【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
【单选题】
1.三相刀开关的图形符号与交流接触器的主触点符号是___。
A. 一样的
B. 可以互换
C. 有区别的
D. 没有区别
【单选题】
5.熔断器的作用是___。
A. 短路保护
B. 过载保护
C. 失压保护
D. 零压保护
【单选题】
6.热继电器的作用是___。
A. 短路保护
B. 过载保护
C. 失压保护
D. 零压保护
【单选题】
7.交流接触器的作用是可以___接通和断开负载。
【单选题】
8.三相异步电动机的启停控制线路由电源开关、熔断器、___、热继电器、按钮等组成。
A. 时间继电器
B. 速度继电器
C. 交流接触器
D. 漏电保护器
推荐试题
【单选题】
车辆系统整体使用寿命一般不超过30年或()万车公里___
A. 480
B. 470
C. 460
D. 450
【单选题】
在轨行区等重点区域施工的,运营单位应安排()旁站监督。___
【单选题】
运营单位应建立备品备件及周转件管理制度,明确备品备件采购、存放、验收、领用和维护保养等要求,并结合设施设备故障统计分析情况,合理配备备品备件,避免___
A. 因存放过久导致功能失效
B. 因存放过久导致丢失
C. 因存放过久导致遗忘
D. 因存放过久导致损坏
【单选题】
运营单位应将维修返回的周转件与备品备件()管理___
【单选题】
新购置列车均应开展(),测试应先在试车线进行,并做好安全防护措施___
A. 动态功能测试
B. 静态功能测试
C. 运行测试
D. 工作测试
【单选题】
新购置列车均应开展动态功能测试,测试应先在(),并做好安全防护措施___
A. 试车线进行
B. 阵线进行
C. 室内进行
D. 室外进行
【单选题】
新购置列车均应开展动态功能测试,测试应先在试车线进行,并做好___
A. 安全防护措施
B. 施工措施
C. 保护措施
D. 应急措施
【单选题】
测试合格后,应开展不少于()列公里的不载客运行后,方可投入运营。正线测试应在非运营时段施行___
A. 2000
B. 3000
C. 4000
D. 5000
【单选题】
测试期间发现可能危及行车安全的故障或突发事件时,应(),待故障或突发事件处理完毕后方可继续进行___
A. 立即停止
B. 不得停止
C. 立即汇报
D. 立即逃跑
【单选题】
信号系统整体更新应在非运营时段进行,运营单位应实施(),确保既有信号系统在过渡期间正常运行,并对设备的安装工艺和标准进行卡控。___
A. 全过程监控管理
B. 全过程遥控管理
C. 全过程现场管理
D. 全过程跟岗管理
【单选题】
信号系统整体更新应在非运营时段进行,运营单位应实施全过程监控管理,确保既有信号系统在过渡期间正常运行,并对设备的()进行卡控。___
A. 安装工艺和标准
B. 安装地点和标准
C. 安装工艺和要求
D. 安装人员和方法
【单选题】
新旧信号系统兼容运行的,在对两列列车进行升级并上线试用不少于()个月后,方可开展对其他列车分批次更新升级。___
【单选题】
新旧信号系统倒切前,应在非运营时段开展不少于()次的实战演练,新信号系统经过累计不少于144小时的不载客运行后方可投入运营___
【单选题】
新旧信号系统倒切前,应在非运营时段开展不少于3次的实战演练,新信号系统经过累计不少于()小时的不载客运行后方可投入运营___
A. 144
B. 145
C. 146
D. 147
【单选题】
软件升级前,运营单位应要求供应商在实验室进行充分试验,并进行()。升级时应组织供应商共同做好安全防护___
A. 技术交底
B. 方案汇报
C. 记录
D. 观察
【单选题】
城市轨道交通项目改建、扩建时,运营单位应对改扩建设计方案、技术方案、施工方案、()保障方案等文件进行事前审核后,办理施工手续。实施过程中应采取安全和检查措施保障运营安全。___
【单选题】
运营单位具体负责并组织开展设施设备运行维护工作,确保设施设备性能良好、状态稳定。___
A. 运行维护
B. 保护校验
C. 高压试验
D. 排查记录
【单选题】
托外单位开展设施设备运行维护服务工作(以下简称委外服务)的,运营单位应与服务商签订(),明确服务项目、监测及维护周期、需求响应时间、质量要求、安全作业要求和违约责任等。___
【单选题】
托外单位开展设施设备运行维护服务工作(以下简称委外服务)的,运营单位应与服务商签订书面协议,明确()、监测及维护周期、需求响应时间、质量要求、安全作业要求和违约责任等。___
【单选题】
委外服务不免除或减轻运营单位应承担的主体责任,委外服务商依据委外服务合同承担相应责任___
【单选题】
运营单位应建立委外服务评价体系,对服务商响应及时性、故障处理速度、维护计划完成率、监测和维护质量等进行综合评价,加强()管理___
【单选题】
营单位应按月统计设施设备(),定期开展设施设备故障发生次数、平均无故障运行时间、故障发生率等重点指标分析,对设施设备运行状况和服役能力进行持续评估,为设施设备维护及更新改造提供支持___
【单选题】
运营单位应组织编制各类设备的操作手册,操作手册的发布、修订及废止应经充分()后方可实施。___
【单选题】
操作手册应至少包括启用前的状态检查、启停程序、操作流程、异常情况处置程序、()规定等内容___
【单选题】
运营单位应根据运营实际,合理制定___
A. 设备运行计划
B. 设备检修计划
C. 设备试验计划
【单选题】
运营单位应密切监控设施设备运行状态,对于设备异常情况报警,应进行分级分类,及时检查确认并处理___
【单选题】
无法继续维持运营或继续运营将危及行车安全的,应停运抢修并尽快恢复()。可继续维持运营的,应视情采取区间限速、添乘检查、安全防护等措施,尽快完成故障修复___
【单选题】
其他不影响运营的故障,应明确故障修复方案,在具备条件后及时组织___
【单选题】
运营单位应定期对供电、通信、信号、综合监控、站台门等存在接口关系的设备系统时钟进行监测和校准,确保各系统与()同步___
【单选题】
对区间消防电话、应急照明、区间联络通道、区间疏散平台、车站、区间人防门(防淹门)和区间防排烟系统和风阀等设施设备,至少()进行一次检查和功能测试___
【单选题】
对信号系统降级功能、接触网(轨)单边供电和大双边供电功能,至少()进行一次测试___
【单选题】
设有备用控制中心的,应定期检查相关设施设备的完好性,至少()进行一次倒切测试___
【单选题】
对列车门紧急解锁装置、站台紧急停车按钮、站台门应急解锁装置以及电扶梯紧急停梯按钮等()设备,运营单位应通过粘贴警示标签、视频监控、安排巡查等方式加强防护___
【单选题】
对列车门紧急解锁装置、站台紧急停车按钮、站台门应急解锁装置以及电扶梯紧急停梯按钮等紧急操作设备,运营单位应通过粘贴()、视频监控、安排巡查等方式加强防护___
【单选题】
更新改造范围主要包括___
A. 对原有设备进行的综合性技术改造和采取的技术措施
B. 设备老旧
C. 设备运行时间过长
【单选题】
更新改造范围主要包括___
A. 为提高自动化、智能化水平和采用新技术、新材料、新产品而进行的技术改造
B. 设备老旧
C. 设备运行时间过长
【单选题】
桥梁。混凝土桥梁巡查频率不应低于1次/()月___
【单选题】
钢桥、钢混组合桥梁、钢混混合桥梁巡查频率不应低于1次/()月___
【单选题】
桥梁墩台基础沉降与梁体竖向变形等在交付运营后第二、三年监测频率不应低于1次/年,第三年之后频率不应低于1次/()年___
【单选题】
隧道。巡查频率不应低于1次/()月___
