【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
【多选题】
Which two are valid types of vLans using PVLANS ?___
A. Community VLAN
B. Backup VLAN
C. Secondary VLAN
D. Isolated VLAN
E. Isolated VLAN
【多选题】
Which two commands are used to implement Resilient lOS Configuration ___
A. Secure boot-config
B. copy running-config tftp
C. copy flash:ios bin tftp
D. copy running-config startup-config
E. secure boot-image
【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
推荐试题
【单选题】
(71181)已知流过某负载电流i=2.82sin(314t- /4)A,端电压为u=311sin(314t- /4)V,则该负载的阻抗值应为( )。(1.0分)___
A. 55
B. 110
C. 55
D. 55
【单选题】
(71182)装有空气弹簧的客车,运行途中发生空气弹簧故障时应限速运行,运行速度不得超过( )。(1.0分)___
A. 60 km/h
B. 80 km/h
C. 120 km/h
D. 160 km/h
【单选题】
(71184)一个纯电感线圈接到电压有效值不变的交流电源上,当电源频率减小时,电压与电流之间的相位差将( )。(1.0分)___
A. 不变
B. 变小
C. 变大
D. 不能判断
【单选题】
(71186)客车配线时,不同回路、不同电压、交流与直流的导线不得穿入同一根钢管内,防止由于发生( )而引起重大事故。(1.0分)___
A. 短路
B. 断路
C. 电磁感应
D. 涡流
【单选题】
(71189)厂修客车车上干线过梁部分、茶炉室、锅炉室、厨房、水箱附近电线,车上各支线及自车下钢管引出的电线均须套( )。(1.0分)___
A. 钢管
B. 塑料管
C. 橡胶管
D. 帆布
【单选题】
(71191).在纯电容正弦交流电路中,当电容一定时,则( )。[213110206](1.0分)___
A. 频率越高,容抗越大
B. 频率越高,容抗越小
C. 频率与容抗无关
D. 不一定
【单选题】
(71192)在纯电容正弦交流电路中,减小电源频率时(其他条件不变),电路中电流将( )[221110206](1.0分)___
A. 增大
B. 减小
C. 不变
D. 不一定
【单选题】
(71193)若电路中某元件两端的电压u=36sin(314t-180°)V,i=5sin(314t-90°)A,则该元件是( )。[213110211](1.0分)___
A. 电阻
B. 电感
C. 电容
D. 电感与电阻的串联电路
【单选题】
(71194)在频率为50 Hz的交流电路中,电容的容抗和线圈的感抗相等,现将频率提高到500 Hz,则感抗与容抗之比等于( )[211110205](1.0分)___
A. 100
B. 0.01
C. 10
D. 1000
【单选题】
(71195)在RL串联正弦交流电路中,电阻上的电压为6 V,电感上的电压为8 V,则总电压为( )。[223110218](1.0分)___
A. 100 V
B. 10 V
C. 2 V
D. 14 V
【单选题】
(71197).已知一个1 电阻上的电压为u=20 sin(314t 60°)V,则这个电阻消耗的功率为( )[221110206](1.0分)___
A. )2 W
B. 40 W
C. 200 W
D. 400 W
【单选题】
(71198)在纯电感正弦交流电路中,电源有效值不变,当电源频率增加时,电路中电流将( )。[213110217](1.0分)___
A. 增大
B. 减小
C. 不变
D. 无法确定
【单选题】
(71199)一正弦电动势的最大值为220 V,频率为50 Hz,初相位为30°,则此电动势的瞬时值表达式为( )。[213110206](1.0分)___
A. e=220sin(314t+30°)
B. e=220sin(314t-30°)
C. e=-220sin(314t+30°)
D. e=-220sin(314t-30°)
【单选题】
(71202)自耦变压器减压启动方法一般适用于( )的三相笼型异步电动机。[213110223(1.0分)___
A. 容量较大
B. 容量较小
C. 容量很小
D. 各种容量
【单选题】
(71203)( )型电动机是三相交流异步电动机。[213110228](1.0分)___
A. Y-132S-4
B. Z2-32
C. SJL-500/10
D. ZQ-32
【单选题】
(71204).熔断器在低压配电系统和电力拖动系统中主要起( )保护作用,因此熔断器属保护电器。[312110227](1.0分)___
A. 轻度过载
B. 短路
C. 失电压
D. 欠电压
【单选题】
(71205).中间继电器的工作原理( )。[312110223](1.0分)___
A. 是电流的化学效应
B. 是电流的热效应
C. 是电流的机械效应
D. 与接触器相同
【单选题】
(71206)电流继电器中线圈的正确接法是( )电路中。[321110218](1.0分)___
A. 串联在被测量的
B. 并联在被测量
C. 串联在控制回路
D. 并联在控制回路
【单选题】
(71207).速度继电器是用来( )的继电器。[222110223](1.0分)___
A. 提高电动机转速
B. 降低电动机转速
C. 改变电动机转向
D. 反映电动机转速和转向变化
【单选题】
(71208)交流接触器铭牌上的额定电流是指( )。[212110523](1.0分)___
A. 主触头的额定电流
B. 主触头控制受电设备的工作电流
C. 辅助触头的额定电流
D. 负载短路时通过主触头的电流
【单选题】
(71210)二极管伏安特性所表明的是二极管( )。[212110206](1.0分)___
A. 电压与时间的关系
B. 电流与时间的关系
C. 电流与电压的关系
D. 电流、电压与时间的关系
【单选题】
(71211)当二极管工作在伏安特性曲线的正向特性区,而且所加正向电压大于其门槛电压时,该二极管相当于( )。[222110206](1.0分)___
A. 大阻值电阻
B. 断开的开关
C. 接通的开关
D. 截止
【单选题】
(71212)当硅二极管加上0.3 V正向电压时,该二极管相当于( )。[321110206](1.0分)___
A. 小阻值电阻
B. 阻值很大的电阻
C. 内部短路
D. 截止
【单选题】
(71214)新造25T型客车上线运行前,须进行通电、带载试运行,试运行距离原则上不得少于( )。(1.0分)___
A. 500 km
B. 1000 km
C. 1500 km
D. 2000 km
