【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
D
解析
暂无解析
相关试题
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
推荐试题
【判断题】
从业人员在作业过程中,应当严格遵守本单位的安全生产规章制度和操作规程,服从管理。
A. 对
B. 错
【判断题】
一个局部的、甚至某个环节、某个岗位的责任缺位失职,也会导致整个系统的毁灭。安全生产链上的任何一个环节的责任容不得半点疏忽。
A. 对
B. 错
【判断题】
《安全生产法》明确规定由生产经营单位的主要负责人组织制定并实施本单位安全生产教育和培训计划。
A. 对
B. 错
【判断题】
安全生产法律法规规定新进厂员工必须经过三级教育,但未规定是否要进行考试。
A. 对
B. 错
【判断题】
间接安全技术措施是指采用各种安全防护装置控制不安全因素。
A. 对
B. 错
【判断题】
特种作业是指容易发生事故,对操作者本人的安全健康及设备、设施的安全可能造成重大危害的作业。
A. 对
B. 错
【判断题】
防雷引下线地面以上2m至地面以下0.3m的一段应加竹管或钢管保护。
A. 对
B. 错
【判断题】
对于第一类防雷建筑物,当建筑物高度超过35m时,应采取侧击雷防护措施。
A. 对
B. 错
【判断题】
静电放电时容易产生静电火花,引起爆炸、火灾和电击事故,造成人员伤亡和财产损失。
A. 对
B. 错
【判断题】
在有静电危害的场所,增加空气中的湿度不利于消除静电危害。
A. 对
B. 错
【判断题】
所谓化学爆炸是指由于物质发生极其激烈的化学反应,产生高温、高压并释放大量的热量而引起的爆炸。
A. 对
B. 错
【判断题】
一般可燃物质在含氧量低于18%的空气中不能燃烧。
A. 对
B. 错
【判断题】
较大事故是指造成3人以上10人以下死亡,或者50人以上100人以下重伤,或者1000万元以上5000万元以下直接经济损失的事故。
A. 对
B. 错
【判断题】
液体能发生闪燃的最低温度叫闪点。
A. 对
B. 错
【判断题】
生产经营单位应当建立健全劳动防护用品管理制度,对采购、发放、检查、报废等情况进行记录。
A. 对
B. 错
【判断题】
机械设备中发生高温、极低温、强辐射线等的部位应有屏护措施。
A. 对
B. 错
【判断题】
生产经营单位应当严格遵守防止粉尘爆炸有关规定,采取切实有效的措施,防止粉尘爆炸事故的发生。
A. 对
B. 错
【判断题】
粉尘爆炸本身是一类特殊的燃烧现象,它也需要可燃物、助燃物和点火源三个条件。
A. 对
B. 错
【判断题】
粉尘爆炸不太可能发生破坏性更大的二次爆炸。
A. 对
B. 错
【判断题】
粉尘爆炸总是在缺氧的状态下发生,因此爆炸过程往往伴随有一氧化碳的中毒。
A. 对
B. 错
【判断题】
为了争取灭火时间,或因特殊情况不允许断电时,则应进行带电灭火,以减少事故损失。
A. 对
B. 错
【判断题】
电缆沟内的火,只能用泡沫扑灭。
A. 对
B. 错
【判断题】
电气火灾灭火可以使用水溶液或泡沫灭火器材。
A. 对
B. 错
【判断题】
充油电气设备灭火时,应先喷射中心,后喷射边缘,以免油火蔓延扩大。
A. 对
B. 错
【判断题】
劳动组织和作息制度的不合理,工作的紧张程度,动作和体位的不合理等都会对人产生影响,这些都是职业危害因素。
A. 对
B. 错
【判断题】
生产中接触二氧化硅粉尘的作业非常多,如冶金、爆破、修路、机械制造、加工业的原料破碎、研磨配料、铸造、清砂等生产过程。
A. 对
B. 错
【判断题】
生产经营单位应当逐级建立并落实从主要负责人到每个从业人员的隐患排查治理和监控责任制。
A. 对
B. 错
【判断题】
机械设备的操作位置高出地面1.5m以上时,应配置操作台、栏杆、扶手、围板等。
A. 对
B. 错
【判断题】
各单位应在收到正式职业危害监测结果或评价报告后10个工作日内将监测结果在监测结果公告牌上向职工公布。
A. 对
B. 错
【判断题】
易使眼睛发生错觉和引起疲劳的机械运动部位,应在相应的背景上涂对比鲜明的横条标志,使操作者易于识别。
A. 对
B. 错
【判断题】
机械冲压设备的双手按钮开关不是一种安全防护装置。
A. 对
B. 错
【判断题】
机械设备的电气联锁是一种安全防护装置。
A. 对
B. 错
【判断题】
重伤是指永久性丧失劳动能力及损失工作日等于或超过105日的暂时性全部丧失劳动能力伤害。
A. 对
B. 错
【判断题】
控制装置电气(电子)线路中需要确保安全可靠的执行机构部分,应设计成双回路线路。
A. 对
B. 错
【判断题】
机械设备危险部位,如仅允许手指尖通过开口时,其开口高度不得超过10mm,而且防护罩应完全封闭。
A. 对
B. 错
【判断题】
企业的从业人员没有经过安全教育培训,不了解规章制度,因而发生重大伤亡事故的,行为人不应负法律责任,应由发生事故的企业负有直接责任的负责人负法律责任。
A. 对
B. 错
【判断题】
木工机床一般都有较强烈的噪声,容易引起作业人员的精神紧张和身体疲劳,因而应采取各种有效的降噪措施,使机械噪声强度控制在70dB(A)以下。
A. 对
B. 错
【判断题】
由于双绕钢丝绳是先由丝捻成股,然后由股捻成绳,所以绕性较好。
A. 对
B. 错
【判断题】
禁止将劳动保护用品折合现金发给个人,发放的防护用品不准转卖。
A. 对
B. 错
【判断题】
钢丝绳在一个捻距内断丝数不应超过5%。
A. 对
B. 错