【多选题】
Which four tunne ling prot ocols are enabled in the Dfit GrpPolicy group policy ?___
A. Clientless SSL VPN
B. SSL VPN Client
C. PPTP
D. L2TP/IPsec
E. IPsec IKEv1
F. IPsec IKEv2
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
ADEF
解析
暂无解析
相关试题
【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
推荐试题
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,电气测量作业时,连接电流回路的导线截面,应适合所测电流数值。连接电压回路的导线截面不应小于___mm2。
A. 1
B. 1.5
C. 2
D. 2.5
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,两台及两台以上链条葫芦起吊同一重物时,重物的重量应___每台链条葫芦的允许起重量。
A. 大于
B. 小于
C. 不大于
D. 等于
【单选题】
依据《电力建设安全工作规程》(架空电力线路部分),杆塔工程施工中,攀登高度___以上铁塔宜沿有护笼的爬梯上下。如无爬梯护笼时,应采用绳索式安全自锁器沿脚钉上下。
A. 60m
B. 70m
C. 80m
D. 90m
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,硬质梯子的横档应嵌在支柱上,梯阶的距离不应大于40cm,并在距梯顶___处设限高标志。
A. 0.5m
B. 0.7m
C. 0.8m
D. 1.0m
【多选题】
电力人身事故事件的归属:发生本企业负有责任的外单位人员人身伤亡(含生产性急性中毒),归属于公司电力人身事故事件。“本企业负有责任”是指有下列情形之一:___。
A. 资质审查不严,项目承包商不符合要求
B. 在开工前未对承包商项目负责人、工程技术人员和安监人员进行全面的安全技术交底,或者没有完整的记录
C. 对危险性生产区域内作业未事先进行专门的安全技术交底,未要求承包商制定安全措施,未配合做好相关的安全措施(包括有关设施、设备上未设置安全警告标志等)。危险性生产区域是指容易发生触电、高空坠落、爆炸、爆破、起吊作业、中毒、窒息、机械伤害、火灾、烧烫伤等引起人身伤亡和设备事故事件的场所
D. 未签订安全生产管理协议,或者协议中未明确各自的安全生产职责和应当采取的安全措施
【多选题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,事故事件发生后,事故事件有关单位的管理人员应及时对事故事件现场和损坏的设备进行___,并及时移交事故事件调查组。
A. 照相
B. 录像
C. 绘制草图
D. 收集和妥善保存相关资料
【多选题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,在涉及两个单位的事故事件认定中,例如某输电线路分别由A、B两单位管辖,某天,该线路由于A单位管辖范围内的故障而跳闸停运,故障期间,由于B单位该条线路的保护拒动,导致B单位的一段母线非计划停运。对于上述事件,下列说法正确的是___
A. 该事件归属于A单位
B. 该事件归属于B单位
C. A、B单位各统计为一次事件
D. 管理A、B单位的C单位汇总统计为一次事件
【多选题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,事故事件调查处理和考核实行分级管理。各级生产经营单位应坚持“四不放过”的原则,做到___。
A. 事故事件原因未查清不放过
B. 责任人员未处理不放过
C. 责任人员未考核不放过
D. 整改措施未落实不放过
E. 有关人员未受到教育不放过
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,在用户设备上工作,许可工作前,工作负责人应检查确认用户设备的___符合作业的安全要求。作业前检查多电源和有自备电源的用户,应已采取机械或电气联锁等防反送电的强制性技术措施。
A. 运行状态
B. 安全措施
C. 组织措施
D. 控制措施
【多选题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,下列哪些属于工作失职误动作。___
A. 运行人员未认真监视、控制、调整等监控过失
B. 现场作业人员误碰、误动、漏投(切)二次压板、误(漏)接线、误设置定值
C. 继电保护人员错误计算继电保护及安全自动装置定值
D. 运行方式人员错误安排运行方式
E. 设计、施工、验收、调试人员遗留隐患或错误,造成的设备误动作
【多选题】
依据《电力建设安全工作规程》(架空电力线路部分),附件安装在跨越电力线、铁路、___或( D )等的线段杆塔上安装附件时,应采取防止导线或地线坠落的措施。
A. 便路
B. 公路
C. 河流
D. 通航河流
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,气瓶搬运的安全要求有以下几点___:
A. 气瓶搬运应使用专门的抬架或手推车。
B. 用汽车运输气瓶,气瓶应横向放置并可靠固定。气瓶押运人员应坐在司机驾驶室内,禁止坐在车厢内。
C. 禁止将氧气瓶与乙炔气瓶、易燃物品或装有可燃气体的容器放在一起运送。
D. 气瓶搬运至少应有两人一起搬运。
【多选题】
依据《中国南方电网调度运行操作管理规定》规定,值班调度员下达线路综合令时,需明确___等要求。
A. 操作任务
B. 操作目的
C. 操作人员
D. 操作对象(线路、线路高抗、串补、站内间隔开关)的起始和终结状态、线路的解合环点和充电端
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,开启___时应使用专用工具,同时注意所立位置,以免滑脱后伤人。开启后应设置标准路栏围起,并有人看守。工作人员撤离电缆井或隧道后,应立即将井盖盖好,以免行人碰盖后摔跌或不慎跌入井内。
A. 电缆井井盖
B. 电缆沟盖板
C. 电缆隧道人孔盖
D. 电缆竖井
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,放线、撤线工作中使用的跨越架,应使用坚固无伤相对较直的___管等,且应具有能够承受跨越物重量的能力,否则可双杆合并或单杆加密使用。搭设跨越架应在专人监护下进行。
A. 木杆
B. 竹竿
C. 金属
D. 绳索
【多选题】
依据《电力建设安全工作规程》(架空电力线路部分),对于临时性货运索道运输的施工作业,索道运行、保养的规定,以下符合要求的是:___
A. 首次使用或长期停运的索道使用前应进行试运转。检查承载索的锚固、拉线是否正常,各索具是否损坏,索道支架有无变形、开裂等
B. 索道运行时,应保证通信联络畅通,信号传递要语音规范、清晰
C. 索道运行速度应根据所运输对象的重量,来调整发动机转速,最高运行速度不宣超过60m/min。载重小车通过支架时的牵引速度应缓慢,通过支架后方可正常运行
D. 货运索道不得超负荷使用
【多选题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,下列哪些属于一般误操作。___
A. 下达不正确调度命令
B. 错误执行调度命令
C. 现场作业人员误碰、误动、漏投(切)二次压板、误(漏)接线、误设置定值
D. 误执行继电保护及安全自动装置定值
【多选题】
依据《电力建设安全工作规程》(架空电力线路部分),杆塔组装作业,山地铁塔地面组装时遵守下列规定:___
A. 塔材不得顺斜坡堆放
B. 选料应由上往下搬运,不得强行拽拉
C. 由坡上的塔片垫物应稳固,且应有防止构件滑动的措施
D. 组装管形构件时,构件间未连接前应采取防止滚动的措施
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,动火工作审批人的安全责任有___。
A. 审查动火工作的必要性
B. 审查动火工作的安全性
C. 审查动火工作票上所填安全措施是否正确完备
D. 检查动火工作现场是否安全
【多选题】
依据《中国南方电网有限责任公司电力安全工作规程》,绝缘绳、网使用时应注意以下哪些内容___:
A. 绝缘绳成卷用塑料袋密封,并置于专用包装内
B. 绝缘绳、网的接头应单根丝连接,线股不允许接头,单丝接头应封闭在绳股内部
C. 绝缘绳不应沾染油污或受潮
D. 绝缘绳、网应存入在干燥、通风的库房内,并经常检查、防止受潮、受污、虫蛀和机械损伤
【判断题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,人身死亡。是指发生电力生产安全事故30日内或道路交通、火灾事故7日内人员受伤死亡的(经医疗事故鉴定部门确认的医疗事故死亡除外)。发生电力生产安全事故后超过30日的或道路交通、火灾事故后超过7日的人员受伤死亡不再补报和重新统计
A. 对
B. 错
【判断题】
依据《中国南方电网有限责任公司电力事故事件调查规程》,百日安全周期。是指分子公司所属生产经营单位保持安全生产、未中断安全记录(连续安全生产的天数)累计达100天,记为一个百日安全周期
A. 对
B. 错
【判断题】
依据《中国南方电网有限责任公司电力安全工作规程》,小张作为专责监护人对某工作现场履行监护职责。工作过程中,小张见人手不够,参与到工作当中。后接到电话,离开现场,工作班成员继续工作。判断小张的做法是否对
A. 对
B. 错
【判断题】
依据《工作票实施规范》(调度检修申请单部分)规定,调度检修申请单作为工作票许可人许可工作的依据,必须同时分别保存在调度许可人、一级间接许可人(如有)、二级间接许可人(如有)和工作票签发人处
A. 对
B. 错
【判断题】
依据《云南电网公司安全管理办法》,各单位应根据公司要求,结合实际完善“三不一鼓励”(不记名、不处罚、不责备、鼓励主动暴露安全问题)管理机制和细化工作措施,推行“三不一鼓励”工作方式,鼓励员工积极主动分享安全经验和信息
A. 对
B. 错
【判断题】
依据《云南电网公司安全管理办法》,公司实行生产安全举报制度,鼓励任何单位和个人对隐瞒未报的安全事故事件进行举报。各级安全生产机构可直接受理任何单位和个人的举报事项,并按管辖职责进行调查处理
A. 对
B. 错
