【多选题】
Which two types of firewalls work at layer 4 and above ?___
A. Stateful inspection
B. Network Address Translation
C. Circuit-Level gateway
D. Static packet filter
E. Application Level firewall
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
AE
解析
暂无解析
相关试题
【多选题】
Which two default settings for port security are true ?___
A. Violation is Protect
B. Violation is Restrict
C. Violation is Shutdown
D. Maximum number of MAC addresses is 2
E. Maximum number of MAC addresses is 1
【多选题】
Which two are characteristics of RADIUS?___
A. Uses UDP ports 1812 /1813
B. Uses TCP port 49
C. Uses UDP port 49
D.
E. ncrypts only the password between user and server
【多选题】
When setting up a site-to-site VPN with PSK authentication on a Cisco router, which two elements must be configured under crypto map?___
A. pfs
B. nat
C. reverse route
D. peer
E. transform-set
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
推荐试题
【多选题】
金融期权根据交易的性质可分为__________
A. 看涨期权
B. 看跌期权
C. 美式期权
D. 欧式期权
【多选题】
世界各国的银行监管有以下几种类型__________
A.  由中央银行负责
B.  由财政部的一个部门负责
C.  由政府设立的专门机构负责
D.  由中央银行及其他金融管理机构共同负责
【多选题】
商业银行进行贷款定价,一般由_____因素决定。___
A. 资金成本
B. 经营成本
C. 监管成本
D. 风险成本
【多选题】
下列属于流动性风险预警的融资指标是_____。___
A. 盈利水平
B. 存款大量流失
C. 股票价格下跌
D. 融资成本上升
【多选题】
下列关于经济风险的说法正确的是__________
A.  经济风险源于功能货币与记账货币不一致
B.  经济风险分析的效果很大程度上取决于企业的预测能力
C.  经济风险直接关系到企业海外投资和经济的效益
D.  经济风险的分析是一种概率分析
【多选题】
我国参与同业拆借市场的金融机构有__________
A. 证券公司
B. 商业银行
C. 财务公司
D. 信托公司
【多选题】
2010年巴塞尔协议Ⅲ的主要内容有 ___
A. 强化资本充足率监管标准
B. 引入杠杆率监管标准
C. 建立流动性风险量化监管标准
D. 确定新监管标准的实施过渡期
【多选题】
关于期限结构理论中预期理论的说法,正确的有__________
A. 短期利率的预期值是相同的
B. 长期利率的波动小于短期利率的波动
C. 长期债券的利率等于预期的短期利率的平均值
D. 短期债券的利率一定高于长期利率
【多选题】
所有权结构变更属于广义的并购范畴。下列并购方式中,属于所有权结构变更的有__________
A. 交换发盘
B. 股权切离
C. 股票回购
D. 杠杆收购
【多选题】
根据《劳动法》的规定,下列哪些适用劳动法 ___
A. 民办非企业单位与与劳动者建立劳动关
B. 事业单位与劳动者建立劳动关系
C. 港澳台企业与劳动者建立劳动关系
D. 私营企业与劳动者建立劳动关系
【多选题】
根据资产定价理论中的有效市场假说,有效市场的类型包括__________
A. 弱式有效市场
B. 半弱式有效市场
C. 半强式有效市场
D. 强式有效市场
【多选题】
下列说法中,属于通货紧缩标志的有__________
A. 价格总水平持续下降
B. 货币供应量持续下降
C. 经济增长率持续下降
D. 社会失业率持续下降
【多选题】
下列业务中,属于商业银行负债业务创新的有__________
A. 贷款证券化
B. 备用信用证
C. 可转让支付命令账户
D. 存款证券化
【多选题】
根据凯恩斯的流动性偏好理论,人们持有货币的动机有__________
A. 交易动机
B. 投机动机
C. 预防动机
D. 成就动机
【多选题】
下列说法中,属于通货膨胀成因的有__________
A. 需求拉上
B. 成本推进
C. 供求混合作用
D. 经济结构变化
【多选题】
下列做法中,属于商业银行对信用风险进行事前管理的方法有__________
A. 利用评级机构的信用评级结果
B. 转让债权
C. 进行“5C”分析
D. 进行“3C”分析
【多选题】
下列方法中,属于国际银行业通行的前瞻性动态资产负债管理方法的有__________
A. 缺口分析
B. 情景模拟
C. 久期分析
D. 流动性压力测试
【多选题】
下列业务中,属于中央银行资产业务的有__________
A. 贷款
B. 再贴现
C. 国债买卖
D. 管理国际储备
【多选题】
近年来,我国已经采取的对外汇储备进行积极管理的措施有__________
A. 调节国际收支顺差
B. 实行藏汇于民
C. 增加外汇占款
D. 储备货币多元化
【多选题】
下列业务中,属于中央银行作为“政府的银行”所具有的基本职责的有__________
A. 代理国库
B. 向商业银行贷款
C. 代理政府金融事务
D. 买卖外汇
【多选题】
根据《商业银行资本管理办法(试行)》,我国商业银行的风险加权资产有__________
A. 系统风险加权资产
B. 信用风险加权资产
C. 市场风险加权资产
D. 操作风险加权资产
【多选题】
下列行为属于不正当竞争行为的是 ___
A. 假冒行为
B. 虚假宣传行为
C. 低价倾销行为
D. 商业贿赂行为
【多选题】
金融期货的基本功能有__________
A. 套期保值功能
B. 价格发现功能
C. 投机功能
D. 套利功能
【多选题】
与传统的定期存单相比,大额可转让定期存单的特点是_____。___
A. 不记名并可转让流通
B. 面额不固定且为大额
C. 不可提前支取
D. 利率一般高于同期限的定期存款利率
【多选题】
作为一种投资工具,投资基金的特点是_____。___
A. 集中投资,分散风险
B. 集合投资,降低成本
C. 专业化管理
D. 分散投资,降低风险
【多选题】
根据利率风险结构理论,导致债权工具到期期限相同但利率却不同的因素是_____。___
A. 违约风险
B. 流动性
C. 所得税
D. 交易风险
【多选题】
对金融业实行分业监管体制的缺陷是_____。___
A. 监管成本较高
B. 容易导致官僚主义
C. 监管效率低
D. 容易出现监管真空
【多选题】
当社会总供给大于社会总需求时,为实施宏观调控而选择的财政政策工具包括__________
A. 减少财政支出
B. 增加财政支出
C. 降低税率
D. 提高税率
【多选题】
根据对商业银行的内部评级体系依赖度不同,内部评级法可分为_____。___
A. 初级法
B. 高级法
C. 简单法
D. 复杂法
【多选题】
监管机构对实施高级计量法提出的具体标准主要包括_____。___
A. 资格要求
B. 定性标准
C. 定量标准
D. 内部控制
【多选题】
金融制度的创新主要表现在_____。___
A. 金融机构业务的改变
B. 分业管理制度的改变
C. 新的金融工具的出现
D. 金融市场准入制度趋向国民待遇
【多选题】
在货币需求理论中,费雪方程式认为长期中不受总货币存量影响的变量是_____。___
A. 物价
B. 货币流通速度
C. 各类商品交易量
D. 恒常收入
【多选题】
根据货币供给理论,影响基础货币量的主要因素是_____。___
A. 资本收支差额
B. 商业银行信贷规模
C. 财政收支状况
D. 国际储备增减状况
【多选题】
如果判定某个时期出现了通货紧缩,其主要依据是,在该时期出现了_____。___
A. 个别商品或劳务价格的下降
B. 物价的持续下降
C. 物价一次性的大幅下降
D. 通货膨胀率由正转负
【多选题】
非市场化的汇率形成机制对外汇市场和宏观经济运行带来的问题主要有__________
A. 市场缺乏价格发现功能
B. 绝大部分外汇资金不能被企业运用
C. 外汇资金的成本被人为降低
D. 外汇市场运行效率低下
【多选题】
下列风险管理方法中,属于汇率风险管理的方法是_____。___
A. 进行远期外汇交易
B. 做利率衍生品交易
C. 做货币衍生品交易
D. 缺口管理
【多选题】
在银行业监管的方法中,现场检查内容一般包括_____。___
A. 充分性检查
B. 合规性检查
C. 适宜性检查
D. 风险性检查
【多选题】
当前在我国分业监管体制下综合经营带来的挑战有_____。___
A. 金融控股集团的监管制度
B. 金融控股集团的资本监管
C. 金融控股集团的公司治理
D. 机构监管与功能监管的挑战
【多选题】
一国要实现本国货币资本项目项下可兑换需要的条件是_____。___
A. 稳定的国际环境
B. 健全的经济体系
C. 稳定的宏观经济环境
D. 稳健的金融体系
【多选题】
中央银行投放基础货币的渠道有_____.___
A. 对金融机构贷款
B. 对工商企业贷款
C. 购买政府债券
D. 收购金银外汇