【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
AB
解析
暂无解析
相关试题
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
推荐试题
【判断题】
按照《银行业金融机构信息科技外包风险监管指引》规定,银行业金融机构应当根据自身信息科技战略明确不能外包的职能。涉及战略管理、风险管理、内部审计及其他有关信息科技核心竞争力的职能不得外包
A. 对
B. 错
【判断题】
按照《银行业金融机构信息科技外包风险监管指引》规定,银行业金融机构应当建立明确的服务目录、服务水平协议以及服务水平监控评价机制,并确保外包服务监控基础数据和评价结果的真实性和完整性,且数据至少需保存到服务结束后半年
A. 对
B. 错
【判断题】
按照《银行业金融机构信息科技外包风险监管指引》规定,对于无法满足外包服务要求或发生重大事件的情况,银行业金融机构应当在充分评估其影响及制定退出计划的前提下,考虑主动要求服务提供商终止服务,情节特别严重的,可考虑取消准入资质,并报监管机构申请对其核准。对于关联外包,银行业金融机构不得因为关联关系而影响服务提供商退出机制的落实
A. 对
B. 错
【判断题】
按照《银行业金融机构信息科技外包风险监管指引》规定,服务提供商在外包服务中存在违法违规、管理过失、服务质量低下并造成严重后果等问题,银监会定期向银行业发布服务提供商风险预警,公布机构名单、服务信息等,要求银行业金融机构禁止相关服务提供商承担银行业信息科技外包服务,禁止期至少为一年
A. 对
B. 错
【判断题】
2009年,XX银行发生一起科技外包人员窃取银行客户信息,伪造银行卡,在ATM机上盗取持卡人资金的案件。事情经过是:XX行与XX公司签订开发合同,开发银行ATM机监控软件,同时约定该软件由XX公司进行维护。2009年,维护人员上门维护ATM机监控系统,通过终端机将服务器有关客户数据库设置为共享状态,在终端机上操作数据库,插上U盘,拷取数据库中客户信息数据,拷出的数据库字段主要为“卡号、卡有效期、CVV等”。其中CVV为磁条安全验证码,是制卡的关键性安全认证标志。拷出的数据库记录经估算约十几万条。利用窃取的信息伪造银行卡,通过猜测银行卡密码,在ATM机上窃取持卡人资金,窃取人民币数十万元。依据《中国银监会关于印发银行业金融机构信息科技外包风险监管指引》,这起案件主要原因是外包合同未包含涉及数据信息安全保密的条款,也未单独签订安全保密协议
A. 对
B. 错
【判断题】
XX城商行研发中心,外包人员访问本行计算机资源的身份认证工作有漏洞,对离职外包人员未及时调整访问权限。外包人员可随意携带笔记本电脑、3G网卡、移动存储介质等设备进出机房,甚至清洁工自行保管2张可24小时进入机房各区域的门禁卡,且长期有效。根据《中国银监会关于印发银行业金融机构信息科技外包风险监管指引》,该城商行在外包服务安全管理方面需要改进
A. 对
B. 错
【判断题】
<FONT face=Verdana>XX银行核心系统长期以来一直依靠外包服务商进行开发。现正在使用的系统设计时最大日均处理能力为80万笔,但随着业务的发展,现日均处理能力要求达到210万笔,导致该行系统处理能力与系统负载之间缺口极大。而外包服务商已不再对该核心系统提供升级服务,并且该行自2009年起,没有购买维保服务。2010年,终于由于数据库引发逻辑故障,导致业务中断。而由于该行的技术人员不掌握该系统的核心技术,加之对外包服务商缺乏有效的管理,导致系统维修不及时,致使业务中断时间长达4小时20分钟,在全国引发了极大的声誉风险。根据《中国银监会关于印发银行业金融机构信息科技外包风险监管指引》,银行业金融机构应当对外包服务过程进行持续监控,要求服务提供商建立阶段性服务目标及任务,并跟踪任务的执行情况,及时发现和纠正服务过程中存在的各类异常情况。</FONT>
A. 对
B. 错
【判断题】
按照《商业银行风险监管核心指标(试行)》规定,单一集团客户授信集中度为最大一家集团客户授信总额与资本净额之比,不应高于15%;单一客户贷款集中度为最大一家客户贷款总额与资本净额之比,不应高于10%
A. 对
B. 错
【判断题】
按照《商业银行流动性风险管理办法(试行)》规定,农村合作银行、村镇银行、农村信用社、外国银行分行以及资产规模小于C亿元人民币的商业银行不适用流动性覆盖率监管要求
A. 对
B. 错
【判断题】
《商业银行流动性风险管理办法(试行)》规定,流动性风险是指商业银行无法以合理成本及时获得充足资金,用于偿付到期债务、履行其他支付义务和满足正常业务开展的其他资金需求的风险
A. 对
B. 错
【判断题】
《商业银行流动性风险管理办法(试行)》规定,商业银行监事会(监事)应当对董事会和高级管理层在流动性风险管理中的履职情况进行监督评价,至少每半年向股东大会(股东)报告一次
A. 对
B. 错
【判断题】
《商业银行流动性风险管理办法(试行)》规定,流动性风险管理策略、政策和程序应当涵盖表内外各项业务以及境内外所有可能对其流动性风险产生重大影响的业务部门、分支机构和附属机构,并包括正常和压力情景下的流动性风险管理
A. 对
B. 错
【判断题】
《商业银行流动性风险管理办法(试行)》规定, 商业银行应当加强日间流动性风险管理,确保具有充足的日间流动性头寸和相关融资安排,及时满足正常和压力情景下的日间支付需求
A. 对
B. 错
【判断题】
《商业银行流动性风险管理办法(试行)》规定,商业银行应当根据其流动性风险偏好,考虑压力情景的严重程度和持续时间、现金流缺口、优质流动性资产变现能力等因素,按照审慎原则确定优质流动性资产的规模和构成
A. 对
B. 错
【判断题】
为了落实《商业银行流动性风险管理办法(试行)》的相关要求,某商业银行建立了流动性风险管理委员会,由行长、副行长、风险总监等高级管理人员组成,负责审批流动性风险管理策略、偏好和程序,并承担流动性风险的最终责任
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于印发银行业金融机构案件问责工作管理暂行办法的通知》规定,案件是指银行业金融机构从业人员独立实施的,侵犯银行业金融机构或客户资金或其他财产权益的,涉嫌触犯刑法,已由公安、司法机关立案侦查或按规定应当移送公安、司法机关立案查处的刑事犯罪案件;由外部人员实施的案件不在通知规范范围之内
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于印发银行业金融机构案件问责工作管理暂行办法的通知》规定,案件责任人员范围应当根据相关岗位和业务条线的职责内容、管理权限、履职情况等因素予以认定
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于印发银行业金融机构案件问责工作管理暂行办法的通知》规定,案件问责方式可以合并使用,对于应当给予纪律处分的,可以以经济处理追加其他问责方式进行替代
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于印发银行业金融机构案件问责工作管理暂行办法的通知》规定,银行业金融机构离职人员对离职前的案件发生负有责任的,银行业金融机构应当做出责任认定,并报告监管机构,案件责任人仍在银行业金融机构任职的,应当将认定结果及拟处理意见移送离职人员现任职单位
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于印发银行业金融机构案件问责工作管理暂行办法的通知》规定,银行业金融机构对案件责任人员做出免责、从轻或减轻处理的责任认定,应当逐一提出处理意见和理由,并由案发层级机构向银行业监督管理机构报告
A. 对
B. 错
【判断题】
B银行为A银行在B省的省分行,C银行为B银行在C市的市分行。2014年2月C分行下属D储蓄所发生一笔金融案件,D储蓄所储户E某在账户上的人民币CD万元被他人非法转走。依据《银行业金融机构案件问责工作管理暂行办法》规定,金融机构追究相关责任时,只需要对D储蓄所和C分行相关人员进行责任认定
A. 对
B. 错
【判断题】
甲银行于2014年3月发生一笔案件,甲银行拟对相关责任人进行问责。依据《银行业金融机构案件问责工作管理暂行办法》规定,甲银行可以酌情以经济处理代替纪律处分
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于加强银行业基层营业机构管理的通知》规定,商业银行应强化大额资金交易控制,严格执行业务办理人(客户或代办人)身份信息及大额转账实时核实制度,严禁越权办理
A. 对
B. 错
【判断题】
按照《中国银监会办公厅关于加强银行业基层营业机构管理的通知》规定,商业银行应严格执行前台经办人员与后台授权人员岗位分离制度,加强柜员号和密码管理,除人手不够或当班柜员临时请假外,严禁交叉使用
A. 对
B. 错
【判断题】
A银行营业机构由于人员轮休导致人手不足,根据《中国银监会办公厅关于加强银行业基层营业机构管理的通知》的规定,该支行行长要求后台授权人员同时办理前台的工作,缓解柜面压力,满足客户需求
A. 对
B. 错
【判断题】
A银行信贷客户经理由于家庭经济压力较大,利用工作“八小时”外的时间在该银行授信客户大地公司从事财务工作。该情况经同事反映给该支行行长,该行长认为此员工是为了缓解家庭经济压力且是利用工作外的时间,因此根据《中国银监会办公厅关于加强银行业基层营业机构管理的通知》的规定,没有将该情况作为排查情况上报
A. 对
B. 错
