不充分,污染环境对火炬设备无危害
【判断题】
机械密封的辅助密封圈部分,只有静环密封圈;
【判断题】
氧气瓶、乙炔瓶工作间距不小于5m,两瓶同明火作业距离不小于10m
【判断题】
大气中的氮氧化物、碳氧化合物和氧化剂之间发生一系列化学反应,产生蓝色烟雾称为光化学烟雾
【判断题】
碳钢和不锈钢应控制水溶液中氯离子的含量
【判断题】
突发事件发生地的其他单位应当服从人民政府发布的决定、命令配含人民政府采取的应急处置措施,做好本单位的应急救援工作,并积极组织人员参加本单位的应点救援和处置工作
【判断题】
室外有毒气体检测报警点应设在与有毒气体释放点2m以内
【判断题】
对于危险性较大的重点设备、重点岗位和重点场所,生产经营单位应当制定重点工作岗位的现场处置方案
【判断题】
在综合应急演练前.演练组织单位或策划人员可按照演练方案或脚本组织桌面演练或合成预演.熟悉演练实 施过程的各个环节
【判断题】
为澡证高压蒸汽的品质.锅炉给水的PH值最好维持在10~11之间
【判断题】
消防安全标志的酬分为火灾报警标志、手动控制装置标志、火灾时疏散途径标志、灭火设备标志、具 有火灾爆洋危险的地点和物品的标志等
【判断题】
转动设备的轴封装置其作用是防止介质从设备内部沿轴向外部泄漏
【判断题】
单位应当根据消防法规的有关规定.建立专职消防队、义务消防队.配备相应的消防装备、器材
【判断题】
冷箱系统压差过大温度分布异常有可能是因为冷箱系统发生茨堵
【判断题】
培训要素中应明确对本单位人员开展的应急培训计划、方式和要求。如果预案涉及到社区和居民、要做好 宣传教肓和告知等工作
【判断题】
例行巡检时如果发现裂解炉烧嘴泄漏燃料气并已引发明火.应该马上拨打火警电话报警
【判断题】
冷箱正常使用时安装于充填珠光砂的封闭箱体内.并且要在箱体内保持微正压的氮封.以防止湿空气的进 入。正确答案、
【判断题】
在灭火时采用冷却法.其原理就是将燃烧物质的温度降到它的燃点以下.使燃烧过程终止。 正确答案、
【判断题】
917;阀门在关闭期间常出现物料泄漏现象.原因是阀门未完全关死
【判断题】
裂解气碱洗塔塔顶水洗要保证足够量的清洗水.防止碱进入下游阻塞和腐蚀下'游设备。正确答案、
【判断题】
诚洗塔内清除出的聚合物硫化铁如果不能连续淋湿的话应送至安全地点妥善处理。 正确答案、
【判断题】
放射性白内障属于在职业病目录中属于职业性放射性疾病
【判断题】
过滤式防毒面具适用于有毒气体含量低于2%.氧含量18~22%之间的作业环境。正确答案、
