【单选题】
Why does ISE require its own certificate issued by a trusted CA?___
A. ISEs certificate allows guest devices to validate it as a trusted network device
B. It generates certificates for guest devices ba sed on its own certificate
C. It requests certificates for guest devices from the Ca server based on its own certificate.
D. ISE's certificate allows it to join the network security framework
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
B
解析
暂无解析
相关试题
【单选题】
which attack involves large numbers of ICMP packets with a spoofed source IP address?___
A. smurf attack
B. Teardrop attack
C. Nuke attack
D. SYN Flood attack
【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
推荐试题
【单选题】
病人女,21岁,精神分裂症。近半年来,病人不愿与人接触,以致不愿去上班追问病人说:“不知为什么,街上的人的行为都是针对我的,如果有人点头和笑表示我做对了,摇头是告诉我做错了。”此为
A. 夸大妄想
B. 被害妄想
C. 关系妄想
D. 罪恶妄想
E. 嫉妒妄想
【单选题】
病人坚信自己的配偶对自己不忠和对配偶的跟踪,盯梢,暗中检查配偶的衣服,床单,窥查配偶的提包,信件,已寻觅私通情人的证据。下列判断正确的是
A. 夸大妄想
B. 被害妄想
C. 关系妄想
D. 钟情妄想
E. 嫉妒妄想。
【单选题】
男,29岁,断言半年来姑母要害他而入院,诊断为精神分裂症,坚信姑母要将表妹强嫁于他。问他这种想法的根据时,病人说一天他去姑母家,表妹拿了一叠玫瑰酥与核桃酥请他吃。他认为玫瑰是爱情的表示,核桃是合起来志同道合的意思,因而他断定表妹看中了他,并说以后姑母又串通其他人采取了一系列的行动,逼他就范,此症状为
A. 夸大妄想
B. 被害妄想
C. 关系妄想
D. 钟情妄想
E. 嫉妒妄想
【单选题】
女,30岁,近两年来常重复出现下列想法:认为他可能把癌传到他家里,尤其怕把癌传给他的父母,为了减少传播癌的可能性,她开始过渡洗涤,每天洗手达125次,每日三块肥皂,还要反复洗澡,对此症状判断正确的是
A. 强迫观念
B. 超价观念
C. 注意增强
D. 感觉过敏
E. 注意狭窄
【单选题】
女,17岁,诊断为精神分裂症,家长也发现他长时间看书可达几个小时不抬头,实际上没有翻动一页,也说不出到底看了什么内容,学习成绩急剧下降,使症状为
A. 注意增强
B. 注意转移
C. 注意减退
D. 注意涣散
E. 注意狭窄
【单选题】
病人将钥匙倒过来开门,筷子倒过来吃饭,但对某些复杂问题反而能正确回答解决,如能下象棋,打牌,一般生活问题都能解决,以上症状属于
A. 假性痴呆
B. 童样痴呆
C. 部分性痴呆
D. 全面性痴呆
E. 精神发育迟滞。
【单选题】
某病人怀疑有人要害自己,在饭菜里下毒,经治疗后认为以前的想法是不现实的,但仍认为有人监视自己。下列判断正确的是
A. 定向力完整
B. 不会有暴力行为
C. 可以出院
D. 自知力丧失
E. 自知力部分恢复
【单选题】
病人讲话语音高昂,眉飞色舞,喜笑颜开,表情丰富,洋洋自得,以致盛气凌人,傲慢自负和引人发笑,常常带有明显的夸大色彩,使症状为
A. 情感高涨
B. 情感低落
C. 恐惧
D. 焦虑
E. 欣快感
【单选题】
女,16岁,被狗咬后怕狗害怕的对象范围从大狗到宠物小狗,再到玩具狗,最后发展到一切与狗有关的事情。上述症状属于
A. 情感高涨
B. 情感低落
C. 恐惧
D. 焦虑
E. 欣快感。
【单选题】
男,25岁,精神分列症。患者的行为总是自相矛盾而难以被人理解。他认为邻居对他下毒,多次打110报警,每次警察来后,他又千方百计阻挠警察对邻居进行调查,并努力为邻居开脱责任。下列判断正确的是
A. 意志增强
B. 意志减弱
C. 意志缺乏
D. 矛盾意向
E. 意向倒错
【单选题】
患者女性,60岁,近一周来夜间出现行为紊乱,伴,幻视,表情紧张,恐惧,出现不协调性精神运动性兴奋,其症状在夜间加重,考虑患者处于
A. 谵妄状态
B. 痴呆状态
C. 抑制状态
D. 木僵状态
E. 幻觉妄想状态
【单选题】
马克思主义从创立者上说是( )。
A. 关于自然.社会和人类思维发展一般规律的学说
B. 关于资本主义社会发展的学说
C. 马克思恩格斯创立并为后继者所不断发展的科学理论体系
D. 共产主义的学说
【单选题】
马克思主义理论从阶级属性上说是( )。
A. 无产阶级解放.全人类解放的科学理论
B. 关于自然.社会和人类思维发展一般规律的学说
C. 马克思和恩格斯创立的基本理论体系
D. 关于资本主义社会发展规律的学说
【单选题】
马克思主义从研究对象和主要内容上说是( )。
A. 马克思主义者丰富和发展的学说
B. 关于自然.社会和人类思维发展一般规律的学说
C. 马克思和恩格斯创立的基本理论体系
D. 无产阶级解放斗争的学说
【单选题】
作为中国共产党和社会主义事业指导思想的马克思主义是指( )。
A. 不仅指马克思恩格斯创立和列宁等发展的基本理论体系,也包括中国化的理论成果
B. 关于资本主义社会发展的学说
C. 马克思和恩格斯创立的基本理论体系
D. 列宁创立的基本理论.基本观点和基本方法构成的科学体系
