【单选题】
What is a valid implicit permit rule for traffic that is traversing the ASa firewall?___
A. ARPs in both directions are permitted in transparent mode only
B. Unicast IPv4 traffic from a higher security interface to a lower security interface is permittee in routed mode only.
C. Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent mode only.
D. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in transparent mode.
E. Only BPDUs from a higher security interface to a lower secur ity interface are permitted in routed mode
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
Refer to the exhibit which are repre sents the data center?___
A. A
B. B
C. C
D. D
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
推荐试题
【单选题】
当组件入口压力传感器探测到组件入口压力太小___
A. A.旁通活门增大开度以减小组件的压差
B. B.充压进气门增大开度
C. C.AB都不对
D. D.AB都对
【单选题】
关于座舱增压,以下哪个描述是正确的___
A. A.座舱高度正常保持在ATA8000英尺
B. B.到达9550英尺的时候,触发主警告,到达11300英尺,触发旅客信号
C. C.到达15000英尺,外流活门和安全活门关闭
D. D.以上都对
【单选题】
空调组件的防冰活门的作用是___
A. A.防止主热交换器结冰
B. B.防止次级热交换器结冰
C. C.防止补偿器结冰
D. D.以上都不对
【单选题】
空调组件的旁通活门的作用是___
A. A.减少到压缩机的流量
B. B.调节组件出口温度
C. C.增加到涡轮的空气流量
D. D.以上都不对
【单选题】
流量控制活门下面哪种情况不关闭___
A. A.组件控制器失效
B. B.发动机启动
C. C.火警电门作动
D. D.DITCHING电门接通
【单选题】
配平活门的作用是___
A. A.加入冷空气来调节区域温度
B. B.加入热空气来调节区域温度
C. C.调节热空气压力
D. D.调节热空气流量
【单选题】
区域控制器调节用的基本温度是___
A. A.最低的区域温度
B. B.用最高的区域温度
C. C.用三个仓的中间值
D. D.用三个仓的平均值
【单选题】
以下哪个传感器会送压缩机过热信号给组件控制器___
A. A.压缩机过热传感器
B. B.压缩机温度传感器
C. C.B都不是
D. D.B都是
【单选题】
当组件出口温度大于95摄氏度,就会触发组件过热警告,请问这个温度信号是由哪个传感器送出的___
A. A.压缩机过热传感器
B. B.组件出口温度传感器
C. C.水分离器出口温度传感器
D. D.压缩机温度传感器
【单选题】
当座舱高度大于9550英尺的时候,座舱压力控制器送信号到哪个控制器来触发旅客信号?___
A. A.FWC
B. B.CFDIU
C. C.CIDS
D. D.AIDS
【单选题】
对外流活门,以下说法不正确的是___
A. A.外流活门有三个马达
B. B.外流活门有两个电器盒
C. C.外流活门有一个反馈组件用于在自动和人工位反馈活门位置
D. D.外流活门可以自动控制及人工控制
【单选题】
关于空调系统的控制器___
A. A.两个空调组件控制器可以互换
B. B.区域控制器和货舱加温控制器可以互换
C. C.组件控制器和区域控制器可以互换
D. D.座舱压力控制器可以和组件控制器互换
【单选题】
关于外流活门的描述,以下哪个是正确的___
A. A.1号马达由1号控制器控制
B. B.2号马达由2号控制器控制
C. C.3号马达由座舱增压面板控制
D. D.以上都对
【单选题】
混合总管可以从哪里接近?___
A. A.前货舱前壁板
B. B.前货舱后壁板
C. C.后货舱前壁板
D. D.后货舱后壁板
【单选题】
ECAM哪几个页面可以看到空调系统的数据___
A. A.引气和空调页面
B. B.座舱压力页面
C. C.巡航页面
D. D.以上都可以
【单选题】
EIU和空调系统的控制器之间是如何进行数据交换的___
A. A.EIU送信号给组件控制器起飞推力的信号以关闭充压进气门
B. B.EIU送高压燃油活门信号给区域控制器以计算引气需求
C. C.区域控制器送信号给EIU,引气流量增加时增加发动机推力
D. D.以上都是
【单选题】
当厕所和厨房风扇失效时___
A. A.客舱温度调节失效
B. B.客舱管道温度固定在15摄氏度
C. C.驾驶仓温度调节正常
D. D.以上都对
【单选题】
当接通空调面板的RAMAIR电门时___
A. A.DITCHING电门在正常位时,充压进气门打开
B. B.当客舱压差小于1时,外流活门完全打开
C. C.以上都不是
D. D.A+B
【单选题】
以下说法不正确的是___
A. A.安全活门有两个,一个防止正压超压,一个防止负压超压
B. B.后货舱门打开是,货舱加温照常工作
C. C.客舱温度到达15000时,外流活门完全关闭
D. D.地面,电子舱构型只能是开路构型
【单选题】
组件控制器控制组件充压进气门关闭,需要那些信号___
A. A.LGCIU2
B. B.BSCU
C. C.EIU
D. D.以上都是
【单选题】
当DITCHING电门接通,以下哪个说法是错误的___
A. A.充压进气门会关闭
B. B.电子通风排气活门会关闭
C. C.无论是否在在自动位,外流活门都会关闭
D. D.在人工位,外流活门不会关闭
【单选题】
假如空调组件有故障,应该做哪个测试___
A. A.温度控制测试
B. B.座舱压力测试
C. C.货舱加温测试
D. D.组件控制器测试
【单选题】
如果飞机反映有组件过热信息___
A. A.首先应该察看MCDU确认是组件出口过热还是涡轮出口过热以及有无故障信息
B. B.首先应该察看故障历史确认出现故障的航段
C. C.首先应该察看故障历史确认出现故障的时间
D. D.首先应该做cpc测试
【单选题】
如果想在AIDS上看组件流量的实时数据,应该输入什么代码?___
A. A.PF
B. B.FP
C. C.PT
D. D.DP
【单选题】
如果有PACK1REGULFAULT警告信息和“p1cont”故障信息,应该首先考虑哪个LRU?___
A. A.组件控制器
B. B.区域控制器
C. C.FCV
D. D.配平活门
【单选题】
安全活门的功用?___
A. A.防止反压超压
B. B.代替外流活门
C. C.防止正,反压超压.
D.
【单选题】
飞机高度39000英尺,客舱高度最大为:___
A. A.8000英尺
B. B.12000英尺
C. C.800英尺.
D.
【单选题】
如从APU引气(APU引气活门打开),空调组件的流量自动选择在:___
A.   A  高位
B.   B  正常位
C.   C  低位
D. D以上都不正确
【单选题】
配平空气活门的控制是由:___
A.     A  区域控制器
B.     B  空调组件控制器
C.     C  热空气压力调节活门
D. D驾驶舱人工控制
【单选题】
客舱区域温度传感器探测哪里的空气温度___
A. A行李架附近的空气温度
B. B座椅附近的空气温度
C. C厨房和盥洗室风扇抽取的空气温度
D. D接近地板的空气温度
【单选题】
当冲压空气按钮设置在ON位时,放气活门将:___
A.     A  关闭
B.     B  每次都打开
C.     C  当压差小于1PSI时部分打开
D.     D  当压差大于1PSI时打开
【单选题】
当APU为空调组件供气时,如区域温度不能被满足,空调组件将送信号给下列哪个装置要求增加空气流量:___
A.     A空调组件流量控制活门
B. B发动机控制盒
C.     CAPU电子控制盒
D.     D空调组件冲压空气进气风门
【单选题】
在空中,使用压力控制器1时,如有故障:___
A.     A  你必须用人工控制
B.     B 你必须设定着陆场高
C.     C  你必须人工选择控制器2
D.     D自动转到控制器2
【单选题】
在地面,系统开始工作后外流活门在什么位置?___
A. 完全打开
B. 完全关闭
C. 由FMGEC调节
D. 半开位
【单选题】
外流活门显示在ECAM的什么面?___
A. 空调页
B. 增压页
C. 引气页
D. 门页
【单选题】
增压系统由两个CPC控制,___
A. 两个CPC互为备用
B. CPC轮流控制增压系统
C. 两个CPC计算机可以互换
D. 以上都对
【单选题】
在人工增压控制方式下,那个CPC给人工控制提供显示数据:___
A. CPC1
B. CPC2
C. 两者都提供
D. 人工模式备用控制器
【单选题】
安全活门是如何作动的?___
A. 电动
B. 气动
C. 液压作动
D. 燃油作动
【单选题】
当着陆场高选择在自动位时,从哪里获得着陆场高的数据:___
A. 大气数据和惯性导航计算机
B. FMGEC
C. 飞行控制计算机
D. 无线电高度计
【单选题】
何时开始客舱预增压?___
A. 发动机启动时
B. 舱门关好后
C. 需要人工控制
D. 发动机功率设置在起飞推力时