【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
推荐试题
【单选题】
下列关于商业银行操作风险的描述,正确的是( )。___
A. 操作风险说到底就是内部控制,内部控制做好了就不会产生操作风险
B. 商业银行之所以承担操作风险是由于其能够带来盈利
C. 操作风险包括法律风险,但不包括声誉和战略风险
D. 操作风险就是除信用风险和市场风险之外的风险
【单选题】
( )代表了国际先进银行风险管理的最佳实践,符合巴塞尔新资本协议和各国监管机构的要求,已经成为现代商业银行谋求发展和保持竞争优势的重要基石。___
A. 全面风险管理
B. 资产风险管理
C. 资产负债风险管理
D. 负债风险管理
【单选题】
在商业银行风险管理实践中,与信用风险、市场风险和操作风险相比,( )的形成原因更加复杂和广泛,通常被视为一种综合性风险。___
A. 利率风险
B. 国别风险
C. 法律风险
D. 流动性风险
【单选题】
关于商业银行常用的风险规避策略,下列叙述不准确的是( )。___
A. 采取授信额度
B. “收软付硬”、“借硬贷软”的币种选择原则
C. 设立非常有限的风险容忍度
D. 使用交易限额
【单选题】
风险对冲是指通过投资或购买与标的资产( Underlying Asset)收益波动( )的某种资产或衍生产品来冲销标的资产潜在损失的一种策略性选择。___
A. 不相关
B. 相独立
C. 负相关
D. 正相关
【单选题】
下列有关商业银行信用风险的描述,正确的是( )。___
A. 衍生产品交易的信用风险造成的损失不大,通常可以忽略不计
B. 信用风险存在于传统的贷款、债券投资等表内业务中,不存在于信用担保、贷款承诺等表外业务中
C. 交易对手的信用等级下降可能会给投资组合带来损失
D. 对大多数银行来说,存款是最大、最明显的信用风险来源
【单选题】
对商业银行风险治理架构和风险管理组织体系,监管要求着重强调的内容不包括( )。___
A. 公司治理架构
B. 风险管理组织架构
C. 风险管理的及时性
D. 风险管理的独立性
【单选题】
甲乙两人在某银行从事柜台业务,乙为会计主管,工作中两人关系密切、无话不谈,下列两人埘密码管理的做法正确的是( )。___
A. 需要业务授权时,甲输入乙的密码进行授权
B. 两人密码互相知悉
C. 各自定期或不定期更换密码并严格保密
D. 乙用甲密码为客户办理业务
【单选题】
下列关于风险管理信息传递的说法,不正确的是( )。___
A. 先进的企业级风险管理信息系统一般采用浏览器和服务器结构
B. 风险分析人员在报告发送给外界之前要核准风险报告结果准确无误
C. 风险管理应当在最短的时间将所有正确的信息传递给商业银行所有人员
D. 风险监测人员在发布信息时要确保适当的人员得到他们所应当看到的风险信息
【单选题】
巴塞尔委员会2015年发布的《银行公司治理原则》强调了“三道防线”在风险管理流程中的作用,指出风险治理框架中应包括建立“三道防线”及清晰的职责描述,第—道风险防线是( )。___
A. 内部审计
B. 风险管理部门
C. 业务条线部门
D. 合规部门
【单选题】
下列关于风险计量的说法中,错误的是( )。___
A. 风险计量就是对单笔交易承担的风险进行计量
B. 风险计量可以基于专家经验
C. 风险计量采取定性、定量或者定性与定量相结合的方式
D. 准确的风险计量结果需要建立在卓越的风险模型基础之上
【单选题】
直接体现商业银行的风险管理水平和研究、开发能力的是( )。___
A. 不断开发出针对不同风险种类的风险量化方法
B. 建立功能强大、动态/交互式的风险监测和报告系统
C. 采取科学的方法,识别商业银行所面临的各种风险
D. 采取有效措施控制商业银行的整体或重大风险
【单选题】
风险计量既需要对单笔交易承担的风险进行计量,也要对组合层面、银行整体层面承担的风险水平进行评估,也就是通常所说的( )。___
A. 风险识别
B. 风险监测
C. 风险控制
D. 风险加总
【单选题】
风险因素与风险管理复杂程度的关系是( )。___
A. 风险因素考虑得越充分,风险管理就越容易
B. 风险因素越多,风险管理就越复杂,难度就越大
C. 风险管理流程越复杂,则会有效减少风险因素
D. 风险因素的多少同风险管理的复杂性的相关程度并不大
【单选题】
根据中国银监会的五级贷款风险分类指导原则,借款有可能无法足额偿还贷款本息,即使执行担保也将会造成较大损失的贷款属于( )。___
A. 关注类贷款
B. 可疑类贷款
C. 损失类贷款
D. 次级类贷款
【单选题】
下列选项不属于商业银行了解个人借款人资信状况的途径的是( )。___
A. 通过实地考察了解客户提供的信息的真实性
B. 查询法院部门个人客户信用记录
C. 从其他银行购买客户借款记录
D. 查询人民银行个人信用信息基础数据库
【单选题】
下列关于信贷审批的说法,不正确的是( )。___
A. 原有贷款的展期无须再次经过审批程序
B. 授信审批应当完全独立于贷款的营销和发放
C. 在进行信贷决策时,应当考虑衍生交易工具的信用风险
D. 在进行信贷决策时,商业银行应当对可能引发信用风险的借款人的所有风险暴露和债项做统一考虑和计量
【单选题】
商业银行客户信用评级的发展过程是( )。___
A. 违约概率模型一专家判断法一信用评分模型
B. 信用风险模型一专家判断法一违约概率模型
C. 专家判断法一信用评分模型一违约概率模型
D. 专家判断法一违约概率模型一信用评分模型
【单选题】
信用评分模型的关键在于( )。___
A. 辨别分析技术的运用
B. 借款人特征变量的当前市场数据的搜集
C. 借款人特征变量的选择和各自权重的确定
D. 单一借款人违约概率及同一信用等级下所有借款人违约概率的确定
【单选题】
下列关于留置的说法,不正确的是( )。___
A. 留置这一担保形式主要应用于保管合同、运输合同等主合同
B. 留置担保的范围包括主债权及利息、违约金、损害赔偿金、留置物保管费用和实现留置权的费用
C. 留置的债权人按照合同约定占有债务人的动产,债务人不按照合同约定的期限履行债务的,债权人须经法院判决后方可以该财产折价或者以拍卖、变卖该财产的价款优先受偿
D. 留置是为了维护债权人的合法权益的一种担保形式
【单选题】
在对商业银行客户进行信用风险识别时,下列各项不属于对单一法人客户的非财务因素分析的是( )。___
A. 客户的企业管理者的人品
B. 客户企业的效率比率分析
C. 客户的销售风险分析,如销售份额及渠道、竞争程度、销售量及库存等
D. 客户企业的总体经营风险分析,如企业在行业中的地位、企业整体特征等
【单选题】
下列关于VaR的描述,正确的是( )。___
A. 风险价值与损失的任何特定事件相关
B. 风险价值是以概率百分比表示的价值
C. 风险价值是指可能发生的最大损失
D. 风险价值并非是指可能发生的最大损失
【单选题】
假设目前收益率曲线是向上倾斜的,如果预期收益率曲线变得较为平坦,则下列四种策略中,最适合理性投资者的是( )。___
A. 卖出永久债券
B. 买入即将到期的20年期债券
C. 买入10年期保险理财产品,并卖出20年期债券
D. 买入20年期政府债券,并卖出6个月国库券
【单选题】
《商业银行资本充足率管理办法》规定了市场风险资本要求涵盖的风险范围,其中不包括( )。___
A. 交易账户中的利率风险和股票风险
B. 交易对手的违约风险
C. 全部的外汇风险
D. 全部的商品风险
【单选题】
利率互换是两个交易对手相互交换一组资金流量,( )。___
A. 涉及本金的交换和利息支付方式的交换
B. 涉及本金的交换,不涉及利息支付方式的交换
C. 不涉及本金的交换,涉及利息支付方式的交换
D. 不涉及本金的交换,也不涉及利息支付方式的交换
【单选题】
银行的员工在工作中,自己意识不到缺乏必要的知识,按照自己认为正确而实际是错误的方式工作属于( )造成的损失。___
A. 知识/技能匮乏
B. 失职违约
C. 内部欺诈
D. 违反用工法
【单选题】
张某向商业银行申请个人住户抵押贷款,期限15年。该行在张某尚未来得及办理他项权证的情况下,便提前向其发放贷款。不久张某出车祸身亡,造成该笔贷款处于高风险状态。此情况应归类为( )引起的操作风险。___
A. 信贷人员技能匮乏
B. 贷款流程执行不严
C. 内部欺诈
D. 未授权交易
