【多选题】
Which two statements regarding the aSA VPN configurations are correct?___
A. The asa has a certificate issued by an external certificate authority associated to the ASDM TrustPoint1
B. The Default WEBVPNGroup Connection Profile is using the aaa with RADIUS server method
C. The Inside-srvbook mark references the https://192.168.1.2url
D. Only Clientless SSL VPN access is allowed with the Sales group policy
E. Any Connect, IPSec IKEv1, and IPSec IKEv2 VPN access is enabled on the outside interface
F. The Inside -SRV bookmark has not been applied to the Sales group policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
BC
解析
暂无解析
相关试题
【多选题】
Which three ESP fields can be encrypted during transmission?___
A. Security Parameter Index
B. Sequence Number
C. MAC Address
D. Padding
E. Pad length
F. Next Header
【多选题】
.Which three statements de scribe DHCP spoofing attacks?___
A. They can modify traffic in transit.
B. They are used to perform man- in-the-middle attacks
C. They use ARP poisoning
D. They can access most network devices
E. They protect the ide ntity of the attacker by masking the DHCP address.
F. They are can physically modify the network gateway.
【多选题】
Which statement about the communication between interfaces on the same security level is true?___
A. Interfaces on the same security level require additional configuration to permit interinterface communication
B. Configuring interfaces on the same security level can cause asymmetric routing
C. All traffic is allowed by default between interfaces on the same security level
D. You can configure only one interface on a n individual security level
【多选题】
In which two situations should you use in band management? ___
A. when the control plane fails to respond
B. when you require administrator access from multiple locations
C. when you require ROMMON access.
D. where a network device fails to forward packets
E. when multiple ma nagement applications need concument access to the device.
【多选题】
Which two features are supported in a VRF-aware softwar infrastructure before VRF-lite?___
A. multicast
B. fair queuing
C. WCCP
D.
E. IGRP
【多选题】
.Which loS command do you enter to test authentication again a AAA server?___
A. dialer aaa suffix <suffix> password <password>
B. ppp authentication chap pap test
C. test aaa-server authentication dialer group user name <user> password <password>
D. aaa authentication enable default test group tacases
【多选题】
Which two statements about the self zone on a cisco Xone based policy firewall are true?___
A. Multiple interfaces can be assigned to the self zone
B. it supports stateful inspections for multicast traffic
C. zone pairs that include the self zone apply to traffic transiting the device.
D. it can be either the source zone or the destination zone
E. traffic entering the self zone must match a rule
【多选题】
Which type of attack can exploit design flaws in the implementation of an application without ?___
A. DHCP starvation attacks
B. low-rate dos attacks
C. application DDos flood attacks
D. application DDoS flood attacks
E. volume-based DDoS attacks
【单选题】
Which type of firewall can server as the interme diary between a client and a server ?___
A. Stateless firewall
B. application firewall
C. proxy firewall
D. personal firewall
【单选题】
What is the highest security level that can be configured for an interface on an ASA?___
A. 0
B. 50
C. 10
D. 200
【单选题】
Which term refers to the electromagnetic interference that can radiate from network cables?___
A. Gaussian distributions
B. Doppler waves
C. emanations
D. multimode distortion
【单选题】
How does a zone pair handle traffic if the policy de fination of the zone pair is missing?___
A. It inspects all traffic.
B. It drops all traffic.
C. It permits all traffic wihtout logging
D. It permits and logs all traffic
【单选题】
default how does a zone based firewall handle traffic to add from the self zone?___
A. It permits all traffic without inspection
B. It inspects all traffic to determine how it is handled
C. It permits all traffic after inspection
D. It frops all traffic
【单选题】
Which command should beused to ena ble AAA Authentication to determine if a user can access the privilege command level?___
A. aaa authentication enable local
B. aaa authentication enable level=
C. aaa authentication enable method de fault
D. aaa authentication enable defa ult local
【单选题】
On an ASA, the policy indicates that traffic should not be translated is often referred to as which of the following?___
A. NAT zero
B. NAT forward
C. NAT nul
D. NAT allow
【单选题】
Which protocol offers data Integrity encryption, authentication, and anti-replay functions for IPSec VPN?___
A. ESP protocol
B. IKEv3 Protocol
C. AH protoco
D. IKEv1 Protocol
【单选题】
Which component offers a variety of security Solution, including firwall, IF Antivirus and antiphishing features?___
A. Cisco loS router
B. Cisco ASA 5500 Ser ies security appliance
C. Cisco ASA 5500 X series Next Gen Security appliance
D. Cisco 4200 series IPS appliance
【单选题】
Refer to the exhibit, A Network Secur ity administrator check the ASa firewall NAT policy table rith show nat command, which statement is fails?___
A. There are only reverse translation matches for the REAL SERvER object
B. First policy in the Section 1 is a dynamic nat entry defined in the object configuration
C. NAT policy in section 2 is static entry de fined in the object configuration
D. Translation in Section 3 used when a connection does not matches any entries in first two sections
【单选题】
What is true of an aSa in transparent mode ?___
A. It supports OSPF
B. It requires an IP address for each interface
C. It requires a management IP address
D. It allows the use of dynamic NaT
【单选题】
What is the effect of the ip scp server enable command?___
A. It references an access list that allows specific SCP servers
B. It allows the router to initiate requests to an SCP server
C. It allows the router to become an SCP server
D. It adds SCP to the list of allowed copy functions
【单选题】
How can you mitigate attacks in which the attacker attaches more than one vLan tag to a packet?___
A. Assign an access VLAN to every active port on the switch
B. Disable Ether Channel on the switch
C. Explicitly identity each VLAN allowed across the trunk
D.
E. nable transparent VTP on the switch
【单选题】
Which technology can you implement to centrally mitigate potential threats when users on your network download files that might be malicious?___
A. Enable file-reputation services to inspect all files that traverse the company network and block files with low reputation scores
B. Verify that the compa ny IpS blocks all known malicious website
C. Verity that antivirus software is installed and up to date for all users on your network
D. Implement URL filtering on the perimeter firewall
【单选题】
What is the most common implementation of PaT in a standard networked environment?___
A. configuring multiple external hosts to join the self zo ne and to communicate with one another
B. configuring multiple internal hosts to communicate outside of the network using the outside interface IP address
C. configuring multiple internal hosts to communicate outside of the network by using the inside interface IP address
D. configuring an any any rule to enable external hosts to communicate inside the network
【单选题】
Which component of a bYod architecture provides aAa services for endpoint access ?___
A. Integrated Services Router
B. access point
C. ASA
D. Identity Services
E. ngine
【单选题】
You are configuring a NAT rule on a Cisco ASA ,Which description of a mapped interface is true?___
A. It is mandatory for all firewall modes
B. It is optional in routed mode
C. It is optional in transparent mode
D. It is mandatory for ide ntity NAT only
【单选题】
Which description of the use of a private key is true ?___
A. The sender signs a message using the receivers private key
B. The sender signs a message using their private key
C. The sender encrypts a message using the receivers private key
D. The receiver decrypts a n15ssage using the sender's private key
【单选题】
Which mechanism does the FireAMP Connector use to avoid conflicts with other security applications such as antivirus products ?___
A. Virtualization
B. Containers
C. Sandboxing
D.
E. xclusions
【单选题】
Which network to pology de scribes multiple LANS in a gec? ___
A. SOHO
B. MAN
C. pan
D. CAN
【单选题】
Which statement represents a difference between an access list on an aSa versus an access list on a router?___
A. The asa does not support number access lists
B. The aSa does not support standard access list
C. The asa does not ever use a wildcard mask
D. The asa does not support extended access lists
【单选题】
Which command do you enter to verify the status and settings of an iKE Phase 1 tunnel?___
A. show crypto ipsec as output
B. show crypto isakmp
C. show crypto isakmp policy
D. show crypto ipsec transform
【单选题】
Which feature can help a router or switch maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch?___
A. service Policy
B. Control Plane Policing
C. Policy Map
D. Cisco
E. xpress
F. orwarding
【单选题】
Which STP feature can prevent an attacker from becoming the root bridge by immediately shutting down the interface when it receives a BPDU?___
A. root guard
B. Port Fast
C. BPDU guard
D. BPDU filtering
【单选题】
Which technology can best protect data at rest on a user system?___
A. full-disk encryption
B. IPsec tunnel
C. router ACL
D. network IPS
【多选题】
Which two primary security concerns can you mitigate with a BYOD solution ?___
A. schedule for patching the device
B. securing access to a trusted corporate network
C. compliance with applicable policies
D. connections to public Wi-Fi networks
E. device tagging and invento
【多选题】
choose five___
A. MD5————————inserure
B. DES————————insercure
C. SDES———————legacy
D. SHA-1———————legacy
E. HMAC-MD5—————legacy
【多选题】
Which two characteristics of symmetric encryption are true?___
A. It uses digital certificates
B. It requires more resources than asymmetric ancryption
C. It uses the same key to enctypt and decrupt traffic
D. It uses a public key and a pricate key to encrypt and decrypt traffic.
E. It is faster than asymmetric encryption
【多选题】
which two characteristics of PVLAN are true?___
A. Promiscuous porta can communicate with PVLAN ports.
B. Isolated ports cannot communicate with other ports on the same VLAN
C. Community ports have to be a part of the trunk.
D. They require VTP to be enabled in server mode
E. PVLAN ports can be configured as Ether Channel ports
【多选题】
What are two options for running Cisco SDM?___
A. Running SDM from a mobile device
B. Running SDM from within CiscoWorks
C. Running SDM from a router's flash
D. Running SDM from the Cisco web porta
E. Running SDM from a PC
【多选题】
Which two options are the primary deployment modeles for mobile device management?___
A. multisite
B. cloud-based
C. on premises
D. hybrid cloud basedo
E. single site
【多选题】
Drag the recommendation on the left to the Cryptographic algorithms on the right, Options will be used more than once.___
A. Avoid——————————————DES,MD5
B. Legacy——————————————SDES,SHA1,HMAC-MD5
推荐试题
【单选题】
服务支撑客户拜访外勤人员仪表,男士着装下列说法错误的是( )___
A. 西裤裤脚的长度以穿鞋后距地面1cm为宜;衬衫袖口的长度应超出西装袖口1cm为宜,袖口须扣上,衬衫下摆须掖在裤内。
B. 穿深色袜子,如黑色、深蓝、深灰色袜等;着黑色系带皮鞋,光亮无尘。
C. 领带长度以及皮带扣上下缘之间为宜;领带夹夹在衬衫的第四和第五粒扣子之间手腕部除手表外不得戴有其他装饰物,手指不能佩戴造型奇异的戒指,佩戴数量不超过一枚
D. 客户拜访可以穿着休闲服装,但不能穿牛仔裤
E.
F.
【单选题】
服务支撑客户上门拜访,与客户面对面的沟通中,下列说法错误的是( )___
A. 拜访过程中如果客户告知今天有紧急事情要处理时,则要求客户尽量按约定时间参与拜访,否则该季度将不再拜访该客户。
B. 如果自己的手机响起(进门前将手机调为震动挡),应征得客户同意后再接听,并快速结束对话
C. 出房间前,应向客户咨询是否需要关门,当客户同意时,道别后轻轻把门关上
D. 如果客户出门,应在走到门口的时候请客户留步,并说:“打扰您了,请留步”
E.
F.
【单选题】
符合下列哪几种情况时,电力负荷应为一级负荷? 。___
A. 中断供电将造成人身伤亡时
B. 中断供电将影响重要用电单位的正常工作时
C. 中断供电将在经济上造成重大损失时
D. 中断供电将造成大型影剧院等较多人员集中的重要的公共场所秩序混乱时
E.
F.
【单选题】
该项技术植根于移动领域,最初是3GPP为移动网络定义的,而在NGN的框架下,IMS应同时支持固定接入和( )___
A. 移动接入
B. 宽带接入
C. 微波接入
D. 光纤接入
E.
F.
【单选题】
告警现象,客户侧传输设备脱管,客户侧传输设备的上游传输网元对应端口上报MS_RDI告警,表示( ) ___
A. 客户侧传输设备单收客户侧传输设备的上游传输设备无光
B. 客户侧传输设备和客户侧传输设备的上游传输设备互收无光
C. 客户侧传输设备的上游传输设备单收客户侧传输设备无光
D. 客户侧传输设备停电
E.
F.
【多选题】
OLT双上联的机制有很多种,以下( )技术可以作为OLT双上联方式.___
A. 主控板保护
B. 以太网保护组
C. 链路聚合
D. ARP探测
E. Smart link&monitor link
F. BFD检测
【多选题】
下列哪三种说法正确描述了 PPP 身份验证. ( )___
A. PAP 以明文发送。
B. PAP 通过三次握手建立链路。
C. PAP 可防护反复试验性攻击。
D. CHAP 通过双向握手建立链路。
E. CHAP 使用基于 MD5 哈希算法的询问/响应方法。
F. CHAP 通过重复询问进行检验。
【多选题】
下列BGP 属性属于公认必遵的是( )___
A. ORIGIN
B. AS_PATH
C. NEXT_HOP
D. MED
E. LOCAL_PREF
F. COMMUNITY
【多选题】
专线设备现场交维规范中,以下哪些要求符合规范___
A. 基站可以安装交流设备
B. A级专线的跳纤点数量不得超过3个,普通级专线的跳纤点不得超过4个
C. 专线交维是通过第170流程系统进行的
D. 移交资料中“纤芯资料表”不是必备的,“电路调单”是必备的。
E. AAA专线、专网汇聚点必须实现双路由
F. 业务保障等级为AAA、AA级专线的跳纤点不得超过2个(全业务机房/基站到客户端之间的中间跳纤节点数)
【多选题】
在ITU-T G.984.3 标准中主要定义哪些内容标准.( )___
A. GTC帧结构介绍
B. DBA规格要求
C. GTC复用结构及协议栈介绍
D. ONU注册激活流程
E. 告警和性能
F. GPON TC层规格要求
【多选题】
在ITU-T G.984.3 标准中主要定义哪些内容标准.( )___
A. ONU注册激活流程
B. 告警和性能
C. DBA规格要求
D. GTC复用结构及协议栈介绍
E. GPON TC层规格要求
F. GTC帧结构介绍
【多选题】
以下对于PON网络的描述正确的是( )___
A. PON是一个单纤双向的网络
B. PON是一种点到多点(P2MP)结构的无源光网络
C. GPON使用的标准是ITU-T G.984.x
D. PON上行使用的FDMA技术
E. PON是Passive Optical Network 的缩写
F. PON由光线路终端OLT(Optical Line Terminal)、光网络单元 ONU( Optical Network Unit) 和光分配网络ODN(Optical Distribution Network)组成
【多选题】
PTN的采用的T-MPLS OAM的故障管理技术包括有( )___
A. 连续性检查(CC)
B. 环回(LB)
C. 告警指示(AIS)
D. 远程缺陷指示(RDI)
E. 锁定(LCK)
F. 测试(TST)
【多选题】
出现T_ALOS告警可能原因有( )。___
A. DDF架侧2M接口输出端口脱落或松动
B. 本站2M接口输入端口脱落或松动
C. DDF架侧2M接口输入端口脱落或松动
D. 基站停电
E. 光缆中断
F. 传输机房2M头松动
【多选题】
关于误码问题,常见设备原因有( )。 ___
A. 线路板接收侧信号衰减过大、对端发送电路故障、本端接收电路故障
B. 时钟同步性能不好
C. 交叉板与线路板、支路板配合不好
D. 支路板故障
E. 风扇故障
F. 单板失效或性能不好
【多选题】
在SDH中,开销可分为____和____两大类,段开销细分为____和____,通道开销细分为____和____。___
A. 段开销
B. 通道开销
C. 再生段开销
D. 复用段开销
E. 低阶通道开销(VC-12、VC-3中)
F. 高阶通道开销(VC-4)
【多选题】
网管的告警浏览中,可以看到所有网元上报的告警,每条告警元素包括哪些.( )___
A. 清除时间
B. 确认时间
C. 告警定位信息
D. 告警源
E. 告警发生时间
F. 告警名称
【多选题】
面向维护的验收交维主要包括 等工作( )___
A. 组网拓扑安全性梳理确认
B. 面向客户网管监控
C. 现场标签验收
D. 专线资料移交
E. 资源录入
F. 工程资料移交
【多选题】
ONU及其它硬件系统巡检中应检查项目为( )___
A. 检查ONU设备是否完好、能否正常使用
B. 检查设备标签是否合格
C. 检查ONU机柜通风系统是否正常工作
D. 检查ONU上行光缆标签及入户线缆标签是否齐全规范
E. 检查设备指示灯是否正常显示
F. 检查设备是否发出很大噪声
【多选题】
链路聚合(又叫快速以太网通道)是这样的,它把LAN交换机之间的多条链路组合起来,形成一条逻辑的高速以太网链路.但这些链路必须满足一定的条件,下面的哪些是必须满足的.( )___
A. 这些链路必须是FE或者GE,10M链路不能被聚合;
B. 这些链路必须工作在全双工模式;
C. 这些链路必须使用相同的链路层封装类型;
D. 如果这些链路作为TRUNK使用,那么每条链路上允许传送的VLAN必须一样;
E. 这些链路的物理介质必须一样,比如,UTP电缆和光纤不能捆绑在一起;
F. 这些链路的速率必须一样,比如,FE和GE不能捆绑在一起。
【多选题】
以下哪些属于防火墙的缺点()___
A. 防外不防内
B. 不能防范全部的威胁,特别是新产生的威胁
C. 在提供深度检测功能以及防火墙处理转发性能上需要平衡
D. 当使用端 - 端加密时,即有加密隧道穿越防火墙的时候不能处理
E. 防火墙本身可能会存在性能瓶颈,如抗攻击能力,会话数限制等
F.
【多选题】
下列关于 HDLC 封装的说法中哪三项正确. ( )___
A. HDLC 支持 PAP 和 CHAP 身份验证。
B. Cisco 路由器上实现的 HDLC 是
C. isco 的专有技术。 C.HDLC 使用帧字符与校验和来指定同步串行链路上的数据封装方法。
D. HDLC 是 Cisco 路由器上的默认串行接口封装方法。
E. HDLC 和 PPP 相互兼容。 HDLC 不支持 CDP。
F. "
【多选题】
下面的光纤连接描述哪些是正确的( )___
A. 业务-OTUG-OMU-OBA-线路ODF
B. 调度ODF-OTUG-OMU-SDMT-线路ODF
C. 线路ODF-OLA-SDMR-线路ODF
D. 线路ODF-OPA-OAD-SDMT-线路ODF
E. 线路ODF-OPA-OSCT
F.
【多选题】
根据交换机处理 VLAN 数据帧的方式不同,H3C 以太网交换机的端口类型分为( )___
A. access 端口
B. trunk 端口
C. 镜像端口
D. hybrid 端口
E. monitor端口
F.
【多选题】
QoS旨在针对各种应用的不同需求,为其提供不同的服务质量,例如:提供专用带宽、减少报文丢失率、降低报文传送时延及时延抖动等。为实现上述目的,QoS提供了下述功能:( )___
A. 报文分类和着色
B. 网络拥塞管理
C. 网络拥塞避免
D. 流量监管和流量整形
E. QoS信令协议
F.
【多选题】
QoS旨在针对各种应用的不同需求,为其提供不同的服务质量,例如:提供专用带宽、减少报文丢失率、降低报文传送时延及时延抖动等.为实现上述目的,QoS提供了下述功能( )___
A. 报文分类和着色
B. 网络拥塞管理
C. 网络拥塞避免
D. 流量监管和流量整形
E. QoS信令协议
F.
【多选题】
以下查看历史性能路径哪些是正确的.( )___
A. “对象树”选项卡系统快捷菜单“历史性能”
B. x=H,bc=00时,表示为增量热补丁包
C. 菜单栏选项
D. “对象树”选项卡盘快捷菜单“历史性能”
E. “ONU列表”ONU快捷菜单“历史性能”
F.
【多选题】
专线工程部门提供的验收相关材料包含( )___
A. 集客末端设备现场照片
B. 《集团客户专线施工设计方案》
C. 《末端数据设备信息》文件
D. 《专线业务及联调测试报告》
E. 《集客专线项目健康度评估表》
F.
【多选题】
ISP分配给你一个115.64.4.0/22的地址块,以下那些地址是可使用的主机地址?___
A. 115.64.8.32
B. 115.64.7.64
C. 115.64.6.255
D. 115.64.3.255
E. 115.64.5.128
F.
【多选题】
光纤通信系统存在三个传输窗口____、____、____。其中零色散窗口波长为____,最小损耗窗口波长为____。___
A. 850nm
B. 1310nm
C. 1550nm
D. 1310n
E. 1550nm
F.
【多选题】
以下哪两个地址是192.168.15.19/28子网内的主机可用地址?___
A. 192.168.15.17
B. 192.168.15.14
C. 192.168.15.29
D. 192.168.15.16
E. 192.168.15.31
F.
