【单选题】
A specific URL has been identified as containing malware. What action can you take to block users from accidentally visiting the URl and becoming infected with malware ?___
A. Enable URL filtering on the perimeter router and add the URls you want to block to the router's local URL list
B. Enable URL filtering on the perimeter firewall and add the URls you want to allow to the router's local URL list.
C. Enable URL filtering on the perimeter router and add the URls you want to allow to the firewall's local URL list
D. Create a blacklist that contains the URl you want to block and activate the blacklist on the perimeter rout
E. Create a whitelist that contains the URLs you want to allow and activate the whitelist on the perimeter router.
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
How does PEAP protect the EAP exchange ?___
A. It encrypts the exchange using the server certificate
B. It encrypts the exchange using the client certificate
C. It validates the server-supplied certificate,and then encrypts the exchange using the client certificate
D. It validates the client-supplied certificate,and then encrypts the excha nge using the server certificate
【单选题】
Which feature of the Cisco Email Security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attacks?___
A. contextual analysis
B. holistic understanding of threats
C. graymail management and filtering
D. signature-based IPS
【单选题】
Refer to the exhibit【nat (inside,outside)dunamic interface】 Which translation technique does this configuration result in?___
A. DynamIc PAT
B. Dynamic NAT
C. Twice NAT
D. Static NAT
【单选题】
While trouble shooting site-to-site VPN, you issued the show crypto isakmp sa command. What does the given output show?___
A. IKE Phase 1 main mode was created on 10.1.1.5, but it failed to negotiate with 10.10 10.2
B. IKE Phase 1 main mode has successfully negotiated between 10.1.1.5 and 10.10..
C. IKE Phase 1 aggressive mode was created on 10.1.1.5, but it failed to negotiate with
【单选题】
Refer to the exhibit All ports on switch 1 have a primary vLan of 300 Which devices can host 1 reach?___
A. host 2
B. server
C. host 4
D. other devices within VLAN303
【单选题】
Which option is the cloud-based security service from Cisco the provides URL filtering, web browsing content security, and roaming user protection?___
A. Cloud Web service
B. Cloud Advanced Malware Protection
C. Cloud We b Security
D. Cloud Web Protection
【单选题】
How can you detect a false negative on an IPS?___
A. View the alert on the ips
B. Review the ips log
C. Review the is console
D. Use a third- party system to perform penetration testing.
E. Use a third- party to audit the next generation firewall rules
【单选题】
If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use?___
A. STP BPDU guard
B. Loop guard
C. EtherChannel guard
D. STP Root guard
【单选题】
what improvement does EAP-FASTv2 provide over EAP-FAST? ___
A. It allows multiple credentials to be passed in a single EAP exchange.
B. It supports more secure encryption protocols
C. It allows faster authentication by using fewer packets.
D. It addresses security vulnerabilities found in the original protocol
【单选题】
When users login to the Client less Ssl Vpn using https://209.165.201.2/test ,which group policy will be applied?___
A. test
B. clientless
C. sales
D. DfitGrp Policy
E. Default RAGroup
F. Default WEB VPN
G. roup
【单选题】
Which user authentication method is used when users login to the Clientless SSLVPN portal using https://209.165.201.2/test?___
A. AAA with LOCAL database
B. AAA with RADIUS server
C. Certificate
D. :Both Certificate and aaa with LoCAL database
E. Both Certificate and AAA with RADIUS server
【单选题】
What' s the technology that you can use to prevent non malicious program to runin the computer that is disconnected from the network?___
A. Firewall
B. Sofware Antivirus
C. Network IPS
D. Host IPS
【单选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【单选题】
Which product can be used to provide application layer protection for tcp port 25 traffic?___
A. ESA
B. CWS
C. WSA
D. ASA
【单选题】
which iPS mode is less secure than other options but allows optimal network through put ?___
A. inline mode
B. inline-bypass mode
C. transparent mode
D. Promiscuous mode
【单选题】
Which feature of the Cisco Email security Appliance can mitigate the impact of snowshoe spam and sophisticated phishing attack?___
A. reputation based filtering
B. signature based IPS
C. contextual analysis
D. graymail management and filtering
【单选题】
Which type of social-engineering attack uses normal tele phone service as the attack vector?___
A. smishing
B. dialing
C. phishing
D. vishing
【单选题】
Which quantifiable item should you consider when you organization adopts new technologies?___
A. exploits
B. vulnerability
C. threat
D. Risk
【单选题】
Referencing the ClA model, in which scenario is a hash- only function most appropriate ?___
A. securing data at rest
B. securing real-time traffic
C. securing data in files
D. securing wireless transmissions
【单选题】
Which ports must be open between a aaa server and a microsoft server to permit Active Directory authentications?___
A. 445 and 389
B. 888 and 3389
C. 636 and 4445
D. 363 and 983
【单选题】
Refer to the exhibit for which reason is the tunnel unable to pass traffic___
A. the tunnel is failing to receive traffic from the remote peer
B. the local peer is unable to encrypt the traffic
C. the ip address of the remote peer is incorrect
D. UDP port 500 is blocked
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
How can you protect CDP from reconnaissance attacks?___
A. Enable dynamic ARP inspection on all untrusted ports.
B. Enable dot1x on all ports that are connected to other switches.
C.
D. isable CDP on ports connected to endpoints.
【单选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which option is a key security compone nt of and MDM deployment ?___
A. using network-specific installer packages
B. using an application tunnel by default
C. using self-signed certificates to validate the server
D. using MS-CHAPv2 as the primary
E. AP method
【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
推荐试题
【单选题】
在“营改增”分地区、分行业再到全面试点的基础上,2017年,将增值税税率由四档减至17%、11%和6%三档,取消___这一档税率。
A. 16%
B. 13%
C. 10%
D. 3%
【单选题】
根据《财政部税务总局海关总署关于深化增值税改革有关政策的公告》(财政部税务总局海关总署公告2019年第39号)规定,增值税一般纳税人发生增值税应税销售行为或者进口货物,原适用16%税率的,税率调整为();原适用10%税率的,税率调整为___。
A. 13%,9%
B. 14%,9%
C. 12%,8%
D. 15%,7%
【单选题】
根据《财政部税务总局海关总署关于深化增值税改革有关政策的公告》(财政部税务总局海关总署公告2019年第39号)规定,纳税人购进农产品,原适用10%扣除率的,扣除率调整为___。纳税人购进用于生产或者委托加工13%税率货物的农产品,按照()的扣除率计算进项税额。
A. 9%,9%
B. 8%,9%
C. 9%,10%
D. 9%,11%
【单选题】
根据《财政部税务总局海关总署关于深化增值税改革有关政策的公告》(财政部税务总局海关总署公告2019年第39号)规定,纳税人当期允许退还的增量留抵税额,按照以下公式计算:___。
A. 允许退还的增量留抵税额=增量留抵税额×进项构成比例×60%
B. 允许退还的增量留抵税额=增量留抵税额×销项项构成比例×60%
C. 允许退还的增量留抵税额=增量留抵税额×进项构成比例×40%
D. 允许退还的增量留抵税额=增量留抵税额×进项构成比例×50%
【单选题】
根据《财政部税务总局海关总署关于深化增值税改革有关政策的公告》(财政部税务总局海关总署公告2019年第39号)规定,纳税人购进国内旅客运输服务,其进项税额允许从销项税额中抵扣。取得注明旅客身份信息的公路、水路等其他客票的,按照下列公式计算进项税额:___。
A. 公路、水路等其他旅客运输进项税额=票面金额÷(1+3%)×3%
B. 公路、水路等其他旅客运输进项税额=票面金额÷(1+5%)×5%
C. 公路、水路等其他旅客运输进项税额=票面金额÷(1+6%)×6%
D. 公路、水路等其他旅客运输进项税额=票面金额÷(1+3%)×2%
【单选题】
某单位(一般纳税人按月纳税)2019年4月购入一间商铺,并取得增值税专用发票,购入商铺的不动产进项税额___抵扣。
A. 在购进不动产的当期一次性
B. 应当分两年
C. 不允许
D. 以上都不对
【单选题】
某单位(一般纳税人按月纳税)2018年11月购入一层写字楼,取得增值税专用发票,购入写字楼的不动产进项税额在2018年12月申报抵扣了60%,剩下的40%最早可在2019年___申报抵扣。
A. 1月
B. 4月
C. 11月
D. 12月
【单选题】
2019年5月,某企业(一般纳税人按月纳税)对已使用过3年的不动产进行改建,改建中发生进项税20万元,改建工程当月完工并均取得增值税专用发票,则以下说法正确的是___。
A. 该企业此项业务不能抵扣进项税
B. 2019年5月起可抵扣进项税20万元
C. 2019年5月起可抵扣进项税12万元
D. 2020年5月起可抵扣进项税8万元
【单选题】
根据《财政部税务总局海关总署关于深化增值税改革有关政策的公告》(财政部税务总局海关总署公告2019年第39号)规定,生产、生活性服务业纳税人,是指提供邮政服务、电信服务、现代服务、生活服务取得的销售额占全部销售额的比重超过___的纳税人。如果该纳税人四项服务销售额的占比符合条件,则可以适用加计抵减进项税额的政策。
A. 25%
B. 50%
C. 75%
D. 90%
【单选题】
根据《财政部 税务总局关于实施小微企业普惠性税收减免政策的通知》(财税〔2019〕13号)规定, 对月销售额___元以下(含本数)的增值税小规模纳税人,免征增值税。
A. 10万
B. 11万
C. 12万
D. 15万
【单选题】
2019年1月17日,财政部、税务总局印发《关于实施小微企业普惠性税收减免政策的通知》(财税〔2019〕13号),规定自2019年1月1日至2021年12月31日,由省、自治区、直辖市人民政府根据本地区实际情况,以及宏观调控需要确定,对增值税小规模纳税人可以在一定的税额幅度内减征部分地方税费,该幅度为___。
A. 30%
B. 40%
C. 45%
D. 50%
【单选题】
2018年9月5日,财政部、税务总局印发《关于金融机构小微企业贷款利息收入免征增值税政策的通知》(财税〔2018〕91号),明确自2018年9月1日至2020年12月31日,将符合条件的小型企业、微型企业和个体工商户贷款利息收入免征增值税单户授信额度上限提高到___。
A. 200万元
B. 500万元
C. 800万元
D. 1000万元
【单选题】
2018年8月31日,第十三届全国人民代表大会常务委员会第五次会议通过了《全国人民代表大会常务委员会关于修改<中华人民共和国个人所得税法>的决定》,明确修改后的个人所得税法将于2019年1月1日起施行,___起先行施行新的减除费用标准(俗称“起征点”)和税率表。
A. 2018年8月31日
B. 2018年9月1日
C. 2018年10月1日
D. 2018年11月1日
【单选题】
根据2018年修改后的《中华人民共和国个人所得税法》,在中国境内无住所又不居住,或者无住所而一个纳税年度内在中国境内居住累计不满___的个人,为非居民个人。非居民个人从中国境内取得的所得,依照本法规定缴纳个人所得税。
A. 90天
B. 183天
C. 6个月
D. 1年
【单选题】
2011年个人所得税法修订后,工薪资金的税率表由5%—45%九级超额累进税率变更为现在的___。
A. 3%—45%七级超额累进税率
B. 5%—35%五级超额累进税率
C. 3%—45%九级超额累进税率
D. 5%—45%七级超额累进税率
【单选题】
根据2018年修改后的个人所得税法规定,个人将其所得对公益慈善事业进行捐赠的,捐赠额未超过纳税人申报的应纳税所得额的___,可以从其应纳税所得额中扣除。
A. 20%
B. 30%
C. 40%
D. 50%
【单选题】
根据《个人所得税法实施条例》规定,个人独资企业和合伙企业投资者的生产经营所得依法计征个人所得税时,个人独资企业和合伙企业投资者本人如果没有综合所得的,应当减除费用每年___。
A. 24000元
B. 40000元
C. 50000元
D. 60000元
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于子女教育的扣除规定,纳税人的子女接受全日制学历教育的相关支出,按照每个子女每月___元的标准定额扣除。其中,学历教育包括义务教育(小学、初中教育)、高中阶段教育(普通高中、中等职业、技工教育)、高等教育(大学专科、大学本科、硕士研究生、博士研究生教育)。
A. 800
B. 1000
C. 1200
D. 1500
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于子女教育的扣除规定,纳税人的子女接受___的相关支出,可以按照规定的标准定额扣除。
A. 课外辅导班
B. 全日制学历教育
C. 兴趣辅导班
D. 家庭教师辅导
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于继续教育的扣除规定,纳税人在中国境内接受学历(学位)继续教育的支出,在学历(学位)教育期间按照每月___元定额扣除。同一学历(学位)继续教育的扣除期限不能超过48个月。
A. 300
B. 400
C. 500
D. 800
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于继续教育的扣除规定,纳税人接受技能人员职业资格继续教育、专业技术人员职业资格继续教育的支出,在取得相关证书的当年,按照___元定额扣除。
A. 800
B. 3200
C. 3600
D. 4800
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于住房租金的扣除规定,直辖市、省会(首府)城市、计划单列市以及国务院确定的其他城市,扣除标准为每月___元;除前述所列城市以外,市辖区户籍人口超过100万的城市,扣除标准为每月( )元;市辖区户籍人口不超过100万的城市,扣除标准为每月( )元。
A. 1500元; 1100元; 800元
B. 1400元; 1200元; 900元
C. 1600元; 1000元; 800元
D. 1700元; 1400元; 1000元
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于住房贷款利息的扣除规定,纳税人享受住房贷款利息专项附加扣除,应当留存___。
A. 住房贷款合同、贷款还款支出凭证
B. 结婚证
C. 购房发票
D. 物业费收据
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于住房贷款利息的扣除规定,纳税人本人或者配偶单独或者共同使用商业银行或者住房公积金个人住房贷款为本人或者其配偶购买中国境内住房,发生的首套住房贷款利息支出,在实际发生贷款利息的年度,按照每月___元的标准定额扣除,扣除期限最长不超过240个月。纳税人只能享受一次首套住房贷款的利息扣除。
A. 800
B. 900
C. 1000
D. 1500
【单选题】
根据《国务院关于印发个人所得税专项附加扣除暂行办法的通知》(国发〔2018〕41号)关于大病医疗的扣除规定,在一个纳税年度内,纳税人发生的与基本医保相关的医药费用支出,扣除医保报销后个人负担(指医保目录范围内的自付部分)累计超过()元的部分,由纳税人在办理年度汇算清缴时,在___元限额内据实扣除。
A. 10000元;60000元
B. 12000元;65000元
C. 15000元;70000元
D. 15000元;80000元
【单选题】
居民个人取得综合所得,按年计算个人所得税;有扣缴义务人的,由扣缴义务人按月或者按次预扣预缴税款;需要办理汇算清缴的,应当在取得所得的次年___内办理汇算清缴。
A. 1月1日至6月30日
B. 3月1日至6月30日
C. 3月1日至5月31日
D. 4月1日至6月30日
【单选题】
根据《财政部 税务总局 科技部关于提高研究开发费用税前加计扣除比例的通知》(财税〔2018〕99号)规定,2018年1月1日至2020年12月31日期间,企业开展研发活动中实际发生的研发费用,未形成无形资产计入当期损益的,在按规定据实扣除的基础上,再按照实际发生额的___在税前加计扣除;形成无形资产的,在上述期间按照无形资产成本的( )在税前摊销。
A. 50%,100%
B. 75% ,150%
C. 75%,175%
D. 100% ,150%
【单选题】
根据《财政部 税务总局 科技部关于企业委托境外研究开发费用税前加计扣除有关政策问题的通知》(财税〔2018〕64号)规定,关于企业委托境外进行研究开发活动所发生的费用,以下说法错误的是___。
A. 企业委托境外个人进行研发活动所发生的费用可以加计扣除
B. 委托境外进行研发活动所发生的费用实际发生额应按照独立交易原则确定
C. 委托境外进行研发活动所发生的费用,按照费用实际发生额的80%计入委托方的委托境外研发费用
D. 委托境外研发费用不超过境内符合条件的研发费用三分之二的部分,可以按规定在企业所得税前加计扣除
【单选题】
根据《关于扩大固定资产加速折旧优惠政策适用范围的公告》(财政部 税务总局公告2019年第66号)规定,将适用固定资产加速折旧优惠的行业范围扩大至___。
A. 全部制造业领域
B. 信息传输、软件和信息技术服务业等行业
C. 轻工、纺织、机械、汽车四个领域重点行业
D. 生物药品制造业,专用设备制造业,铁路、船舶、航空航天和其他运输设备制造业,计算机、通信和其他电子设备制造业,仪器仪表制造业等
