【单选题】
Within an 802. 1x-enabled network with the auth Fail feature configured, when does a switch port get placed into a restricted VLAN?___
A. When a conected client fails to authenticate after a certain number of attempts.
B. if a connected client does not support 802. 1x
C. when AAA new-model is ena bled
D. after a connected client exceeds a specified idle time
E. when 802. 1x is not globally enabled on the Cisco Catalyst switch
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
Which type of attack does a proxy firewall protect against ?___
A. cross-site scripting attack
B. worm traffic
C. port scanning
D. DDoS attacks
【单选题】
When an administrator initiates a device wipe command from the ISE, what is the immediate effect?___
A. It requests the administrator to choose between erasing all device data or only managed corporate data.
B. It requests the administrator to enter the device pin or password before proceeding with the operation
C. It notifies the device user and proceeds with the erase operation
D. It immediately erases all data on the device
【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
推荐试题
【单选题】
贷款受理和调查中的风险不包括()。___
A. 借款申请人的主体资格不符合银行相关规定
B. 借款申请人所提交的材料不真实、不合法
C. 借款申请人的担保措施不足额或无效
D. 审批人对借款人的资格审查不严
【单选题】
市场细分是银行营销战略的重要组成部分,其作用不包括()。___
A. 有利于选择目标市场和制定营销策略
B. 有利于发掘市场机会,开拓新市场
C. 有利于提高银行的经济效益
D. 有利于规避风险
【单选题】
下列选项中,不符合个人经营贷款借款人条件的是()。___
A. 具有稳定的收入来源和按时足额偿还贷款本息的能力
B. 能提供贷款人认可的合法、有效、可靠的贷款担保
C. 借款人在银行开立个人结算账户
D. 借款人的年龄在18~65岁之间
【单选题】
农村金融机构应当建立贷款档案管理制度,及时汇集更新客户信息及贷款情况,确保农户贷款档案资料的()。___
A. 完整性、有效性、连续性
B. 及时性、有效性、连续性
C. 及时性、完整性、连续性
D. 谨慎性、有效性、完整性
【单选题】
借款人变更还款方式,()条件是不需要满足的。___
A. 应向银行提交还款方式变更申请书
B. 借款人的贷款账户中没有拖欠本息及其他费用
C. 借款人在变更还款方式前已还清所有贷款利息
D. 借款人在变更还款方式前应归还当期的贷款本息
【单选题】
个人经营贷款信用风险的主要内容不包括()。___
A. 借款人所控制企业经营情况发生变化
B. 抵押物价值发生变化
C. 借款人还款能力发生变化
D. 贷款人贷款能力发生变化
【单选题】
贷款人应根据(),完善授权管理制度,规范审批操作流程,明确贷款审批权限,实行审贷分离和授权审批,确保贷款审批人按照授权独立审批贷款。___
A. 可靠性原则
B. 相关性原则
C. 准确性原则
D. 审慎性原则
【单选题】
贷款支付管理中的风险不包括()。___
A. 贷款资金发放前,未审核借款人相关交易资料和凭证
B. 业务不合规,业务风险和效益不匹配
C. 直接将贷款资金发放至借款人账户
D. 在未接到借款人支付申请和支付委托的情况下,直接将贷款资金支付给汽车经销商
【单选题】
()不属于个人征信系统的社会功能。___
A. 随着该系统的建设和完善,通过对个人重要经济活动的影响和规范,逐步形成诚实守信、遵纪守法、重合同讲信用的社会风气
B. 推动社会信用体系建设
C. 提高社会诚信水平,促进文明社会建设
D. 帮助商业银行等金融机构控制信用风险
【单选题】
()是全面记录个人信用活动、反映个人信用状况的文件,是征信机构把依法采集的信息,依法进行加工整理,最后依法向合法的信息查询人提供的个人信用历史记录。___
A. 个人信用征信
B. 个人征信系统
C. 个人信用报告
D. 个人征信报告
【单选题】
关于个人住房贷款信用风险防范的说法,正确的是()。___
A. 保持“重抵押物、轻还款能力”的审批思路
B. 可靠的证明材料包括至少过去3个月的工资单、工资卡或存折入账流水等
C. 借款人收入审核是指审核借款人的工资收入和租金收入两个方面
D. 由于自雇人士收入水平高.在审核此类个人住房贷款申请时,可放松其收入证明审核
【单选题】
在个人住房贷款中,合作机构的主要风险表现形式不包括()。___
A. 担保公司担保放大倍数过大
B. 评估机构房产评估价值失实
C. 开发商的“假个贷”
D. 住房公积金管理中心贷款期限调整
【单选题】
关于我国现有个人贷款业务的特征,下列说法不正确的是()。___
A. 个人贷款业务的办理较为便利
B. 客户可在网上银行、金融超市办理个人贷款业务
C. 可采取灵活多样的还款方式,但还款方式一经确定中途不可变更
D. 还款方式有等额本息还款法、等额本金还款法、等比累进还款法、等额累进还款法及组合还款法等多种方法
【单选题】
对于1年以上的个人贷款,下列说法正确的是()。___
A. 展期期限累计不得超过原贷款期限
B. 原贷款期限不得超过累计展期期限
C. 展期期限累计与原贷款期限相加.不得超过该贷款品种规定的最长贷款期限
D. 展期期限累计与原贷款期限相加.可以超过该贷款品种规定的最长贷款期限
【单选题】
每月的还款本金固定,而利息越来越少,贷款人起初还款压力比较大,但是随着时间的推移,每月还款数也越来越少,这种还款方式称为()。___
A. 等额本息
B. 等额本金
C. 等额递减
D. 等比递增
【单选题】
个人贷款产品有不同的还款方式供借款人选择,可以比较灵活地按照借款人的还款能力规划还款,且满足个性化需求程度最高的还款方式是().___
A. 组合还款法
B. 等额累进还款法
C. 等额本金还款法
D. 等额本息还款法
【单选题】
动产质押是指借款人或第三人将其动产移交()占用,将该动产作为贷款的担保,借款人不履行还款义务时,贷款银行有权依法以动产折价或者拍卖、变卖动产的价款优先受偿。___
A. 担保公司
B. 保险公司
C. 贷款银行
D. 中国人民银行
【单选题】
关于个人住房贷款,下列说法错误的是()。___
A. 公积金个人住房贷款不以营利为目的,实行“低进低出”的利率政策,带有较强的政策性,贷款额度不受限制
B. 个人住房贷款包括自营性个人住房贷款、公积金个人住房贷款和个人住房组合贷款
C. 个人住房组合贷款是指按时足额缴存住房公积金的职工在购买、建造或大修住房时,可以同时申请公积金个人住房贷款和自营性个人住房贷款
D. 个人住房贷款是指银行向自然人发放的用于购买、建造和大修理各类型住房的贷款
【单选题】
李先生是做体育器械生意的,自己的公司近两年的营业状况良好,并且刚和某健身房签订进货合同,但如果从厂家直接进货额要首付定金500万元,因为最近资金周转紧张一时间拿不出这么多钱。李先生家庭经济情况良好,拥有市值800万元左右,评估价为650万元的高档住宅,李先生本人为公司股东,且公司运营情况良好:李先生资金使用时间为3~6个月,且以后可能会有不定期资金需求。若李先生向银行申请1年期个人经营贷款,最适合李先生申请的贷款种类为()。___
A. 个人单笔贷款
B. 个人不可循环授信额度
C. 个人可循环授信额度
D. 个人信用贷款
