【单选题】
A user on your network inadvertently activates a botnet program that was received as an emai attachment. Which type of mechanism does Cisco Firepower use to detect and block only the botnet attack?___
A. network-based access control rule
B. reputation-based
C. user-ba sed access control rule
D. botnet traffic filter
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
What does the policy map do in CoPP?___
A. defines service parameters
B. defines packet selection parameters
C. defines the packet filter
D. define s the action to be performed
【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
推荐试题
【多选题】
《党章》规定,在新世纪新时代,经济和社会发展的战略目标是___
A. 到本世纪中叶,全面建成小康社会
B. 到本世纪末,人均国内生产总值达到中等发达国家水平
C. 到建党一百年时,全面建成小康社会;
D. 到新中国成立一百年时,全面建成社会主义现代化强国
【多选题】
《党章》规定,党的建设必须坚决实现的基本要求是:___
A. 坚持党的基本路线
B. 坚持解放思想,实事求是,与时俱进,求真务实
C. 坚持全心全意为人民服务
D. 坚持民主集中制
E. 坚持从严管党治党
F. 坚持理论联系实际
【多选题】
根据《党章》,以下说法正确的是___
A. 凡属应由下级组织处理的问题,如无特殊情况,上级领导机关不要干预。
B. 党组织讨论决定问题,必须执行少数服从多数的原则。
C. 下级组织即便认为上级组织的决定不符合本地区、本部门的实际情况,也只能坚决执行。
D. 党的各级组织的报刊和其他宣传工具,必须宣传党的路线、方针、政策和决议。
【多选题】
根据《党章》,以下关于党员的权利的表述,正确的是:___
A. 参加党的有关会议,阅读党的有关文件,接受党的教育和培训
B. 在党的会议上和党报党刊上,参加关于党的政策问题的讨论
C. 对党的工作提出建议和倡议
D. 对党的决议和政策如有不同意见,在坚决执行的前提下,可以声明保留,可以把自己的意见向党的上一级组织提出,但不得越级提出。
【多选题】
以下内容有哪些属于《党章》中坚持民主集中制的要求___
A. 加强组织性纪律性,在党的纪律面前人人平等
B. 加强对党的领导机关和党的领导干部的监督,不断完善党内监督制度
C. 党在自己的政治生活中正确地开展批评和自我批评,在原则问题上进行思想斗争,坚持真理,修正错误
D. 努力营造又有集中又有民主,又有纪律又有自由,又有统一意志又有个人心情舒畅的生动活泼的政治局面
【多选题】
《党章》规定,我国社会主义建设的根本任务是___并且为此而改革生产关系和上层建筑中不适应生产力发展的方面和环节
A. 进一步解放生产力
B. 发展生产力
C. 加强精神文明建设
D. 逐步实现社会主义现代化
【多选题】
《党章》规定,改革开放以来我们取得一切成绩和进步的根本原因是___
A. 坚持了一个中心两个基本点
B. 开辟了中国特色社会主义道路
C. 形成了中国特色社会主义理论体系
D. 建设了社会主义市场经济体制
【多选题】
《党章》规定,中国共产党领导人民发展社会主义民主政治,坚持___有机统一,走中国特色社会主义政治发展道路,扩大社会主义民主,建设中国特色社会主义法治体系,建设社会主义法治国家,巩固人民民主专政,建设社会主义政治文明。
A. 党的领导
B. 人民当家作主
C. 以德治国
D. 依法治国
【多选题】
《党章》规定,要实施___,充分发挥科学技术作为第一生产力的作用,充分发挥创新作为引领发展第一动力的作用,依靠科技进步,提高劳动者素质,促进国民经济更高质量、更有效率、更加公平、更可持续发展。
A. 创新驱动发展战略
B. 科教兴国战略
C. 人才强国战略
D. 可持续发展战略
【多选题】
根据《中国共产党问责条例》,党的问责工作是由党组织按照职责权限,追究在党的建设和党的事业中失职失责党组织和党的领导干部的___
A. 主体责任
B. 监督责任
C. 领导责任
D. 直接责任
【多选题】
64《重庆市实施中国共产党问责条例办法》中指出,对于事实清楚、不需要调查核实,对党的领导干部采取___方式问责的,可以直接作出问责决定。
A. 通报
B. 诫勉
C. 组织调整或者组织处理
D. 纪律处分
【多选题】
《中共中央政治局贯彻落实中央八项规定的实施细则》,主要包括哪几个方面___的内容
A. 改进调查研究
B. 规范出访活动
C. 精简会议活动和文件简报
D. 改进新闻报道
E. 加强督促检查
F. 厉行节约
【多选题】
全行各级党组织主要负责人党风廉政建设第一责任的内容包括___。
A. 切实履行党风廉政建设第一责任人的责任
B. 督促班子其他成员履行“一岗双责”
C. 严把干部选拔任用关
D. 加强对查办违纪违规案件的领导
E. 充分发挥表率作用
【多选题】
全行各级党组织班子成员党风廉政建设的责任内容包括___。
A. 认真履行“一岗双责”
B. 加强对分管条线(部室)党风廉政建设工作的监督检查
C. 严格执行廉洁从业和改进作风各项规定
D. 严把干部选拔任用关
【多选题】
总行及分支机构党的组织要加强对纪检监察组织查处违纪违规案件的领导,支持和督促纪检监察组织依纪依规查处违纪违规问题。推动纪检监察组织___
A. 转职能
B. 转方式
C. 转作风
D. 转工作
【多选题】
各级党组织主要负责人要定期主持召开领导班子会议,研究、部署、落实党风廉政建设工作,___。
A. 重要工作亲自部署
B. 重大问题亲自过问
C. 重点环节亲自协调
D. 重要案件亲自督办
【多选题】
全行各级班子成员要把党风廉政建设与分管业务工作___,协助同级党组织负责人落实好本单位党风廉政建设工作的具体部署和安排。
A. 两张皮
B. 同布置
C. 同考核
D. 同检查
【多选题】
总行及分支机构纪委和纪检人员要坚持从严治企,坚决查处党员干部贪污腐化、失职渎职等违纪违规案件,重点查处___。
A. 十八大后不收敛不收手
B. 问题线索反映集中、群众反映强烈
C. 现在重要岗位且可能还要提拔使用的党员干部
D. 一把手
【多选题】
总行及分支机构纪委和纪检人员要进一步落实“三转”要求,聚焦党风廉政建设和反腐败工作,明确职责定位,准确把握工作内涵,积极___,坚决把不该管的工作交还主责部门,做到不越位、不缺位、不错位。
A. 转职能
B. 转方式
C. 转作风
D. 转工作
【多选题】
总行及分支机构党委每年书面向上一级党委和纪委专题报告上年度履行党风廉洁建设主体责任的内容包括___。
A. 领导班子集体履行党风廉政建设主体责任情况
B. 主要负责人履行“第一责任人”责任情况
C. 领导班子其他成员履行“一岗双责”情况
D. 落实党风廉政建设主体责任存在的问题及建议
E. 上级交办的党风廉政建设事项完成情况
【多选题】
总行及分支机构纪委每年书面向同级党委和上级纪委报告上年度履行监督责任的内容包括___。
A. 纪委集体履行监督责任情况
B. 主要负责人履行监督责任情况
C. 落实党风廉政建设监督责任存在的问题及建议
D. 上级交办的党风廉政建设事项完成情况
【多选题】
加强党的领导关键是坚持党中央集中统一领导。只有增强___,自觉在思想上政治上行动上同以习近平同志为总书记的党中央保持高度一致,才能使我们党更加团结统一,坚强有力。
A. 政治意识
B. 大局意识
C. 核心意识
D. 看齐意识
【多选题】
监督执纪“四种形态”包括___。
A. 党内关系要正常化,批评和自我批评要经常开展,让咬耳扯袖、红脸出汗成为常态
B. 党纪轻处分和组织处分要成为大多数
C. 对严重违纪的重处分、作出重大职务调整应当是少数
D. 严重违纪涉嫌违法立案审查的应当是极极少数
【多选题】
银行业金融机构从业人员职业操守适用范围包括___。
A. 银行业金融机构董(理)事会成员、监事会成员及高级管理人员
B. 与银行业金融机构签订劳动合同的在岗人员
C. 银行业金融机构聘用与劳务代理机构签订协议直接从事金融业务的其他人员
D. 境内银行业金融机构委派到国(境)外分支机构、控股、参股公司的从业人员
【多选题】
银行业金融机构从业人员应当___。
A. 学法、懂法、守法,保守国家秘密和商业秘密,自觉维护国家利益和金融安全
B. 依法、客观、真实反映银行业金融机构业务信息
C. 具备岗位任职资格或能力,熟练掌握业务技能,自觉遵守行业自律制度和本单位规章制度,合规操作
D. 对尚未发生但存在潜在风险隐患的行为,按照相关报告制度规定进行及时报告
