【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
DEF
解析
暂无解析
相关试题
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
推荐试题
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构开展债券类投资的境外业务,可以完全依赖外部评级,应将债权类投资纳入全行统一的风险管理体系
A. 对
B. 错
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构在开展境外业务时,对于已设立境外分支机构的国家或地区,主要运营责任应由境外分支机构承担,相关业务应在满足境内监管要求的基础上更侧重于满足境外监管要求
A. 对
B. 错
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构应结合自身经营特点、比较优势和风险管理能力制定境外业务的短期发展计划
A. 对
B. 错
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构境外业务是指银行业金融机构开展的以境外主体为客户或交易对手,或者以境内主体为客户或交易对手但风险敞口在境外的贷款、拆借、贸易融资、票据承兑和贴现、透支、保理、担保、贷款承诺、信用证、融资租赁等授信类业务,黄金、外汇、衍生产品等交易类业务以及债券、股权等投资类业务
A. 对
B. 错
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构在开展境外业务时,对于已设立境外分支机构的国家或地区,主要运营责任应由境外分支机构承担,相关业务应在满足境内监管要求的基础上更侧重于满足境外监管要求
A. 对
B. 错
【判断题】
根据《中国银监会关于进一步加强银行业金融机构境外运营风险管理的通知》(银监发〔2016〕5号)规定,银行业金融机构在开展境外业务时,对于已设立境外分支机构的国家或地区,主要运营责任应由母公司承担,相关业务应在满足境内监管要求的基础上更侧重于满足境外监管要求
A. 对
B. 错
【判断题】
银行业金融机构应加强对境外业务经营发展环境和风险形势的分析评估,充分认识境外业务的发杂兴和特殊性,加强对业务所在国家或地区政治经济形势、金融市场走势和金融监管环境的跟踪研究
A. 对
B. 错
【判断题】
按照《银行业金融机构全面风险管理指引》规定,各类风险包括信用风险、市场风险、流动性风险、操作风险、国别风险、银行账户利率风险、声誉风险、战略风险、信息科技风险以及其他风险
A. 对
B. 错
【判断题】
按照《银行业金融机构全面风险管理指引》规定,全面风险管理应当覆盖各个业务条线,包括本外币、表内外、境内外业务;覆盖所有分支机构、附属机构,部门、岗位和人员;覆盖所有风险种类和不同风险之间的相互影响;贯穿决策、执行和监督全部管理环节
A. 对
B. 错
【判断题】
按照《银行业金融机构全面风险管理指引》规定,银行业金融机构应当推行激进的风险文化,形成与本机构相适应的风险管理理念、价值准则、职业操守,建立培训、传达和监督机制,推动全体工作人员理解和执行
A. 对
B. 错
【判断题】
按照《银行业金融机构全面风险管理指引》规定,风险限额临近监管指标限额时,银行业金融机构应当启动相应的纠正措施和报告程序,采取必要的风险分散措施,并向银行业监督管理机构报告
A. 对
B. 错
【判断题】
当前,部分银行业金融机构业务外包管控不严,责任约束机制缺失,委托代理开展过程中,未能有效管控外包机构、人员非法获取、接触、处理客户个人信息数据行为,存在第三方泄露客户个人信息风险隐患
A. 对
B. 错
【判断题】
银行业金融机构要牢固树立全员合规意识,进一步加强员工教育与外包行为管理,强化信息安全建设,强化内部监督,建立完善客户个人信息保护长效机制。严肃处理发现的违规问题,对涉嫌犯罪的,及时向检察机关报案
A. 对
B. 错
【判断题】
根据中国银监会办公厅关于银行业金融机构客户个人信息泄露案件风险提示的通知(银监办发〔2016〕156号)规定,银行业金融机构要在有效防范客户个人信息案件风险基础上,完善法律风险应对预案,降低因客户个人信息保护不到位诱发案件风险对银行业造成的不良影响
A. 对
B. 错
【判断题】
按照《中国银监会关于银行业风险防控工作的指导意见》规定,银行业金融机构要认真落实《预算法》和《国务院关于加强地方政府性债务管理的意见》要求,不得违规新增地方政府融资平台贷款,严禁接受地方政府担保兜底
A. 对
B. 错
【判断题】
按照《中国银监会关于银行业风险防控工作的指导意见》规定,银行业金融机构要完善流动性风险治理架构,将同业业务、投资业务、托管业务、理财业务等纳入流动性风险监测范围,制定合理的流动性限额和管理方案
A. 对
B. 错
