【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
A. SHA
B. IPSec
C.
D. ES
【单选题】
What is the actual los privilege level of User Exec mode?___
A. 1
B. 0
C. 5
D. 15
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
推荐试题
【判断题】
自助设备的保险柜钥匙和保险柜密码必须双人分管,相互制约,严禁同一人同时掌握钥匙和密码。保险柜密码应定期进行更换。
A. 对
B. 错
【判断题】
自助设备中的现金须按券别分钞箱管理,严禁将不同券别的现金混装一箱,所装钞币必须经过挑选整理,挑选七成新,无破损、无断裂、无透明纸粘贴、无褶皱及卷角等符合自助设备使用的人民币。
A. 对
B. 错
【判断题】
每台自助设备机器所加的钞箱额度必须在总行有关规定的限额区间内执行,但可以视实际情况临时扩大和缩小额度。
A. 对
B. 错
【判断题】
吞没卡领取须持卡人本人办理,当本人因特殊情况无法领取时,可以由代理人带上双人身份证代为领取。
A. 对
B. 错
【判断题】
对无人前来领取的吞没卡(包括本行卡和他行卡),自吞卡次日起三个工作日后,七个工作日内填制《银行卡吞没卡上缴清单》(附件1),并注明吞没原因及日期,连同卡片实物上缴总行吞没卡管理部门保管。
A. 对
B. 错
【判断题】
对于未查明的长款,应将长款在待查错账科目中挂账,在《自助设备管理登记簿》长短款栏中做好长款登记,并由经办人复核人签名盖章。
A. 对
B. 错
【判断题】
流水日志由管理网点自行保管2年,每年2月底前报上年日志清单壹份给总行相关管理部门备案,支行保管期满后可按相关规定申报集中销毁处理。
A. 对
B. 错
【判断题】
保险柜密码副本密封后,由网点指定专人保管。紧急情况下启用,须经支行分管行长批准,并做好登记。
A. 对
B. 错
【判断题】
目前我行取款机和存取款一体机能受理所有银联标识卡的取款业务,存取款一体机能受理本行卡(折)存款业务
A. 对
B. 错
【判断题】
目前我行取款机、存取款一体机和自助服务终端能受理所有银联标识卡的取款业务。
A. 对
B. 错
【判断题】
自助设备清机一个星期最少清钞两次,两次清钞间隔时间不能超过四天。
A. 对
B. 错
【判断题】
若出现长短款当日是节假日则可以先报告上级并延期至工作日再处理长短款。
A. 对
B. 错
【判断题】
无需打开钞箱的情况下无需双人进入自助设备机房
A. 对
B. 错
【判断题】
确定长短款及金额后,除在《自助设备管理登记簿》中做好差错登记外,还要在当日按照我行长短款相关处理规定在27700101科目挂账,待查明原因再作处理,严禁长款寄库、短款空库、以长补短。
A. 对
B. 错
【判断题】
自助设备管理网点(包括离行式自助网点)须每日对自助设备进行吞没卡的巡查,包括国家法定休息日。
A. 对
B. 错
【判断题】
境外个人经常项目项下非经营性结汇单笔等值5万美元以上的,应将结汇所得人民币资金直接划转至交易对方的境内人民币账户。
A. 对
B. 错
【判断题】
对个人结汇和境内个人购汇实行年度总额管理,为每人每年等值5万美元。
A. 对
B. 错
【判断题】
我行目前只开展结售汇业务,结售汇牌价一日一价。
A. 对
B. 错
【判断题】
当日累计最高可以直接提取等值1万美元(含1万美元)的外币现钞。
A. 对
B. 错
【判断题】
个人年度总额内购汇、结汇、可以委托其直系亲属代为办理;超过年度总额的购汇、结汇以及境外个人购汇,必须本人凭相关证明材料办理。
A. 对
B. 错
【判断题】
境内个人是指持有中华人民共和国居民身份证、军人身份证件、武装警察身份证件、港澳居民来往内地通行证的中国公民。
A. 对
B. 错
【判断题】
我行目前不仅开展结售汇业务,同时开展外汇买卖业务。
A. 对
B. 错
【判断题】
个体工商户自行办理贸易外汇收支和结售汇的,可通过个人结算账户办理,不受个人结售汇年度总额限制。
A. 对
B. 错
【判断题】
金融机构办理服务贸易跨境人民币收支业务,应当将审查后的交易单证作为业务档案留存5年备查。
A. 对
B. 错
【判断题】
我行不得为企业办理90天以上(含)的延期付款业务,不得为企业办理收支日期间隔超过90天(含)的转口贸易外汇收支业务。
A. 对
B. 错
【判断题】
企业贸易外汇收入应当先进入我行直接以该企业名义开立的出口收入待核查账户 。
A. 对
B. 错
【判断题】
出口收汇进入待核查账户后,需要结汇或者划出的,企业需向我行提交加盖公章的结汇或划出申请资料。
A. 对
B. 错
【判断题】
对于退汇日期与原付款日期间隔在180天(不含)以上或由于特殊情况无法按照本条规定办理退汇的,企业应当先到外汇局办理贸易外汇业务登记手续。
A. 对
B. 错
【判断题】
出口收入待核查账户的收入范围限于企业贸易外汇收入(不含转口贸易收入,不含出口贸易融资项下境内金融机构放款及境外回款)。
A. 对
B. 错
【判断题】
我行为企业办理贸易付汇的退汇结汇或划转时,境外付款人应当为原收款人、境内收款人应当为原付款人。对于因错误汇出产生的退汇,应当审核原支出申报凭证;对于其他原因产生的退汇,应当审核原支出申报单证、原进口合同。
A. 对
B. 错
【判断题】
在办理服务贸易售付汇业务审核时,应当审核相关证明材料原件(明确指明复印件的除外),并在原件上注明售付汇日期、金额,加盖业务公章,留存复印件二年备查。
A. 对
B. 错
【判断题】
办理单笔等值5万美元(含)以下的服务贸易售付汇业务,金融机构原则上可不审核交易单证,但对于资金性质不明确的售付汇业务,金融机构应要求境内机构和境内个人提交交易单证进行合理审查。
A. 对
B. 错
【判断题】
代理进口业务应当由代理方付汇,委托方可凭委托代理协议将外汇划转给代理方,也可由代理方办理购汇。
A. 对
B. 错
【判断题】
外汇法规中没有列明的售付汇项目,需经外汇管理局审核真实性后,我行经办人员方可办理售付汇。
A. 对
B. 错
【判断题】
属非贸易项下的收汇入账时应审核相关材料后入经常项目账户,结汇时需填写《经常项目账户结汇申请书》,无需进行名录核查。
A. 对
B. 错
【判断题】
服务贸易项下退汇:按照原汇入或汇出资金交易性质规定的交易单证和整个退汇过程的相关说明或证明材料,退汇金额不得超过原汇入或汇出金额,且原路汇回.
A. 对
B. 错
【判断题】
经营机构应按照规定为开户人办理账户的开立、使用、变更及撤销手续,监督开户人按外汇局核定的收支范围、使用期限、账户限额等使用账户。
A. 对
B. 错
【判断题】
境内直接投资前期费用基本信息登记时,前期费用登记金额每一投资项目原则上不得超过等值30万美元,如遇特殊情况或确实有实际需要超过30万美元的,外国投资者需至后续设立的外商投资企业注册地外汇局申请(外汇局按个案业务集体审议制度处理)办理。
A. 对
B. 错
【判断题】
对于已经在外汇局资本项目信息系统中登记备案的信息,经营机构如需调整或修正,应及时与当地外汇局联系并按照相关数据申报要求重新报送。
A. 对
B. 错
【判断题】
经营机构应通过审核外汇局资本项目信息系统中的登记信息和额度控制等信息,在审核业务登记凭证和相关业务真实性证明材料后,方可为市场主体办理直接投资项下账户开立和资金汇兑等后续业务,包括利润、红利汇出或汇回业务。
A. 对
B. 错