【多选题】
When using the Adaptive Security Device Manager(ASDM), which two options are available to add a new root certificate?___
A. Install from SFTP server
B. Usehttps
C. Install from a file
D. Use LDAP
E. Use SCEP
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
CE
解析
暂无解析
相关试题
【多选题】
Which two SNMPv3 services support its capabilities as a secure networ k manage protocol? ___
A. access control
B. the shared secret key
C. authentication
D. authorization
E. accounting
【多选题】
Which two statements about routed firewall mode are true ?___
A. The firewall acts as a routed hop in the network
B. This mode conceals the presence of the firewall
C. The firewall requires a unique iP address for each interface
D. This mode allows the firewall to be added to an existing networ k with minimal additional configuration By default, this mode permits most traffic to pass throug
【多选题】
Which two statements describe DHCP spoofing attacks?___
A. They are used to perform man-in- the-middle attacks
B. They can access most network devices
C. They can modify the flow of traffic in transit. LNGKAIG
D. They protect the identity of ti attacker by masking the DHCP address
E. They can physically modify the network gateway
【多选题】
Which two types of VLANs using PVLANs are valid?___
A. isolated
B. promiscuous
C. backup
D. secondary
E. community
【多选题】
What are two limitations of the self-zone policies on a zone-based firewall?___
A. They are unable to block Https traffic
B. They restrict SNMP traffic.
C. They are unable to support Https traffic
D. They are unable to implement application inspection
E. They are unable to perform rate limiting
【多选题】
Which two descriptions of TACACS+ are true? ___
A. The TACACS+ header is unencrypted
B. It combines a uthentication and authorization
C. It uses TCP as its transport protocol
D. Only the password is encrypted.
E. It uses UDP as its transport protocol.
【多选题】
Which two actions does an IPS perform? ___
A. it spans the traffic
B. it reflects the traffic back to the sender
C. it encrypts the traffic
D. it terminates the user session or connection of the attacker
E. it reconfigures a device to block the traffic
【多选题】
In which form of fraud does an attacker try to learn information such as login credenti account information by ma squerading as a reputable entity or person in email, IM or communication channels ?___
A. phishing
B. Smurfit
C. Hacking
D. Identity Spoofing
【多选题】
Which two ESA services are available for incoming and outgoing mails ?___
A. anti-DoS
B. reputation filter
C. antispam
D. content filter
E. DLP
【多选题】
What are two reasons to recommend SNMPv 3 over SNMPv2?___
A. SNMPv3 is secure because you can configure authe ntication and privacy
B. SNMPv3 is insecure because it send in formation in clear text
C. SNMPv2 is insecure because it send information in clear text
D. SNMPv3 is a Cisco proprietary protocol
E. SNMPv2 is secure because you can configure authentication and privacy
【多选题】
Which two actions can a zone- based firewall apply to a packet as it transits a zone pair?___
A. drop
B. inspect
C. queue
D. quarantine
【单选题】
Which security principle has been violated if data is altered in an unauthorized manner?___
A. accountability
B. confidentiality
C. availability
D. integrity
【单选题】
Which IKE Phase 1 parameter can you use to require the site-to-site VPN to use a pre-shared ?___
A. encryption
B. authentication
C. group
【单选题】
Which command successfully creates an administrative user with a password of "cisco"on a Cisco router?___
A. username Operator privilege 7 password cisco
B. username Operator privilege 1 password cisco
C. username Operator privilege 15 password cisco
D. username Operator password cisco privilege 15
【单选题】
Which EAP method authenticates a client against Active Directory without the use of client-side 802.1X certificates?___
A. EAP-TLS
B. EAP-MSCHAPv2
C. EAP-PEAP
D.
E. AP-GTC
【单选题】
What is a limitation of network-based IPS?___
A. It must be in dividually configured to support every operating system on the network.
B. It is most effective at the in dividual host level
C. It is unable to monitor attacks across the entire netw ork
D. Large installations require numerous sensors to fully protect the network
【单选题】
When would you configure the ip dhcp snooping trust command on a sw itch?___
A. when the switch is connected to a DHCP server
B. when the switch is working in an edge capacit
C. when the switch is connected to a client system
D. when the switch is serving as an aggregator
【单选题】
How does the 802. 1x supplicant communicate with the authentication server?___
A. The supplicant creates EAP packets and sends them to the authenticator, which encapsulates them into RADIUS and forwards them to the authentication server.
B. The supplicant creates RADIUS packets and sends them to the authe nticator, which encapsulates the m into EAP and forwards them to the a uthentication server.
C. The supplicant creates RADIUS packets and sends them to the authenticator, which translates them into eap and forwards them to the a ut hentication server
D. The supplicant creates
E. AP packets and sends them to the authe nticator, which translates them into radius and forwards them to the authentication server.
【单选题】
Which command do you enter to verify the phase I status of a VPN connection?___
A. sh crypto se ssion
B. debug crypto isakmp
C. sh crypto isakmp sa
D. sh crypto ipsec sa
【单选题】
Refer to the exhibit. what is the e ffect of the given configuration?___
A. It enables authentication,
B. It prevents keychain authentication.
C. The two routers receive normal updates from one another.
D. The two device s are able to pass the message digest to one another.
【单选题】
Which command can you enter to configure OSPF to use hashing to authenticate routing updates?___
A. ip ospf aut hentication message-digest
B. neighbor 192 168.0 112 cost md5
C. ip ospf priority 1
D. ip ospf aut hentication-key
【单选题】
Which command can you enter to verify the status of Cisco lOS Resilient Configuration on a Cisco router?___
A. show secure bootset
B. secure boot-image
C. show binary file
D. ure boot-config
【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
推荐试题
【多选题】
海关部门应当收集、汇总___信息,并及时通报相关部门、机构和企业。
A. 海关对进出口食品实施检验检疫发现的食品安全信息
B. 食品行业协会和消费者协会等组织、消费者反映的进口食品安全信息
C. 国际组织、境外政府机构发布的风险预警信息及其他食品安全信息
D. 境外食品行业协会等组织、消费者反映的食品安全信息
【多选题】
海关定期对采购的食品及原料进行抽查,并对其卫生档案进行审核。卫生档案应当包括___。
A. 营业执照;生产许可证;卫生许可证
B. 使用进口原材料者,需提供进口食品卫生证书
C. 供货合同或者意向书
D. 相关批次的检验合格证或者化验单
【多选题】
关于国境口岸供水单位及其工作人员的管理要求,以下说法正确的是___。
A. 供水单位应建立饮用水卫生管理制度,配备专职人员,负责饮用水日常卫生管理工作
B. 直接从事供、管水的人员必须取得体检合格证后方可上岗工作,且每两年进行一次健康检查
C. 直接从事供、管水的人员,须经卫生知识培训考核及格后方可上岗,且每年复核和登记
D. 凡患有痢疾、伤寒、甲型病毒性肝炎、戊型病毒性肝炎、活动性肺结核、化脓性或渗出性皮肤病等疾病的和病原携带者,不得直接从事供、管水工作
【多选题】
关于向入出境交通工具供应饮用水的管理要求,以下说法正确的是___。
A. 在向口岸入出境交通工具供应饮用水前,生产经营单位应当向海关进行申报
B. 供应生产经营单位应具备所在地海关核发的《中华人民共和国国境口岸卫生许可证》
C. 经海关对基本申报信息、供应登记记录、相关检验报告以及其他必要的有关资料等审核无误后,方可供应饮用水
D. 海关对供应饮用水卫生监督实施采样时,应当向被监督单位出具采样通知书
【多选题】
下列关于口岸生活饮用水卫生消毒要求的表述,正确的是___:
A. 如使用消毒剂氯气及游离氯制剂(游离氯,mg/L),则与水接触时间至少为12分钟
B. 如使用消毒剂氯气及游离氯制剂(游离氯,mg/L),则管网末梢水中氯含量应大于等于.03
C. 如使用消毒剂二氧化氯(ClO2,mg/L),则与水接触时间至少为30分钟
D. 如使用消毒剂二氧化氯(ClO2,mg/L),则管网末梢水中氯含量应大于等于0.02
【多选题】
下列关于对口岸供水单位的经常性卫生监督的表述,正确的是___:
A. 卫生许可证有效期为三年,每年复核一次。在有效期前一个月,生产经营单位应申请换证
B. 口岸供水经营单位新建供水系统,在投入使用前,需要经过地方环境资源部门的验收同意,并向所在地海关通报或抄送验收情况
C. 口岸供水经营单位采取集中式供水的,生产区外围30米内应保持良好的卫生状况
D. 口岸供水经营单位在日常经营和维护过程中,应建立健全的卫生管理工作档案和责任制度
【多选题】
食品卫生监督职责有___。
A. 进行食品卫生监测、检验和技术指导
B. 对食品生产经营企业的新建、扩建、改建工程的选址和设计进行卫生审查,并参加工程验收
C. 对违反本法的行为追查责任,依法进行行政处罚
D. 协助培训食品生产经营人员,监督食品生产经营人员的健康检查
【多选题】
《中华人民共和国食品安全法》规定禁止生产经营___。
A. 含有毒、有害物质或者被有毒、有害物质污染,可能对人体健康有害的
B. 未经兽医卫生检验或者检验不合格的肉类及其制品
C. 容器包装污秽不洁、严重破损或者运输工具不洁造成污染的
D. 用非食品原料加工的,加入非食品用化学物质的或者将非食品当作食品的
【多选题】
___不得从事接触直接入口食品的工作。
A. 患有痢疾、伤寒、病毒性肝炎等消化道传染病的人员
B. 患有活动性肺结核、化脓性疾病的人员
C. 患有渗出性皮肤病疾病的人员
D. 患有轻微腰疼疾病的人员
【多选题】
下列关于食品检验的表述,正确的是___:
A. 食品检验实行食品检验机构与检验人负责制
B. 食品检验机构和检验人对出具的食品检验报告负责
C. 食品检验报告应当加盖食品检验机构公章
D. 食品检验报告无须检验人的签名或者盖章
【多选题】
《中华人民共和国国境卫生检疫法实施细则》对饮用水、食品及从业人员的卫生要求是___。
A. 国境口岸内涉外的宾馆和入境、出境交通工具上的食品、饮用水从业人员应当持有卫生检疫机关签发的健康证书,该证书自签发之日起12个月内有效
B. 国境口岸和交通工具上的食品、饮用水必须符合有关的卫生标准
C. 国境口岸内的涉外宾馆,以及向入境、出境的交通工具提供饮食服务的部门,营业前必须向卫生检疫机关申请卫生许可证
D. 国境口岸内凡涉及至饮用水、食品及从业人员的卫生要求皆可由地方卫生当局代为管辖
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,航空配餐生产场所的照明要求包括___。
A. 加工场所工作面的照度不得低于220lx
B. 食品检查工作面的照度不得低于540lx
C. 其他区域照度不得低于100lx
D. 食品出货平台照度不得低于200lx
【多选题】
航空食品运输工具的卫生要求包括___:
A. 冷链、热链食品的运输工具应配备温度控制设备和温度监测装置
B. 第二质量控制期小于6h的航空配餐的运输工具可不具备温控设备,但需采取有效温度控制措施并配备温度监测装置,确保食品储运温度或食品温度满足卫生要求
C. 冷链、热链食品的运输工具能确保食品存放厢(箱)体内温度或食品中心温度低于10℃或高于60℃
D. 航空配餐生产企业应配置专用的航空食品运输工具
【多选题】
航空配餐企业采购食品及其原料时,验收项目包括___:
A. 按供货批次查验供应商提供的产品合格证明文件
B. 查验潜在风险食品时,应对其表面温度进行检测
C. 对食品感官性状、外包装完整性及标识(产品名称、批号、生产日期/出厂日期、保质期、厂家及产地等)进行查验,对存在感官性状异常或食品包装破损、渗漏、产气膨胀、过期及其他不符合项的产品应当拒收
D. 食品运输工具及容器应满足运输食品储运条件要求,并清洁卫生。食品原料、半成品及成品应分类包装运输,不得与有毒有害物品混装混运
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,需记录食品解冻过程的关键信息包括___:
A. 食品种类
B. 解冻初始时间
C. 解冻介质温度
D. 解冻结束时间及食品表面温度
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,冷链食品热加工后,应进行速冷处理,冷却速率应满足___。
A. 食品中心温度由57℃降至10℃以下所需时间应≤4h
B. 食品中心温度由57℃降至10℃以下所需时间应≤2h
C. 食品中心温度由57℃降至5℃以下所需时间应≤6h,且食品中心温度由57℃降至21℃所需时间应≤2h
D. 食品中心温度由57℃降至5℃以下所需时间应≤4h,且食品中心温度由57℃降至21℃所需时间应≤2h
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,食品速冷记录内容包括___:
A. 日期
B. 食品名称
C. 速冷处理初始时间及温度
D. 速冷处理结束时间及温度
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,冷链食品操作应根据操作间的环境温度,按___严格控制操作时间。
A. 操作间环境温度低于5℃的,操作时间不作限制。
B. 操作间环境温度处于5℃~15℃(含)的,食品出冷藏库到操作完毕入冷藏库的时间应≤60min
C. 操作间环境温度处于15℃~21℃(含)的,食品出冷藏库到操作完毕入冷藏库的时间应≤45min
D. 操作间环境温度高于21℃的,食品出冷藏库到操作完毕入冷藏库的时间应≤45min,且食品表面温度应≤10℃
【多选题】
根据《航空食品卫生规范》(GB31641-2016)要求,冷链食品分装、装配及冷食制作过程中,应定时(至少1次/6h)监测操作间的环境温度,并准确记录,内容包括___。
A. 纠偏措施(如有)
B. 操作初始时间及结束时间
C. 操作前后食品表面温度(操作间环境温度高于21℃)
D. 操作间环境温度
【多选题】
食品生产企业应当对___实施控制要求,保证所生产的食品符合食品安全标准。
A. 原料采购、原料验收、投料等原料控制
B. 原料检验、半成品检验、成品出厂检验等检验控制
C. 生产工序、设备、贮存、包装等生产关键环节控制
D. 运输和交付控制
【多选题】
___,由县级以上人民政府食品安全监督管理部门责令改正,给予警告;拒不改正的,处五千元以上五万元以下罚款;情节严重的,责令停产停业,直至吊销许可证。
A. 食品、食品添加剂生产者未按规定对采购的食品原料和生产的食品、食品添加剂进行检验
B. 保健食品生产企业未按规定向食品安全监督管理部门备案,或者未按备案的产品配方、生产工艺等技术要求组织生产
C. 婴幼儿配方食品生产企业未将食品原料、食品添加剂、产品配方、标签等向食品安全监督管理部门备案
D. 特殊食品生产企业未按规定建立生产质量管理体系并有效运行,或者未定期提交自查报告
【多选题】
已经注册的境外食品生产企业因___应当撤销注册,并予以公告。
A. 提供虚假材料
B. 因境外食品生产企业的原因致使相关进口食品发生重大食品安全事故的
C. 向我国出口的食品没有中文标签
D. 食品添加剂中文标签、中文说明书不符合要求
【多选题】
食品生产厂区选址___。
A. 不应选择对食品有显著污染的区域
B. 不应选择有害废弃物以及粉尘、有害气体、放射性物质和其他扩散性污染源不能有效清除的地址
C. 不宜择易发生洪涝灾害的地区,难以避开时应设计必要的防范措施
D. 周围不宜有虫害大量孳生的潜在场所,难以避开时应设计必要的防范措施
【多选题】
下列关于食品生产厂区墙壁要求的表述,正确的是___:
A. 墙面、隔断应使用无毒、无味的防渗透材料建造
B. 在操作高度范围内的墙面应光滑、不易积累污垢且易于清洁
C. 不能使用涂料
D. 墙壁、隔断和地面交界处应结构合理、易于清洁,能有效避免污垢积存
【多选题】
下列关于食品生产加工人员卫生要求的表述,错误是___:
A. 进入食品生产场所前应整理个人卫生,防止污染食品
B. 进入作业区域应规范穿着洁净的工作服,并按要求洗手、消毒;头发应藏于工作帽内或使用发网约束
C. 进入作业区域不应配戴饰物、手表,可以化妆、染指甲、喷洒香水
D. 使用卫生间后,再次从事接触食品、食品工器具、食品设备等与食品生产相关的活动前不用洗手消毒
【多选题】
食品生产者发现生产的食品不符合食品安全标准或存在其他不适于食用的情况时,应___。
A. 应当立即停止生产
B. 召回已经上市销售的食品
C. 只通知相关生产经营者
D. 记录召回和通知情况
【多选题】
___,应当实施一级召回。
A. 食品食用后可能致人死亡的
B. 食品食用后可能导致严重健康损害的
C. 食品食用后已经导致一般健康损害的
D. 食品标签、标识存在虚假标注的
【多选题】
下列关于食品安全标准的表述,正确的是___:
A. 制定食品安全标准,应当以保障公众身体健康为宗旨,做到科学合理、安全可靠
B. 食品安全标准是强制执行的标准
C. 除食品安全标准外,鼓励制定其他食品强制性标准
D. 食品安全国家标准由国务院食品安全监督管理部门制定、公布
