【单选题】
How is management traffic isolated on a Cisco ASR 1002?___
A. Traffic isolation is done on the vlan level
B. There is no management traffic isolation on a Cisco ASR 1002
C. Traffic is isolated based upon how you configure routing on the device
D. The management interface is configured in a special vRF that provides traffic isolation from the default routing table
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
D
解析
暂无解析
相关试题
【单选题】
Which statement about NaT table evaluation in the asa is true?___
A. After-auto NAT polices are appl d first
B. Manual NAT policies are applied first
C. the asa uses the most specific match
D. Auto NAT policies are applied first
【单选题】
Which information can you display by executing the show crypto ipsec sa command?___
A. ISAKMP SAs that are established between two peers
B. recent changes to the IP address of a peer router
C. proxy infor mation for the connection between two peers
D. IPsec SAs established between two peers
【单选题】
How can you prevent NAT rules from sending traffic to incorrect interfaces?___
A. Assign the output interface in the NAT statement
B. Add the no-proxy-arp command to the nat line.
C. Configure twice NAT instead o bject NAT. 5
D. Use packet-tracer rules to reroute misrouted NAT entries.
【单选题】
What term can be defined as the securing, control, and identification of digital data?___
A. cryptography
B. crypto key
C. cryptoanalysis
D. cryptology
【单选题】
Which feature in the dNS security module provide on and off network DNS protection?___
A. Data Loss Prevention
B. Umbrella
C. Real-time sandboxing
D. Layer-4 monitoring
【单选题】
Which a dverse consequence can occur on a network without BPDu guard ?___
A. The olde st switch can be elected as the root bridge
B. Unauthorized switches that are connected to the network can cause spanning-tree loops
C.
D. ouble tagging can cause the switches to experience CAM table overload.
【单选题】
What configuration is required for multitenancy ?___
A. shared infrastructure
B. multiple carriers
C. co-located resources
D. multiple separate zones
【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
推荐试题
【单选题】
关于凭证调拨说法错误的是___
A. 调拨时,系统只校验输入的号码段数量,而不校验该凭证是否在柜员的尾箱中,只有在调拨交易授权提交后才会校验;
B. 调出柜员与调入柜员必须属于同一网点的不同柜员;
C. 调入柜员为签到状态;
D. 调拨时凭证号码必须从最小号开始,可以在界面上输入任意存在号码。
【单选题】
下列说法错误的是___
A. 柜员申请领用重要空白凭证时无须会计主管授权
B. 签发重要空白凭证时必须按顺序使用,逐份销号
C. 出售重要空白凭证时必须核对客户提供的预留银行印鉴
D. 重要空白凭证作废时,必须加盖“作废”章,剪角后作为当日有关凭证的附件
【单选题】
开立基本存款账户应在___,由客户经理或指定人员实地走访客户,切实履行“客户尽职调查”义务。
A. 开户前
B. 开户后一个星期内
C. 开户后一个月内
D. 开户后6个月内
【单选题】
在为客户提供单笔人民币___万元(含)或外币等值( )美元(含)以上一次性金融服务时,应识别客户身份。
A. 1,1000
B. 1,2000
C. 2,2000
D. 2,1000
【单选题】
营业机构为自然人客户办理___现金存取的,应当识别客户身份。核查客户本人、代理人的居民身份证件,完整登记客户本人、代理人的身份基本信息。
A. 人民币单笔5万元(含)以上或者外币等值1万美元(不含)以上
B. 人民币单笔5万元(含)以上或者外币等值5千美元(不含)以上
C. 人民币单笔5万元(含)以上或者外币等值1万美元(含)以上
D. 人民币单笔5万元(含)以上或者外币等值5千美元(含)以上
【单选题】
总行运营管理部设置上报___,主要用于反洗钱系统中的数据包报送管理等,在业务发生后的10个工作日内,登录反洗钱监控系统,进行组包发送等处理。(操作指引无相关内容)
A. 编辑岗
B. 审核岗
C. 审批岗
D. 管理岗
【单选题】
大额交易报告在交易发生之日起的___个工作日内以电子方式提交。 可疑交易报告在按我行可疑交易操作规程确认为可疑交易后,及时以电子方式提交可疑交易报告。
A. 5
B. 15
C. 20
D. 25
【单选题】
按照完整准确、安全保密的原则,将大额交易和可疑交易报告、反映可疑交易分析及内部处理情况的工作记录等信息资料自生成之日起至少保存___年。
A. 1
B. 2
C. 3
D. 5
【单选题】
总行运营管理部报送管理岗每天登录反洗钱系统,对大额交易报告或可疑交易报告进行组包、报送。大额交易报告或可疑交易报告内容要素不全或存在错误的,在接到补正通知之日起___个工作内补正,并对大额可疑交易报告再组包,报送。
A. 2
B. 3
C. 4
D. 5
【单选题】
恐怖活动组织及恐怖活动人员名单调整的,反洗钱义务机构应当立即针对本机构的存量客户以及上溯___内的交易开展回溯性调查,并按规定提交可疑交易报告。
A. 1年
B. 2年
C. 3年
D. 5年
【单选题】
若本人未满___周岁,须由监护人代为办理,需提供监护人的身份证,本人身份证或户口簿,以及证明监护人关系的户口簿。如果户口簿无法证明监护人关系,需额外提供能证明监护人关系的证明(如公证证明、派出所的子女关系证明、法院判决、出生证明等)。
A. 15
B. 16
C. 17
D. 18
【单选题】
外国公民来我行开户时应出具___外国边民,按照边贸结算的有关规定办理)。
A. 护照或外国人永久居留证
B. 护照或其他有效旅行证件
C. 护照或村民居委会证明
D. 护照或往来大陆通行证
【单选题】
客户申请客户信息维护需凭有效身份证件办理,对于证件或证件号码变更的,还应提供___
A. 发证机关等有权机关出具的相关证明文件
B. 户籍所在地公安机关的设分变更证明
C. 村委会出具的证明
D. 公安机关出具的证明
【单选题】
为不在本机构开立账户的客户提供现金汇款、现金方式解付应解汇款、银行汇票、银行本票对付等一次性金融服务且交易金额单笔人民币1万元(含)以上或等值___美元(含)以上的应出示身份证件,进行联网核查(非居民身份证的,视角核对),并留存身份证件复印件或影印件的业务。
A. 1000
B. 2000
C. 5000
D. 10000
【单选题】
以下哪一项不属于出示身份证件,进行联网核查(非居民身份证的,视角核对),并留存身份证件复印件或影印件的业务___
A. 开立个人结算账户,开立客户号
B. 变更存款人证件类型、证件号码
C. 购买现金支票、转账支票等重要空白凭证的
D. 为不在本机构开立账户的客户提供银行本票对付等一次性金融服务且交易金额单笔人民币1万元(含)以上或等值5000美元(含)以上的
【单选题】
自助柜员机吞没卡领卡需要___。
A. 出示身份证件,进行联网核查,并留存身份证件复印件或影印件的业务。
B. 出示身份证件,进行联网核查,交易中录入身份证号码。
C. 出示身份证件,身份识别仪鉴别(非居民身份证的,视角核对),并摘录身份证件号码。
【单选题】
本人及代理人客户办理人民币单笔___元(含)以上或外币等值()美元(含)以上现金存取款业务时,需要出示身份证件。
A. 5万 5千
B. 5万 1万
C. 10万 5千
D. 10万 1万
【单选题】
当办理个人业务无法确切判断客户出示的居民身份证为虚假证件时,应当___。
A. 拒绝为该客户办理相关业务
B. 挂失业务须进一步核实个人居民身份证的真伪后再决定是否办理
C. 当确认该身份证件属虚假证件,应及时通知该客户撤销账户,并将有关情况报告人民银行当地分支机构及总行相关部门
D. 客户提供其他能证明其身份的有效证件后继续为客户办理业务
【单选题】
下列哪些业务需要出示身份证件,进行联网核查(非居民身份证的,视角核对),并留存身份证件复印件或影印件的业务?___
A. 办理定期储蓄账户提前支取
B. 水、电、气、煤等公共事业的代缴代扣关系建立及撤销
C. 自助柜员机吞没卡领卡
D. 对于代理现金存款业务,如果代理人因合理理由无法提供被代理人有效身份证件且单笔存款金额达到或超过人民币1万元或外币等值1000美元时
