【单选题】
Which statement about interface and global access rules is true?___
A. Interface access rules are processed before global access rules.
B. Global access rules apply only to outbound traffic, but interface access rules can be applied in either direction
C. The implicit allow is proce ssed after both the global and interface access rules
D. If an interface access rule is applied, the global access rule is ignored
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
A
解析
暂无解析
相关试题
【单选题】
Which type of malicious software can create a back-door into a device or network?___
A. bot
B. worm
C. virus
D. Trojan
【单选题】
Which security term refers to the like lihood that a weakness will be exploited to cause damage to an asset?___
A. threat
B. risk
C. countermeasure
D. vulnerability
【单选题】
Which IPS detection method examines network traffic for preconfigured patterns?___
A. signature-based detection
B. honey-pot detection
C. anomaly-based detection
D. policy-based detection
【单选题】
What is an advantage of split tunneling ?___
A. It allows users with a VpN connection to a corporate network to access the internet with sending traffic across the cor porate network.
B. It allows users with a vpn connection to a corporate network to access the internet by using the vPN for security.
C. It protects traffic on the private network from users on the public network
D. It enables the VPN server to filter traffic more efficiently
【单选题】
Which IDS/IPS state misidentifies acceptable behavior as an attack ?___
A. false negative
B. true positive NEKA G
C. true negative
D. false positive
【单选题】
What is the maximum num ber of methods that a single method list can contain?___
A. 4
B. 3
C. 2
D. 5
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
推荐试题
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,持已许可的线路工作票或分组工作派工单进入厂站工作,厂站值班人员应先得到___同意,并与工作负责人明确工作地点及相关安全注意事项,在备注栏填写调度许可人姓名后由厂站值班人员和工作负责人双方签名,方可进行工作。
A. 调度许可人
B. 值班负责人
C. 工作负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,运行中的高压设备,其中性点应视作___,在运行中如需进行断开操作时,应先建立其他有效的接地才可继续进行。
A. 一般设备
B. 不带电
C. 带电体
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,绝缘隔板和绝缘罩应存放在室内干燥、离地面___mm以上的架上或专用的柜内。
A. 180
B. 190
C. 200
D. 210
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,厂站工作时,一张工作票上所列的3个检修设备,若至预定送电时一个间隔的工作尚未完成,需继续工作而不妨碍其他送电者,应办理相应的___和新的工作票,方可继续工作。
A. 工作终结
B. 工作间断
C. 停电申请
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,工作间断,在___的情况下重新办理许可手续时,可不进行以手触试。
A. 不增加工作内容
B. 安全措施不变
C. 不增加工作人员
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,厂站多天工作,工作票所列安全措施不变,宜办理工作间断,但是每次复工前必须的一个动作是___。
A. 经调度许可
B. 检查接地线装拆记录
C. 检查安全措施
D. 检查安全措施正确完好
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,在屋顶;坝顶;陡坡;悬崖、吊桥以及其他危险的边沿进行工作,临空一面应装设___或防护栏杆,否则工作人员应使用安全带。
A. 警示牌
B. 安全网
C. 围栏
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,工作许可人许可前应核对___身份与工作票填写工作负责人身份是否相符,核对实际工作人数与工作票填写的工作人数是否一致。
A. 工作负责人
B. 工作票签发人
C. 值班负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,电力电缆试验要拆除接地线时,应征得___的许可(根据调度员命令装设的接地线,应征得调度员的许可),方可进行。工作完毕后立即恢复。
A. 工作许可人
B. 工作负责人
C. 值班负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,10kV户外电力装置的裸露部分在跨越人行过道或作业区时,若导电部分对地高度小于___时,该裸露部分两侧和底部应装设护网。
A. 2.7m
B. 2.8m
C. 2.9m
【单选题】
依据《中国南方电网调度运行操作管理规定》规定,220kV线路纵联保护全部退出运行时,原则上停运线路。因系统原因无法停运时,由方式专业提出满足稳定要求的保护动作时间,并经___批准后执行。
A. 中调主管领导
B. 地调主管领导
C. 总调主管领导
D. 省公司分管生产领导
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,远方操作设备前,必要时应在现场增加___或监护人,现场人员应确保自身安全。
A. 位置检查人
B. 现场操作人
C. 工作负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,调度操作过程中,若现场操作人员汇报本操作可能___时,应立即停止操作,待研究后再确定是否继续操作。
A. 危及人身安全
B. 导致设备故障
C. 造成五防混乱
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,在厂站的带电区域内或邻近带电导体附近,禁止使用金属梯子;搬动梯子、管子等长物应将其___后,宜由两人搬运,并与带电部分保持足够的安全距离。
A. 扛起
B. 放倒
C. 拖行
【单选题】
依据《云南电网有限责任公司厂站工作票业务指导书》规定,工作负责人变更时,对于需签发的工作票,如工作票签发人在工作现场,则由签发人填写变动时间并签名;如工作票签发人不在现场,则由工作票签发人通知___,并由现工作负责人代替工作票签发人填写变动时间及签名。
A. 工作负责人
B. 工作许可人
C. 工作班人员
D. 调度员
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,工作间断后,工作班人员忘记东西返回工作现场是()的。间断后所有___可保持不变,但复工前应派人检查,确认安全措施完备后,方可开始工作。
A. 恰当、组织措施
B. 不对、安全措施
C. 不对、施工方案
D. 恰当、技术措施
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,高压电气设备应具有防止误操作闭锁功能(装置),无防误闭锁功能(装置)或闭锁功能(装置)失灵的隔离开关或断路器应加挂___。
A. 机械锁
B. 五防锁
C. 电子锁
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,220kV某线路#10-20塔更换防震锤工作,工作地段距离较远,工作负责人将工作班成员分为4个组,指定分组工作负责人,管理分组的表单是___。
A. 分组工作派工单
B. 抢修工作票
C. 工作票
D. 接地线装拆记录
【单选题】
依据《云南电网有限责任公司现场电气操作票业务指导书(变电部分)(2017)》,断路器、负荷开关出现异常导致无法断开时,应断开___,再拉开相应的隔离开关,将异常设备隔离。
A. 上一级隔离开关
B. 上一级电源
C. 负荷侧断路器
D. 该断路器控制电源
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,设备解体检修前,应对SF6气体进行检验。根据有毒气体的含量,采取安全防护措施。检修人员需着防护服并根据需要配戴___。打开设备封盖后,现场所有人员应暂离现场30min。取出吸附剂和清除粉尘时,检修人员应戴防毒面具和防护手套。
A. 呼吸器
B. 正压式空气呼吸器
C. 防毒面具
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,高压试验时,如加压部分与检修部分断开点之间满足试验电压对应的安全距离,且检修侧有接地线时,应在断开点装设“___”标示牌,并设专人监护后方可工作。
A. 禁止攀登,高压危险!
B. 止步,高压危险!
C. 在此工作!
D. 禁止合闸,有人工作!
【单选题】
依据《云南电网有限责任公司现场电气操作票业务指导书(变电部分)(2017)》,断路器控制电源、保护电源必须待其回路有关隔离开关全部操作完毕后才能退出,以防止___失去控制电源和保护电源。
A. 保护误动时
B. 误操作时
C. 断路器故障时
D. 隔离开关故障时
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,已接上母线的备用间隔应有名称、编号。其隔离开关操作手柄、网门应能加锁。高压手车开关拉出后,___应可靠封闭。
A. 隔离挡板
B. 绝缘罩
C. 柜门
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,电缆耐压试验前,加压端应做好安全措施,防止人员误入试验场所。另一端应设置围栏并挂上警告标示牌。如另一端是上杆的或是锯断电缆处,应___。
A. 派人看守
B. 拆除安全措施
C. 设置围栏
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,工作需要延期时,应经___同意并办理工作延期手续。
A. 工作票签发人
B. 值班负责人
C. 工作许可人
D. 工作负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,室外工作,如遇雷、雨、风等恶劣天气或其他可能危及___的情况时,工作负责人或专责监护人根据实际情况,有权决定临时停止工作。
A. 作业人员安全
B. 电网安全
C. 运行设备安全
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,操作中发生疑问,应立即___,并及时汇报,经查明问题并确认后,方可继续操作,不应擅自更改操作票。
A. 恢复原状
B. 停止操作
C. 汇报工作负责人
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,变电站内工作,___情况下工作票所列人员才可以进入高压室、阀厅内和室外高压设备区内。
A. 巡视设备
B. 单独一人
C. 有人监护
D. 电话或口头命令
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,安全工器具存放环境应干燥通风;绝缘安全工器具应存放于温度___、相对湿度不大于80%的环境中。
A. 15度~30度
B. 20度~40度
C. -15度~40度
D. 20度~30度
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,个人保安线是用于保护工作人员防止()的接地线,横截面___平方毫米。
A. 感应电伤害、16
B. 跨步电压、16
C. 感应电伤害、25
D. 直流电击、15
【单选题】
依据《中国南方电网有限责任公司电力安全工作规程》,“以手触试”原则上适用于___许可工作。能触试的设备应以手触试,若工作负责人不作要求则可不以手触试。
A. 所有停电
B. 部分停电
C. 局部停电
