【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
查看试卷,进入试卷练习
微信扫一扫,开始刷题
答案
BD
解析
暂无解析
相关试题
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
A. 2
B. 3
C. 4
D. 5
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
【单选题】
Refer to the exhibit. 【nat(ins,any)dynamic interface】Which ty pe of NaT is configured on a Cisco ASA?___
A. dynamic NAT
B. source identity NAT
C. dynamic PAT
D. identity twice NAT
【单选题】
Which mitigation technology for web-based threats prevents the removal of confidential data from the network?___
A. CTA
B. DCA
C. AMP
D. DLP
【单选题】
Refer to the exhibit. What is the effect of the given configuration?___
A. It establishes the preshared key for the switch
B. It establishes the preshared key for the firewall.
C. It establishes the preshared key for the Cisco ISE appliance
D. It establishes the preshared key for the router.
【多选题】
What are two major considerations when choosing between a SPAN and a TAP when plementing IPS?___
A. the type of analysis the iS will perform
B. the amount of bandwidth available
C. whether RX and TX signals will use separate ports
D. the way in which media errors will be handled
E. the way in which dropped packets will be handled
【多选题】
What are two direct-to-tower methods for redirecting web traffic to Cisco Cloud Web Security?___
A. third-party proxies
B. Cisco Catalyst platforms
C. Cisco NAC Agent
D. hosted PAC files
E. CiSco ISE
【多选题】
Which three descriptions of RADIUS are true? ___
A. It uses TCP as its transport protocol.
B. Only the password is encrypted
C. It supports multiple transport protocols
D. It uses UDP as its transport protocol
E. It combines authentication and authorization
F. It separates authentication,authorization,and accounting
【多选题】
Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10?___
A. using switchport trunk native vlan 10 command on trunk ports
B. enabling BPDU guard on all access ports
C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
D. applying ACl between VLAN
E. using switchport mode access command on all host ports
F. using switchport nonegotiate command on dynamic desirable ports
【多选题】
What are two features of transparent firewall mode ___
A. It conceals the presence of the firewall from attackers
B. It allows some traffic that is blocked in routed mode
C. It enables the aSA to perform as a router.
D. It acts as a routed hop in the network.
E. It is configured by default
【多选题】
Which two models of A sa tend to be used in a data center?___
A. 5555X
B. 5585X
C. ASA service module
D. 5512X
E. 5540
F. 5520
【多选题】
Which two statements about hardware-based encrption are true?___
A. It is widely accessible
B. It is potentially easier to compromise than software-based encryption. It requires minimal configuration
C. It requires minimal configuration
D. It can be implemented without impacting performance
E. It is highly cost-effective
【多选题】
In which two modes can the Cisco We b Security appliance be de ployed?___
A. as a transparent proxy using the Secure Sockets Layer protocol
B. as a transparent proxy using the Web Cache Communication Protocol
C. explicit proxy mode
D. as a transparent proxy using the Hyper Text Transfer Protocol
E. explicit active mode
推荐试题
【单选题】
社会测量的四个尺度是一个累进叠加的关系,从___到定比尺度,是一个由低层次到高层次的累进与叠加。
A. 定类尺度、定序尺度、定距尺度
B. 定序尺度、定类尺度、定距尺度
C. 定距尺度、定类尺度、定序尺度
D. 定类尺度、定距尺度、定序尺度
【单选题】
社会测量的四个尺度是一个累进叠加的关系,即定类尺度、___,是一个由低层次到高层次的累进与叠加。
A. 定类尺度、定序尺度、定距尺度
B. 定序尺度、定距尺度、定比尺度
C. 定距尺度、定类尺度、定序尺度
D. 定类尺度、定距尺度、定序尺度
【单选题】
社会测量的可靠性和正确性都是科学测量所必须满足的条件。关于两者的关系,下列哪一项是错误的?___
A. 可靠性低,正确性不可能高
B. 可靠性高,正确性必然也高
C. 正确性低,可靠性有可能高
D. 正确性高,可靠性必然也高
【单选题】
社会测量的可靠性和正确性都是科学测量所必须满足的条件。关于两者的关系,下列哪一项是错误的?___
A. 可靠性低,正确性不可能高
B. 正确性低,可靠性有可能高
C. 正确性高,可靠性必然也高
D. 正确性与可靠性是正相关关系
【单选题】
___又称临床式访问,是指工作分析人员通过与被调查人员进行面对面的交流,加深对被调查群体的了解以获取有用数据的一种调查分析方法。
A. 重点访问
B. 深度访谈
C. 客观陈述访问
D. 座谈会
【单选题】
调查数据的整理过程通常分为___四个阶段。
A. 数据审查——分类与编码——汇总——登录
B. 数据审查——登录——分类与编码——汇总
C. 数据审查——分类与编码——登录——汇总
D. 分类与编码——数据审查——登录——汇总
【单选题】
关于定性研究与定量研究的不同点,下列哪一个说法是错误的?___
A. 定性研究与定量研究的着眼点不同
B. 定性研究与定量研究在研究中所处的层次不同
C. 定性研究与定量研究的依据不同
D. 定性研究与定量研究的研究者不同
【单选题】
甲公司获得了从A国进口某种医用品的许可,后因A国政府发出针对该种医用品出口的禁令,直接导致甲公司已获得的许可无法实施。则针对甲公司已经获得的许可,应该进行___
A. 撤销
B. 注销
C. 吊销
D. 撤回
【单选题】
李某作为行政许可申请人,伪造了相关文件,通过了行政机关的审查程序,最终获得了申请的行政许可。后行政机关基于第三人举报,发现了李某的许可申请文件存在造假行为,则针对李某已经获得的行政许可,应该进行___
A. 撤销
B. 注销
C. 吊销
D. 撤回
【单选题】
下列法律位阶由高到低排列正确的是___
A. 法律—规章—行政法规—地方性法规
B. 法律—行政法规—规章—地方性法规
C. 法律—行政法规—地方性法规—规章
D. 法律—地方性法规—规章—行政法规
【单选题】
行政机关的行政行为一经做出,就事先假定其符合法律规定,在没有国家有权机关宣布其为违法之前,对行政机关和行政相对人以及其他机关都具有拘束力。这属于行政行为的___特征。
A. 非强制性
B. 强制性
C. 效力先定性
D. 双方协商性
【单选题】
行政相对人对___不服,可以申请行政复议。
A. 国务院的授权立法行为
B. 省政府进行年度先进公务员评选
C. 市环保局对某企业做出一定数量罚款的行政处罚
D. 区人社局对某企业的劳资纠纷进行了调解
【单选题】
2015年10月,交通运输部起草了《网络预约出租汽车经营服务管理暂行办法》(征求意见稿),向社会公开征求意见,意见反馈截止时间为2015年11月9日。这一举措主要体现了行政立法中的___
A. 合法性原则
B. 权限相符原则
C. 适当性原则
D. 相对人参与原则
【单选题】
根据《行政处罚法》的规定,下列情形中可以当场处罚的是___
A. 董某长期拖欠税款,被税务局罚款200元
B. 蓝梦游戏网吧违法经营,文化主管部门令其停业整顿
C. 驾驶员钱某因违规超速行车被罚款30元
D. 某公司生产假冒名牌服装,工商局决定对其罚款2万元
【单选题】
下列关于听证程序的说法,正确的是___
A. 任何处罚,只要当事人要求听证,实施行政处罚的行政机关必须听证
B. 听证结束后,主持听证的行政机关应当根据听证笔录作出行政处罚决定
C. 听证主持人与本案有利害关系的,应当回避
D. 听证时,要求听证的当事人必须亲自到场
【单选题】
选项中,可以提起行政诉讼的有___
A. 某市政府发布通告,宣布自即日起对全市所有“网吧”进行整顿,整顿完成以前不得擅自营业
B. 某行政机关对本机关公务员张某作出记大过的行政处分
C. 城建管理部门将某施工企业的资质由一级变更为二级
D. 某镇政府去年曾发布信息,预测今年春夏气候对西瓜生产有利,认为瓜农可以适当扩大西瓜种植规模,但实际上今年气候与预测情况不一致,以致扩大种植规模的瓜农蒙受了严重经济损失
【单选题】
行政处罚设定,下列说法正确的是___
A. 行政法规可以设定各种处罚
B. 行政法规可以设定除人身自由以外的行政处罚
C. 行政法规可以设定处吊销企业执照以外的处罚
D. 地方政府不得设定任何行政处罚
