【单选题】
Which Firepower Management Center feature detects and block exploits and hack attempts?___
A. Content blocker
B. file control
C. intrusion prevention
D. advanced malware protection
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
C
解析
暂无解析
相关试题
【单选题】
hich description of the nonsecret numbers that are used to start a Diffie- Hellman exchange is ture?___
A. They are preconfigured prime integers.
B. They are large pseudorandom numbers.
C. They are very small numbers chosen from a table of known valuses
D. They are numeric values extracted from ha shed system hostnames
【多选题】
Which two characteristics of an application layer firewall are true?___
A. provides stateful firewal functionality
B. has low processor usage
C. provides protection for multiple applications
D. provides rever se proxy services
E. is immune to URL manipulation
【多选题】
Which two devices are components of the BYOD architectural framework?___
A. Nexus 7010 switch
B. Cisco 3945 Router
C. Identify Services Engine
D. Wireless Access oints
E. Prime Infrastructure
【多选题】
Which two actions can a zone based firewall take when looking at traffic? ___
A. forward
B. inspect
C. drop
D. broadcast
E. filter
【多选题】
n which two situations should you use in-band management?___
A. when management applications need concurrent access to the device
B. when you require administrator access from multiple locations
C. when a network device fails to forward packets
D. when you require ROMMON access
E. when the control plane fails to respond
【多选题】
What are two ways to prevent eavesdropping when you perform device management tasks?___
A. Use an SSH connection.
B. Use SNMPv3
C. Use out-of-band management
D. Use SNMP
E. Use in-band management
【多选题】
Which two features are commonly used CoPP and CPPr to protect the control plane? ___
A. QoS
B. traffic classification
C. access lists
D. policy maps
E. class maps
F. Cisco Express Forwarding
【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
推荐试题
【多选题】
新旧信号系统倒切前,应在非运营时段开展不少于 次的实战演练,新信号系统经过累计不少于 小时的不载客运行后方可投入运营。 ___
A. 3
B. 5
C. 122
D. 144
【多选题】
对于 、 、 等涉及行车安全的关键设备,到达使用年限的应及时更新。未经充分技术评估论证,不能确保运行安全的,不得延期使用。___
A. 车辆
B. 供电
C. 信号
D. 端门
【多选题】
运营单位应建立委外服务评价体系,对服务商 、 、 、 等进行综合评价,加强委外服务管理。 ___
A. 响应及时性
B. 故障处理速度
C. 维护计划完成率
D. 监测和维护质量
【多选题】
对 、 、 、 等紧急操作设备,运营单位应通过粘贴警示标签、视频监控、安排巡查等方式加强防护。___
A. 列车门紧急解锁装置
B. 站台紧急停车按钮
C. 站台门应急解锁装置
D. 电扶梯紧急停梯按钮
【多选题】
按照业务板块,运营安全风险分为哪几类?___
A. (一)设施监测养护类风险; (二)设备运行维修类风险;
B. (三)行车组织类风险;
C. (四)客运组织类风险; (五)运行环境类风险。
【多选题】
运营单位如何建立本单位的安全风险数据库?___
A. 根据本单位所辖线路设施设备配置及运行环境、安全管理水平、相关经验借鉴等情况,
B. 对风险点及可能产生的风险进行动态辨识,
C. 并结合运营管理水平和运营险性事件等情况,逐项确定安全风险等级并制定风险管控措施,形成本单位运营安全风险数据库。
【多选题】
运营安全风险数据库应包括哪些内容?___
A. 运营安全风险数据库内容至少包括业务板块、风险点(工作单元/操作步骤)、
B. 风险描述、风险等级、管控措施、责任部门及责任岗位、责任人等。
【多选题】
运营单位应对哪些特定领域、特定环节、特定对象开展风险专项辨识? ___
A. (一)运营环境发生较大变化; (二)运营单位部门分工进行较大调整;
B. (三)发生运营险性事件; (四)新设备、新技术、新工艺投用;
C. (五)车辆、信号等关键系统更新,以及车站、线路等改造后投入使用; (六)法律法规、规章制度发生较大变化;
D. (七)需开展风险专项辨识的其他情况。
【多选题】
按照“分级管控”原则,针对各级风险的管控工作机制是什么?___
A. (一)对于重大风险,应由运营单位负责人牵头组织制定管控措施;
B. (二)对于较大风险,应由专业部门负责人牵头组织制定管控措施;
C. (三)对于一般风险及较小风险,应由班组负责人组织制定管控措施。
【多选题】
隐患排查治理的定义?___
A. 隐患排查治理是指对城市轨道交通运营过程中人的不安全行为、物的不安全状态、环境的不安全因素、
B. 管理上的缺陷导致的风险管控措施弱化、失效、缺失等,
C. 进行排查、评估、整改、消除的闭环管理活动。
【多选题】
重大隐患的定义?___
A. 可能直接导致安全生产事故或列车脱轨、列车冲突、列车撞击、列车挤岔、火灾、
B. 桥隧结构坍塌、车站和轨行区淹水倒灌、大面积停电、
C. 客流踩踏等运营险性事件发生的隐患。
【多选题】
按照“一岗一册”原则,如何建立隐患排查手册?___
A. 对照风险数据库,逐项分析所列风险管控措施弱化、失效、缺失可能产生的隐患,确定隐患等级,
B. 并按照“一岗一册”的原则分解到各岗位,形成各岗位的隐患排查手册,
C. 明确排查内容、排查方法、排查周期等内容。
【多选题】
运营单位在哪些情况下应开展安全隐患专项排查? ___
A. (一)关键设施设备更新改造; (二)以防汛、防火、防寒等为重点的季节性隐患排查; (三)重要节假日、重大活动等关键运输节点前;
B. (四)重点施工作业进行期间; (五)发生重大故障或运营险性事件;
C. (六)根据政府或有关管理部门安全部署; (七)需开展专项排查的其他情况。
【多选题】
运营单位专项应急预案应至少涵盖哪些重点内容? ___
A. (一)列车脱轨、撞击、冲突、挤岔。 (二)土建结构病害、轨道线路故障。
B. (三)异物侵限、车站及线路淹水倒灌。 (四)车辆故障、供电中断、通信中断、信号系统故障。
C. (五)突发大客流、客伤。 (六)列车、车站公共区、区间及主要设备房等区域火灾。
D. (七)网络安全事件。
【多选题】
运营单位现场处置方案应至少涵盖哪些关键岗位?___
A. (一)行车调度员。(二)电力调度员、环控调度员。(三)列车驾驶员。
B. (四)行车值班员。(五)车站服务人员。
C. (六)设施设备维护人员。
【多选题】
报告运营险性事件应包括哪些内容?___
A. (一)发生单位; (二)发生的时间、地点、现场情况及简要经过;
B. (三)已经造成或者可能造成的伤亡人数(包括下落不明的人数)和初步估计的直接经济损失; (四)已经采取的措施;
C. (五)对运营造成的影响; (六)初步原因分析;
D. (七)下一步措施和需要协调事项; (八)其他应报告的情况。
【多选题】
运营险性事件技术分析报告应包括哪些内容?___
A. (一)发生单位概况; (二)发生经过和处置情况;
B. (三)造成的人员受伤和直接经济损失; (四)事件发生的原因分析;
C. (五)事件整改与防范措施;
D. (六)有关图文、视频、音频、数据等资料。
【多选题】
城市轨道交通主要运营险性事件包括哪些?___
A. 1.列车脱轨;2.列车冲突;3.列车撞击;4.列车挤岔;5.列车、车站公共区、区间、主要设备房、控制中心、主变电所、车辆基地等发生火灾;
B. 6.乘客踩踏;7.车站、轨行区淹水倒灌;8.桥隧结构严重变形、坍塌,路基塌陷;9.大面积停电;10.通讯网络瘫痪;11.信号系统重大故障;
C. 12.接触网断裂或塌网;13.电梯和自动扶梯重大故障;14.夹人夹物动车造成乘客伤亡;
D. 15.网络安全事件;16.造成人员死亡、重伤、3人(含)以上轻伤,以及正线连续中断行车1小时(含)以上的其他运营事件。
【多选题】
运营单位应对哪些关键部位进行实时监控?___
A. (一)车辆:牵引系统、制动系统、受流装置、走行系统等。 (二)供电:断路器、继电保护装置、干式变压器、再生储能装置、UPS电源等。
B. (三)通信:电源、传输设备、网络设备等。 (四)信号:应答器、转辙机、电源系统等。
C. (五)机电:通风空调与供暖、给水与排水、自动售检票系统、火灾自动报警系统、乘客信息系统、站台门等。
【多选题】
运营单位设施设备更新改造主要包括哪些范围? ___
A. (一)对原有设备进行的综合性技术改造和采取的技术措施;
B. (二)为提高自动化、智能化水平和采用新技术、新材料、新产品而进行的技术改造;
C. (三)设备和建筑物等固定资产的购置或新建;
D. (四)环境保护、劳动保护、节能、综合利用原材料等需要添置的设备和相应的土建工程。
