【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
CD
解析
暂无解析
相关试题
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
推荐试题
【判断题】
“房易贷”贷款借款人与抵押人须为同一人或直系亲属
A. 对
B. 错
【判断题】
“房易贷”利率执行同档次基准利率上浮60%,不符合“房易贷”的抵押贷款利率上浮100%
A. 对
B. 错
【判断题】
小张用亲哥哥的四环内住房(130平方米、房龄15年)为其担保向市郊联社申请借款,该贷款符合“房易贷”产品条件
A. 对
B. 错
【判断题】
“薪易贷”业务担保方式包括保证、抵押、质押。采取保证担保的,保证人须为本单位(本系统)至少1名级别相近、具备担保实力的员工或借款人成年子女
A. 对
B. 错
【判断题】
“微贷通”管理办法要求:不得对污染严重、技术落后、资源浪费的行业经营者进行评级授信
A. 对
B. 错
【判断题】
张某在庙李信用社有存款业务,截止目前已经连续12个月日均存款在25万元,他可以向该社申请“共赢贷”业务
A. 对
B. 错
【判断题】
“房易贷”所要求抵押物必须为直系亲属,包括配偶、父母、子女、血亲兄弟姐妹等
A. 对
B. 错
【判断题】
“共赢贷”额度按照借款人夫妻双方近一年日均存款的3倍进行核定,最高不超过300万元(含)。再次用信时,用信额度须进行重新测算,但不得超过原合同金额
A. 对
B. 错
【判断题】
“共赢贷”可采用保证、抵押、质押等担保方式。采用保证担保方式的,要求至少2名具备担保实力的保证人提供连带责任担保
A. 对
B. 错
【判断题】
“创富贷”的贷款对象主要是辖区内有经营需求的传统农户及农户以外的个体工商户
A. 对
B. 错
【判断题】
“创富贷”贷款单次用信最长36个月,最高贷款金额100万元
A. 对
B. 错
【判断题】
“助力贷”客户必须在郑州市辖区内有自有房产
A. 对
B. 错
【判断题】
贷款展期时,展期期限加上原贷款期限达到新利率期限档次的,自展期之日起,贷款利率应在取消一切下浮(除担保方式外)的基础上,按照同期限档次基本利率进行测算,执行利率不得高于原贷款利率
A. 对
B. 错
【判断题】
《河南省农村信用社个人信贷业务操作规程》中规定,市县联社可为生产经营正常、暂时出现还款困难的个人客户办理贷款展期手续,并合理确定个人客户贷款展期期限,一年以内(含)的个人贷款,展期期限累计不得超过原贷款期限;一年以上的个人贷款,展期期限累计与原贷款期限相加,不得超过该贷款品种规定的最长贷款期限
A. 对
B. 错
【判断题】
《河南省农村信用社个人信贷业务操作规程》中规定,贷款的展期期限加上原期限达到新的利率期限档次时,从展期之日起按照新的期限档次利率执行且不低于原贷款利率
A. 对
B. 错
【判断题】
展期贷款的风险分类最高分为关注类
A. 对
B. 错
【判断题】
《河南省农村信用社信贷业务管理基本制度》中规定,信贷业务基本流程是:受理→调查→审查 →审议与审批→信用发放与支付→贷后管理
A. 对
B. 错
【判断题】
信贷业务按期限可分为:短期信贷业务、 中期信贷业务和长期信贷业务。长期信贷业务是指期限5年(含)以上的信贷业务
A. 对
B. 错
【判断题】
“金燕e贷”业务要求,新增客户需与就业单位签订1年以上正式劳动合同且已在所就业单位工作满1年
A. 对
B. 错
【判断题】
申请个人二手住房按揭业务的借款人年龄应在18至60周岁之间
A. 对
B. 错
【判断题】
市郊联社二手住房按揭贷款金额不超300万元
A. 对
B. 错
【判断题】
若借款人的月均可支配收入不足以覆盖月按揭贷款还款额,应当追加有还款能力的自然人作为共同还款人
A. 对
B. 错
【判断题】
借款人购买二手住房并在市郊联社办理按揭业务,贷款期限与所购房屋的建成年限之和不得超过40年
A. 对
B. 错
【判断题】
住房按揭贷款可以进行展期或延期
A. 对
B. 错
【判断题】
个人二手住房按揭业务中,若借款人在贷款发放12个月内申请提前还款,需缴纳与上一期应还月供同等金额的违约金
A. 对
B. 错
【判断题】
惠民贷业务申请时,夫妻双方正在发生贷款业务的金融机构总数超过5家(含)的禁止准入
A. 对
B. 错
【判断题】
在评定三星级信用社区(村)时,社区(村)不良贷款户数比例应低于1%
A. 对
B. 错
【判断题】
针对省联社渠道信息,在分发岗指派后,客户经理应在24小时内签收完毕
A. 对
B. 错
【判断题】
客户经理在惠民贷实地调查时须现场核实客户身份、资产、经营、收入等信息
A. 对
B. 错
【判断题】
保险公司和银行可以在没有投保人授权的情况下自动在投保人名下的银行卡中划转投保人的保费
A. 对
B. 错
【判断题】
保险的交费期限等于保障期限
A. 对
B. 错
【判断题】
代理人在帮助客户投保的时候知道客户有高血压,但为了帮助客户顺利投保,可以替客户隐瞒并更改客户体检报告
A. 对
B. 错
【判断题】
商业银行应在保险单、业务系统和保险代理业务账簿中完整、真实地记录商业银行网点名称及网点销售人员姓名和工号
A. 对
B. 错
【判断题】
根据“党建+金融”银村共建工作推进方案要求,至2019年9月底,原则上实现与辖内符合条件的行政村“党建+金融”银村共建工作100%全覆盖
A. 对
B. 错
【判断题】
五星级信用社区(村)需要在信用社开立唯一结算账户,社区(村)居民在信用社授信覆盖率达到50%,不良贷款户数比例低于1%,至少连续两年被评为四星级信用社区(村)
A. 对
B. 错
【判断题】
“金燕e贷”客户原则上最低授信1000元,最高授信30万元
A. 对
B. 错
【判断题】
市郊联社大额存单利率较同档次基准利率上浮55%
A. 对
B. 错
【判断题】
在理财销售过程中,不得提供含有刚性兑付内容的理财产品介绍,不得使用小概率事件夸大产品收益率或收益区间
A. 对
B. 错
【单选题】
根据《河南省农村信用社信贷业务管理基本制度》规定,信贷业务的基本流程是___
A. 受理→调查→审查→审议与审批→信用发放与支付→贷后管理
B. 受理→调查→审议与审批→信用发放与支付→贷后管理
C. 受理→调查→审批→信用发放与支付→贷后管理→贷款收回
D. 调查→审查→审议与审批→信用发放→贷后管理
【单选题】
根据《河南省农村信用社个人信贷业务操作规程》的规定,市县行社___作为本行社信贷业务决策的集体议事机构,为有权审批人审批提供智力支持和权力制约。
A. 信贷管理部
B. 评审委员会
C. 风险管理部
D. 授信审批部