【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
DE
解析
暂无解析
相关试题
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
推荐试题
【多选题】
轨道线路巡检人员应具备哪些条件? ___
A. 应经过考试合格,持有上岗证
B. 熟悉有关规章制度及线路业务知识和安全知识
C. 熟悉线岔情况,了解急救设备存放地点
D. 必须由工班长及以上人员带领作业
E. 有单独处理故障的能力
【多选题】
轨道线路巡检人员应执行哪些制度? ___
A. 班前必须充分休息,精神饱满,班前严禁饮酒
B. 上班前应按规定穿戴好防护服装及劳保用品
C. 上下班执行考勤制度,必须参加工班的分工,有条件经常参加工班的点名及学习活动
D. 执行当日巡检情况记录制度,对发现的问题和处理情况以及需继续处理的问题记入巡道检查记录簿
E. 对危及安全的设备隐患,必需汇报工长并记录
【多选题】
下列关于轨检车对线路偏差等级扣分标准,说法正确的三项是? ___
A. Ⅱ级舒适度标准,每处扣5分
B. Ⅲ级临时补修标准,每处扣100分
C. Ⅲ级限速标准,每处扣301分
D. Ⅳ级限速标准,每处扣301分
【多选题】
关于轨检车对每千米轨道线路动态评定标准,正确的三项是 ___
A. 扣分总数在100分以内为优良
B. 扣分总数在50分以内为优良
C. 扣分总数在51~300分之间为合格
D. 扣分总数在300分以上为失格
【多选题】
下列关于4#七堡停车场道岔说法正确的是哪三项? ___
A. 七堡停车场所有道岔都是9号道岔
B. 七堡停车场所有道岔都是7号道岔
C. 七堡停车场所有道岔都是50轨
D. 七堡停车场所有两组菱形交渡
【多选题】
施工负责人在施工前需要做的准备有哪些? ___
A. 提前明确作业计划,掌握作业内容作业区域等要素
B. 携带好施工负责人证,为请点做准备
C. 提前预约好网约车,方便下班回家
D. 提前准备好施工所需的施工工具
【多选题】
下列关于轨道线路几何尺寸整改说法正确的三项是? ___
A. 用10米弦测量, 轨向容许偏差不超过5㎜
B. 用10m弦量,前后高低误差站专线不超过6mm
C. 正线路轨距变化率不大于1/1000
D. 只要轨距水平不超标就可以了,其他不用管
【多选题】
下列属于尖轨与基本轨不密贴产生的原因有哪两项? ___
A. 基本轨工作边及尖轨非工作边有“肥边”造成假密贴
B. 尖轨顶铁过长,补强板螺栓凸出
C. 尖轨跟端轨缝过大,间隔铁和夹板磨耗,螺栓松动,过车时加大了冲击
D. 尖轨几何尺寸正常,外观无异常
【多选题】
关于三角坑以下说法错误的是? ___
A. 前后两点的水平正负误差的代数差超过4mm时为三角坑
B. 前后两点的水平正负误差的代数差超过6mm时为三角坑
C. 前后两点的水平正负误差的代数差超过8mm时为三角坑
D. 前后两点的水平正负误差的代数差超过10mm时为三角坑
【多选题】
钢轨折断标准有哪些? ___
A. 钢轨全截面至少断成两部分
B. 裂纹已经贯通整个轨头截面
C. 裂纹已经贯通整个轨底截面
D. 钢轨顶面上有长大于50mm,深大于10mm的掉块
【多选题】
高锰钢整铸辙叉轻伤标准有哪些? ___
A. 辙叉心宽40mm断面处,辙叉心垂直磨耗(不含翼轨加高部分),50kg/m及以下钢轨,在正线上超过4mm断面
B. 辙叉顶面和侧面的任何部位有裂纹
C. 辙叉心、辙叉翼轨面剥落掉块,长度超过15mm,深度超过3mm
D. 钢轨探伤人员或轨道工长认为有伤损的辙叉
【多选题】
高锰钢整铸辙叉重伤标准有哪些? ___
A. 叉趾、叉跟轨头及下颏部位裂纹超过30mm
B. 叉趾、叉跟浇铸断面变化部位斜向或水平裂纹,长度超过120mm,或虽未超过120mm,但裂纹垂直高度超过40mm
C. 辙叉心、辙叉翼轨面剥落掉块,长度超过30mm,深度超过6mm
D. 螺栓孔裂纹延伸至轨端、轨头下颏或轨底,两相邻螺栓孔裂通
【多选题】
下列不属于线路经常保养主要内容的有? ___
A. 根据钢轨表面伤损、光带及轨道动态检测情况,对钢轨进行修理
B. 整修轨道几何尺寸超过临时补修允许偏差管理值的处所
C. 其他影响行车安全的病害和需要临时补修的工作
D. 进行无缝线路地段钢轨折断、重伤钢轨和重伤焊缝的紧急处理和临时处理
E. 对轨道质量指数(TQI)超过管理值的区段或轨道几何尺寸超过经常保养容许偏差管理值的处所进行整修
【多选题】
下列不属于线路大修的主要内容有? ___
A. 更换失效轨枕及联结零件
B. 全面更换新钢轨或再用轨及其联结零件
C. 更换当年失效的轨枕并修理线路伤损轨枕,按规定补充轨枕的配置根数
D. 无缝线路应力调整或放散
E. 清筛道床,补充道砟、全起全捣,改善道床断面
【多选题】
下列属于线路单项大修的有? ___
A. 成段更换新钢轨和再用轨,成段焊接、铺设无缝线路
B. 成段更换混凝土轨枕或宽轨枕
C. 成组更换新道岔或新岔枕
D. 路基大修
E. 增设或改善道口设备
【多选题】
对线路设备维修工作计划描述正确的有哪些? ___
A. 设施保障部门负责编制线路设备年度维修计划
B. 设施保障部门负责编制线路设备年度分月维修计划
C. 工务中心据此编制年度分月维修计划
D. 工务中心据此编制分月维修计划
E. 工务中心据此编制年度维修计划
