【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
推荐试题
【单选题】
我国将放射源按照放射源对人体健康和环境的潜在危害程度分为五类,其中,“不会对人造成永久性损伤”的放射源是:()___
A. I类
B. II类
C. III类
D. IV类
E. V类
【单选题】
下面关于检验检疫机关发现涉嫌恐怖活动物品后的做法正确的是()。___
A. 应当依法扣留,并立即将物品移送公安机关或者国家安全机关
B. 应当依法扣留,在五日内将物品送交国家安全机关
C. 可以将物品扣留
D. 应当依法扣留,在五日内将物品送交公安机关
【单选题】
根据刑事诉讼法的规定,()在审判刑事案件的过程中,可以依法认定恐怖活动组织和人员。___
A. 有管辖权的基层以上人民法院
B. 有管辖权的中级以上人民法院
C. 最高人民法院
D. 有管辖权的高级以上人民法院
【单选题】
为调查恐怖活动嫌疑,经有关机关批准,可以根据其危险程度,责令恐怖活动嫌疑人员遵守下列一项或者多项约束措施。其中不包括()。___
A. 两年内不得参加大型群众性活动或者从事特定的活动
B. 定期向公安机关报告活动情况
C. 不得与特定的人员会见或者通信
D. 未经公安机关批准不得离开所居住的市.县或者指定的处所
【单选题】
出入境证件签发机关.出入境边防检查机关对恐怖活动人员和恐怖活动嫌疑人员,有权作出的决定不包括()。___
A. 宣布其出境入境证件作废
B. 决定将其驱逐出境
C. 不予签发出境入境证件
D. 决定不准其出境入境
【单选题】
下列说法中不正确的是()。___
A. 公安机关对宣扬极端主义的行为应当及时制止,并依法追究其法律责任
B. 公安机关发现利用极端主义危害公共安全的,必要时可以加以制止
C. 公安机关发现极端主义活动的,应当将有关人员强行带离现场并登记身份信息
D. 公安机关发现极端主义活动的物品等,应当予以收缴
【单选题】
下列关于我国国(边)境安全管理的说法不正确的是()。___
A. 可以在重点国(边)境地段和口岸设置拦阻隔离网
B. 应当在重点国(边)境地段和口岸设置视频图像采集和防越境报警设施
C. 应当依照规定对抵离国(边)境前沿的人员进行检查
D. 应当严密组织国(边)境巡逻
【单选题】
跨省.自治区.直辖市发生的恐怖事件或者特别重大恐怖事件的应对处置,由()负责指挥。___
A. 国家反恐怖主义工作领导机构
B. 公安机关负责人
C. 国务院
D. 省级行政长官
【单选题】
对恐怖活动罪犯和极端主义罪犯被判处徒刑以上刑罚的,监狱.看守所应当在刑满释放前根据其犯罪性质.情节和社会危害程度,服刑期间的表现,释放后对所居住社区的影响等进行()。___
A. 社区矫正
B. 记录档案
C. 监视
D. 社会危险性评估
【单选题】
根据《反恐怖主义法》的规定,有关部门应当建立(),依靠.动员村民委员会.居民委员会.企业事业单位.社会组织,共同开展反恐怖主义工作。___
A. 相互联系机制
B. 联动配合机制
C. 领导机制
D. 通讯机制
【单选题】
有关部门接到对反恐怖主义工作领导机构.有关部门及其工作人员的检举.控告后,应当()。___
A. 处理后上报
B. 找检举人面谈核实
C. 及时处理并进行公告
D. 及时处理并回复检举.控告人
【单选题】
铁路.公路.水上.航空的货运和邮政.快递等物流运营单位应当实行安全查验制度,对禁止运输.寄递,存在重大安全隐患,或者客户拒绝安全查验的物品,()。___
A. 予以销毁
B. 予以封存
C. 不得运输.寄递
D. 准予运输
【单选题】
经与有关国家达成协议,国务院公安部门派员出境执行反恐怖主义任务,应报()批准。___
A. 国务院
B. 中央军事委员会
C. 国家反恐怖主义工作领导机构
D. 全国人民代表大会
【多选题】
口岸核生化有害因子监测工作的目的和意义是:___
A. 有效防止核生化有害因子入境
B. 发现.控制和消除口岸核生化恐怖事件
C. 及时掩埋所发现的放射性物质
D. 保障口岸安全
【多选题】
以下选项中,属于公安机关调查恐怖活动嫌疑,经县级以上公安机关负责人批准,可以根据其危险程度,责令恐怖活动嫌疑人员遵守下列一的约束措施的有()。___
A. 不得与特定的人员会见或者通信
B. 未经公安机关批准不得乘坐公共交通工具或者进入特定的场所
C. 未经公安机关批准不得离开所居住的市.县或者指定的处所
D. 不得参加大型群众性活动或者从事特定的活动
【多选题】
对依照《反恐怖主义法》规定,()等主管部门应当按照职责分工,加强空域.航空器和飞行活动管理,严密防范针对航空器或者利用飞行活动实施的恐怖活动。___
A. 民用航空
B. 检察院
C. 飞行管制
D. 公安
【多选题】
有关部门和中国人民解放军.中国人民武装警察部队.民兵组织,按照反恐怖主义工作领导机构和指挥长的统一领导.指挥,协同开展()等现场应对处置工作。___
A. 救护
B. 打击
C. 控制
D. 救援
【多选题】
对依照《反恐怖主义法》规定,()因履行反恐怖主义职责的紧急需要,根据国家有关规定,可以征用单位和个人的财产。___
A. 公安机关
B. 中国人民武装警察部队
C. 国家安全机关
D. 中国人民解放军
