【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
推荐试题
【单选题】
我国社会主义初级阶段实行以公有制为主体、多种所有制经济共同发展的基本经济制度,促进了生产力的发展,说明实行这种制度遵循了___
A. 生产力决定生产关系的原理
B. 经济基础决定上层建筑的原理
C. 生产力具有自我增值能力的原理
D. 社会经济制度决定生产力状况的原理
【单选题】
“支配物理世界之运动的必然性,也支配着精神世界的运动,因而在这个世界中,一切都服从于注定的命运。”这种观点___
A. 是对必然性的科学揭示
B. 正确地揭示了必然性的作用
C. 会导致“宿命论”
D. 会导致“唯意志论”
【单选题】
交往是人类特有的存在方式和活动方式。它指的是___
A. 人与自然界之间的物质变换活动
B. 历史主体与历史客体的相互作用形式
C. 社会与自然之间的相互依赖形式
D. 人与人之间的经济、政治、思想文化交往的总和
【单选题】
“社会形态的发展是一种自然历史过程”,这句话说的是___
A. 社会发展规律与自然界的发展规律完全相同
B. 社会的发展不受人思想和动机的影响
C. 社会发展是纯粹自发的过程
D. 社会发展具有不以人的一直为转移的客观规律性
【单选题】
“如果资本主义的灭亡是由科学保证了的,为什么还要费那么大的力气去为它安排葬礼呢?”这种观点的错误在于___
A. 抹煞社会规律实现的特点
B. 否认革命在社会质变中的作用
C. 否认历史观上的决定论
D. 否认科学是推动历史前进的革命力量
【单选题】
划分历史唯物主义和历史唯心主义的根本标准是___
A. 是否承认社会存在决定社会意识
B. 是否承认社会意识具有相对独立性
C. 是否承认社会发展具有规律性
D. 是否承认阶级和阶级斗争
【单选题】
“社会是一个自然历史过程”,指的是___
A. 社会同自然界一样是自发的发展过程
B. 社会规律与自然规律是没有区别的
C. 社会同自然界一样是合乎规律的辩证发展过程
D. 社会同自然界一样是不受意识影响的
【单选题】
经济基础决定上层建筑,就是说___
A. 一切社会的上层建筑都要在它的经济基础建立之后才能产生
B. 一切社会的上层建筑都根源于经济基础
C. 一切社会的上层建筑的变化,都同经济基础变化是同步的
D. 社会中一切经济基础成分都决定该社会的上层建筑性质
【单选题】
社会意识相对独立性的最突出表现是___
A. 社会意识的历史继承性
B. 各种社会意识之间的相互影响
C. 社会意识对社会存在的反作用
D. 社会意识对社会存在变化上的滞后性
【单选题】
社会规律和自然界的规律的区别表现为___
A. 社会规律是主观的,自然界的规律是客观的
B. 社会规律是有阶级性的,自然界的规律是没有阶级性的
C. 社会规律是通过人们有意识的活动实现的,自然界的规律是盲目的、不自觉的力量相互作用的结果
D. 社会规律是不可捉摸的,自然界的规律是可以被认识的
【单选题】
20世纪50年代,北大荒人烟稀少、一片荒凉。由于人口剧增,生产力水平低下,吃饭问题成为中国面临的首要问题,于是人们不得不靠扩大耕地面积增加粮食产量,经过半个世纪的开垦,北大荒成了全国闻名的"北大仓"。然而由于过度开垦已经造成了许多生态问题。现在,黑龙江垦区全面停止开荒,退耕还"荒"。这说明___
A. 人与自然的和谐最终以恢复原始生态为归宿
B. 人们改造自然的一切行为都会遭到"自然界的报复"
C. 人在自然界面前总是处于被支配的地位
D. 人们应合理地调节人与自然之间的物质变换
【单选题】
历史唯物主义和历史唯心的根本区别在于 ___
A. 是否承认社会存在决定社会意识
B. 是否承认社会意识具有相对独立性
C. 是事承认社会发展有规律性
D. 是否承认阶级和阶级斗争
【单选题】
“蒸汽、电力和自动纺织机甚至是比巴尔贝斯、拉斯拜尔和布朗诸位公民更危险万分的反革命家。”这一论断的含义是___
A. 科技革命是对统治阶级的极大威胁
B. 科技革命对变革社会制度具有直接的决定作用
C. 滥用科技革命的成果会对人类造成“危险”
D. 科技革命导致社会政治革命
