- 积分
- 89
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 最后登录
- 1970-1-1
- 阅读权限
- 20
- 听众
- 收听
助理工程师
|
大家都知道最近400-251出新题了。 前几个帖子的@yanggui319 安利了一个176版本的。我帮他把新题截图截了出来。各位大神帮忙看看答案, 下周打算用这个版本去试水,大家可以等我消息,不过在这之前有些题库疑问看看有没有大神答疑。; y& t& f( @ a3 J
2 }% x. X) l6 A' N5 W" O
( H+ h# d+ N% ]
( W6 _6 f' C' R* r. n$ c0 a
对于这两道题,问题问的是如何 在接口上开启 802.1x的认证(authentication)和授权(author---), 在@yanggui319的版本中,开启认证选的答案是“authentication port-control auto” ,开启授权选择的是"aaa authorization network default group tacacs+" 我觉得是很合理的,而置顶166版本中两道题都选了authentication port-control auto。 但是166版本又过了很多人。。究竟谁对谁错,有大神给出个答案不。. l0 \9 |, x" o. S M: z
( G0 Y5 `( _ n, i2 `) d
4 k# Y% @' }: ^' E
! A7 x. h% H. X
# g. ^0 L) R/ Z5 u' |下面是比166版本多出来的一些新题题目:! g6 ]" Y5 Y; q9 Y- } B5 `5 X
new1:
0 x; d* R* E7 S+ }2 _ Which type of attack use a large number of spoofed MAC addresses to emulate wireless client?(Choose one)
! T2 Y% r! M1 B& f2 n! PA.DoS against an access point
% [2 o4 F. L, V( J9 E4 ^- `! IB.Dos against a client station/ V7 i: w; _' @* s! d E
C.chopchop attack6 N! e. r) ^# V* J9 k$ M
D.Airsnaf attack* \. d: A$ E3 y1 ^
E.device-probing attack
! }7 P: F! [3 E- b! D% fF.authentication-failure attack
. \7 p5 e; S4 n* G) v+ P/ k9 g- K7 Q9 E9 e" D
new2:
' L" P6 H/ G. e. A What are two characteristics of RPL, used in IoT environments?(Choose two)
; t& ~2 _. b$ G2 ]+ cA.It is an Exterior Gateway Protocol: v( M, h8 c4 g/ y$ r/ P
B.It is a Interior Gateway Protocol5 J4 x) v4 ~. n7 O
C.It is a hybrid protocol
/ X$ V9 P) Z1 @+ H0 o0 VD.It is link-state protocol
$ t# A% @9 D8 P) E- }3 `E.It is a distance-vector protocol! L* y6 Q9 _6 q! K2 W" k) ]$ r: v
* Z; | A/ U* G
new3:
9 k: X% I* }6 q Which command is required for bonnet filter on Cisco ASA to function properly?(Choose one)8 r$ G9 k& ?# _$ \
A.dynamic-filter inspect tcp /80$ k C- k5 a; e# t& Z" H
B.dynamic-filter whitelist- m5 V! l0 r- B4 Y
C.inspect botnet
3 w1 v3 Z+ ?# u$ ]D.inspect dns dynamic-filter-snoop. }) Y7 H% L! b. d: C
/ e% \$ \2 L; k8 \, N8 ?
new4:
' N& y* m! t3 h6 s1 Q Which two statements about Cisco AMP for Web Security are true? (Choose two): c$ K9 _2 q" P% l
A.It can detect and block malware and other anomalous traffic before it passes through the Web gateway.9 K7 M1 w6 @9 W U
B.It can identify anomalous traffic passing through the Web gateway by comparing it to an established baseline of expected activity
* P) ^3 a% L% S! R# DC.It can perform file analysis by sandboxing known malware and comparing unknown files to a local repository of threats
& `. A! z5 i) X( Q1 xD.It continues monitoring files after they pass the Web gateway
2 j# o: b/ f1 x0 X/ c1 \E.It can prevent malicious data exfiltration by blocking critical files from exiting through the Web gateway2 r) ]9 ?/ D7 g
F.It can perform reputation-based evaluation and blocking by uploading of incoming files to a cloud-based threat intelligence network. q3 G+ y- X( R( u
8 m7 y7 \: F. Qnew5:* L$ _" w7 U5 d* W1 d3 `9 v
Which two statements about MACsec are true? (Choose two)
* _/ I1 W7 _6 @+ h2 L& y6 HA.It maintains network intelligence as it applied to router uplinks and downlinks.* n$ j$ L" ~# a8 [+ v; Q5 B
B.It works in conjunction with IEEE 802.1X -2010 port-based access control. B: z. M- s- v3 R& a5 p3 i
C.It uses symmetric-key encryption to protect data confidentiality.+ d5 p- _. \$ T( _. N
D.It encrypts packets at Layer 3, which allows devices to handle packets in accordance with network polices.$ I5 T' f2 r5 N) s" p$ P. F" a0 m
E.It can be enabled on individual port at Layer 3 to allow MACsec devices to access the network.
( J& p" E. v! W \# v7 R/ @F.It can use IEEE 802.1x master keys to encrypt wired and wireless links
1 W0 ^$ Q d! K$ u
4 M. P2 j0 Y. y0 o" t+ wnew6:
1 y; Z5 P! R& z0 A" p8 D Which statement about Password Authentication Protocol is true?(Choose one)! R( H+ h8 l+ x- A0 |
A.RADIUS –based PAP authentication logs successful authentication attempts only.8 a, S P5 M& ?/ F1 {$ P0 v
B.Its password in encrypted with a certificate.( n1 `' P7 p" y1 G# ^6 \: D
C.It offers strong protection against brute force attacks.
- z) k5 Q) Q) gD.RADIUS –based PAP authentication is based on the RADIUS Password attribute+ ]9 j x) t, b# k
E.It is the most secure authentication method supported for authentication against the internal Cisco ISE database
) z o( w8 r2 D1 ^- _1 ZF.It uses a two-way handshake with an encrypted password6 ~6 Y ?! e" ~) X7 V. ? k
$ q! Y) w6 G" o
new7:, W; B3 c# [/ Q/ ?
What technique can an attacker use to obfuscate a malware application payload, allowing it to bypass standard security mechanisms?(Choose one)0 V) I6 w0 [+ @
A.Teredo tunneling5 F) @/ W S1 d: J5 E3 p* I% V
B.A PE32 header2 o+ e4 c7 w+ C7 m
C.Steganography4 n4 {' S4 T" J
D.BASE64: Y3 q6 P/ y$ l! Y
E.Decryption
/ ]' K; U& z, p& I c+ D% r
% o4 G/ a \( }4 m% anew:8 Y8 O5 E; P& ?
Which tunnel type does the Cisco unified Wireless Solution use to map a provisioned guest WLAN to an anchor WLC?(Choose one)
3 z7 R% z7 q% g( Y3 j/ e9 C9 LA.PEAP
! a/ _6 D3 p9 G# XB.IPsec# A, i x! }2 I" q% d2 [
C.TLS
5 C+ Y% L0 l0 h, X8 A0 wD.GRE1 O# |' @9 @3 k2 o3 s7 u$ O
E.EAPoL
1 ^) x5 a! R8 I& y- @/ l# ?F.EoIP
5 m9 t ?- ~) A! u3 ^& {$ k; n o: d7 y+ Q4 z: p
new 9:# A% W2 _0 R% k7 r5 b9 ~" V- t
Which statement about the Firepower Security Intelligence feature is true?(Choose one)0 d: P: n/ M- g; @" s3 h
A.It uses user-configured ACLs to blacklist and whitelist traffic' J% n4 Z% e; z+ k+ k- Z9 L
B.It can override custom whitelists to provide greater security against emerging threats
O. @% i# M& y9 |C.It filters traffic after policy-based inspection is complete and before the default action is taken
* ~( z; n$ l7 A7 g! ^8 B/ iD.Blacklisted traffic is blocked without further inspection- Y5 @6 f, }9 ]7 d9 z* m9 }7 R) m/ R
E.It filters traffic after policy-based inspection is completed and the default action is taken
7 Q- R2 r. q, U7 w/ r0 R% c; q
7 K7 G/ D( Y+ o. [( c9 q3 D
+ y5 K0 |7 O9 v
4 b8 @0 [8 i# e+ ^. J2 inew 10:1 [4 V9 u- E& M% L) r
Which statement about the Cisco AMP Virtual Private Cloud Appliance is true for deployments in cloud-proxy mode?(Choose one)
( Y5 O) G5 B5 \& mA.The appliance can perform disposition lookups against the Protect DB without an internet connection* _& I) l- ^- B7 |& z8 v+ M2 }
B.The amp-sync tool syncs the threat-intelligence repository on the appliance on the AMP public cloud through the Update Host3 m: v% w4 Q( f
C.The appliance can automatically download threat-intelligence updates directly from the AMP public cloud
9 B/ U# c" ?& J/ B( fD.The updates Host automatically downloads updates and deploys them to the Protect DB on a daily basis% U7 Y0 I" i4 b% q
E.The appliance communicates directly with the endpoint connectors only0 ~0 k' `- e! W- v
' P( v/ v) @* c9 P/ j& r1 Unew10题要小心,因为166题库中有一道题是/ _2 c( y% W' u) z) M
Which statement about the Cisco AMP Virtual Private Cloud Appliance is true for deployments in air-gap mode?(Choose one)
4 h; `( T0 h( S" p那道题的答案是The appliance can perform disposition lookups against the Protect DB without an internet connection
; q( l. I4 w# `) G. A |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2017-11-26 12:19:46
置顶卡
喧嚣卡
变色卡
千斤顶
楼主
