【判断题】
DU标签分发方式下,如果采用Liberal保持方式,则设备都会保留所有LDP Peer发来的标签,无论该LDP Peer是否为到达目的网段的下一跳
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【判断题】
NFV和SDN是高度互补、相互依赖的关系,所以必须结合使用
【判断题】
在VRRP中,当设备状态变为Master后,会立刻发送免费ARP来刷新下游设备的MAC表项,从而把用户的流量引到此台设备上来
【判断题】
DDoS攻击是指攻击者通过控制大量的僵尸主机,向目标网络发送大量精心构造的攻击报文,从而使被攻击者产生拒绝向正常用户的请求提供服务的效果
【判断题】
使用NAT技术,只可以对数据报文中的网络层信息<IP地址>进行别转换
【判断题】
Round Robin调度方式是按每个队列定义的字节数轮询发送的,而且每个队列战胜的带宽比率等于本队列定义的字节数与所有队列字节数之和的比值
【判断题】
在USG系列防火墙的Trust区域视图下,配置add interface GigabiteEthernet0/0/1后,则不再属于Local区域
【判断题】
SDN和NFV本质上是一个概念,都是关于网络功能虚拟化的描述
【判断题】
eSight中的查看在线用户状态的功能,可以检查是否存在非法访问的用户,以提高网管的安全监控能力
【判断题】
在eSight的告警管理界面中,当一条告警底色为绿色时表示该告警已被确认
【判断题】
对于带有AF DSCP标记的数据,应该给它们一定数量的保证带宽,如果存在没有使用的带宽,它们不能占用这些额外的带宽
【判断题】
代理防火墙工作在TCP/IP协议栈的传输层,其实质是代理处理内部网络和外部网络用户之间的业务
【判断题】
拥塞管理的中心内容是通过制定调度策略,来决定数据包处理的先后顺序
【判断题】
Agile Controller作为一个网络资源自动化控制系统,可以提供统一的策略引擎,在整个组织内实施统一访问策略,实现基于用户身份、接入时间、接入地、终端类型、终端来源、接入方式<简称5W1H>的认证与授权
【判断题】
信息安全技术问题主要是技术问题,只有通过引入最新的技术.部署性能最高的设备,才能做好信息安全工作
【判断题】
在网络中采用QoS,提高某类业务的服务质量的同时,肯定会损害其它业务的服务质量
【判断题】
端到端时延等于路径上所有处理时延与队列时延之和
【判断题】
BFD只是一种通用的快速检测技术,自身可以实现快速倒换的功能,没有必要和其他快速倒换技术一起使用
【判断题】
带宽决定了数据传输的速率,而且传输的最大带宽是由传输路径上的最小链路带宽决定的
【判断题】
加权循环调度WRR (Weight Round Robin)在循环调度RR(Round Robin)的甚础上演变而来,在队列之间进行轮流调度,根据毎个队列的权重来调度各队列中的报文流
【判断题】
路由协议通过Hello报文就可以检测到故障,所以不需要BFD
【判断题】
VXLAN采用 Mac in TCP封装方式将二层报文用三层协议进行封装
【判断题】
MPLS标签中,如果出节点分配给倒数第二跳节点的标签值为0,则倒数第二跳LSR需要将值为0的标签正常压入报文标签值顶部,转发给最后一跳,最后一跳发现报文携带的标签值为0,则将标签弹出。0标签只有出现在栈底时才有效
【判断题】
IP报文在MPLS网络中经过的路径称为标签交换路径LSP( Label Switched Patch),这条路径是在转发报文之前就已经通过各种协议确定并建立的,报文会在特定的LSP上传递
【判断题】
QoS技术中的简单流分类是指采用简单的规则,比如IP报文中的DSCP值、MPLS报文中的EXP值、Vlan报文头中的802.1p值对报文进行简单的分类
【判断题】
BFD的单臂回声功能可用于非直连的2台设备
【判断题】
NFV和SDN是互补关系,但又不相互依赖
【判断题】
在SDN中, openflow协议是控制器和转发器之间的控制协议
【判断题】
状态监测防火墙使用会话表来追踪激活的TCP会话和UDP会话,并且由防火墙安全策略决定建立哪些会话,而且数据包只有与会话相关联时才会被转发
【判断题】
SDN中没有传统的IP网络中转发平面、控制平面和管理平面的概念
【判断题】
BFD只能与网络层和数据链路层的协议模块结合使用
【判断题】
eSight应用平台上B/S模式,支持多个浏览器同时接入
【判断题】
在802.1Q头部中包含3比特长的PRI字段,PRI字段定义了8种业务优级Cos,按照优先级从高到低顺序取值为0、1、2······、6和7
【判断题】
所谓拥塞,是指由于供给资源的相对不足而造成服务率下降<引入额外的延迟>的现象,拥塞避免的技术包括:RED和WRED
【判断题】
RouterA和 RouterB属于一个ⅤRRP组, RouterA优先级120, RouterB优先级100,VRID的虚拟IP地址和 RouterB的接口地址相同,当网络运行状态良好时,此VRRP组中, Master设备是
【判断题】
SDH传送网中的硬件检测机制,可以很快发现故障,且适用于所有介质
【判断题】
当网络间歇性出现拥塞,且时延敏感业务要求得到比非时延敏感业务更高质量的Qos服务时,需要进行拥塞管理,如果配置拥塞管理后仍然出现拥塞,则需要增加带宽
【判断题】
Integrated Service服务模型,在没有流量的时候会释放带宽资源,资源利用率高
推荐试题
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
