各位大大前輩好
小弟抓小弟抓個各年歷屆題庫,有些答案都不一樣,想請前輩們幫我解答,感激不盡!
題目內容如下
NO.1 How to verify that TACACS+ connectivity to a device? A. You successfully log in to the device by using the local credentials. B. You connect to the device using SSH and receive the login prompt. C. You successfully log in to the device by using ACS credentials. D. You connect via console port and receive the login prompt.
NO.2 Which two features of Cisco Web Reputationtracking can mitigate web-based threats? (Choose Two) A. outbreak filter B. buffer overflow filter C. bayesian filter D. web reputation filter E. exploit filtering
NO.3 Which filter uses in Web reputation to preventfrom Web Based Attacks? (Choose two) A. outbreak filter B. buffer overflow filter C. bayesian overflow filter D. web reputation E. exploit filtering NO.4 Which three statements about Cisco host-based IPS solutions are true?(Choose three.) A. It can view encrypted files.
B. It can have more restrictive policies thannetwork-based IPS. C. It can generate alerts based on behavior at the desktop level. D. It can be deployed at the perimeter. E. It uses signature-based policies. F. It works with deployed firewalls.
NO.5 Which type of address translation supports theinitiation of communications bidirectionally? A. multi-session PAT B. static NAT C. dynamic PAT D. dynamic NAT NO.6 How can you allow bidirational traffic? A. static NAT B. dynamic NAT C. dynamic PAT D. multi-NAT NO.7 Which two characteristics of an application layer firewall are true?(Choose two) A. provides protection for multiple applications B. is immune to URL manipulation C. provides reverse proxy services D. provides stateful firewall functionality E. has low processor usage NO.8 Which two devices are components of the BYOD architectural framework? A. Prime Infrastructure B. Nexus 7010 Switch C. Cisco 3945 Router D. Wireless Access Points E. Identity Services Engine NO.9 If a switch port goes directly into a blocked state only when a superiorBPDU is received, what mechanism must be in use? A. STP BPDU guard B. loop guard C. STP Root guard D. EtherChannel guard NO.10 If a switch port goes into a blocked state only when a superior BPDU isreceived, what mechanism must be in use? A. STP root guard B. EtherChannel guard C. loop guard D. STP BPDU guard NO.11 Which two statements about the self zone on a Cisco zone-based policyfirewall are true? (Choose Two) A. Multiple interfaces can be assigned to the self zone. B. Traffic entering the self zone must match a rule. C. Zone pairs that include the self zone apply to traffic transiting thedevice. D. It can be either the source zone or the destination zone. E. It supports stateful inspection for multicast traffic. NO.12 Which two characteristics of symmetric encryption are true? (Choose two) A. It uses digital certificates. B. It uses a public key and a private key to encrypt and decrypt traffic. C. it requires more resources than asymmetric encryption D. it is faster than asymmetric encryption E. It uses the same key to encrypt and decrypt the traffic. NO.13 What are two options for running Cisco SDM? (Choose two) A. Running SDM from a mobile device. B. Running SDM from a router's flash. C. Running SDM from a PC D. Running SDM from within CiscoWorks E. Running SDM from the Cisco web portal. NO.14 Which two types of VLANs using PVLANs are valid? (Choose two.) A. secondary B. community C. isolated D. promiscuous E. backup NO.15 Which two types of firewalls work at Layer 4 and above? (Choose two.) A. application-level firewall B. static packet filter C. stateful inspection D. Network Address Translation E. circuit-level gateway NO.16 Which network topology describes multiple LANs in a geographically limitedarea? A. CAN B. MAN C. SOHO D. PAN NO.17 Which three statements describe DHCP spoofing attacks? (Choose three.) A. They can modify traffic in transit. B. They are used to perform man-in-the-middle attacks. C. They use ARP poisoning. D. They can access most network devices. E. They protect the identity of the attacker by masking the DHCP address. F. They are can physically modify the networkgateway. NO.18 What are two limitations of the self-zone policies on a zone-basedfirewall? (Choose two) A. They restnct SNMP traffic B. They are unable to implement application inspection C. They are unable to block HTTPS traffic D. They are unable to support HTTPS traffic E. They are unable to perform rate limiting. NO.19 Which two descriptions of TACACS+ are true? (Choose two.) A. It uses TCP as its transport protocol. B. It combines authentication and authorization. C. Only the password is encrypted. D. The TACACS+ header is unencrypted E. It uses UDP as its transport protocol. NO.20 What are two reasons to recommend SNMPv3 over SNMPv2? (Choose two.) A. SNMPv3 is secure because you can configure authentication and privacy B. SNMPv3 is a Cisco proprietary protocol C. SNMPv2 is secure because you can configure authentication and privacy D. SNMPv2 is insecure because it sends information in clear text E. SNMPv3 is insecure because it sends information in clear text NO.21 Which two attack types can be prevented with the implementation of a CiscoIPS solution? (Choose two) A. ARP spoofing B. DDoS C. VLAN hopping D. man-in-the-middle E. worms NO.22 What are two challenges of using a network-based IPS? (Choose two ) A. It must support multiple operating systems B. It is unable to determine whether a detected attack was successful. C. As the network expands, it requires you to add more sensors D. It requires additional storage and processor capacity on syslog servers. E. It is unable to detect attacks across the entire network Answer: D E NO.23 What does the policy map do in CoPP? A. defines the action to be performed B. defines packet selection parameters C. defines the packet filter D. defines service parameters NO.24 How is management traffic isolated on a Cisco ASK 1002? A. Traffic is isolated based upon how you configurerouting on the device B. There is no management traffic isolation on a Cisco ASR 1002. C. The management interface is configured in a special VRF that providestraffic isolation from the default routing table D. Traffic isolation is done on the VLAN level NO.25 Which two actions can an end user take to manage a lost or stolen devicein Cisco ISE? (Choose two) A. Reinstate a device that the user previously marked as lost or stolen. B. Activate Cisco ISE Endpoint protection Services to quarantine the device. C. Request revocation of the digital certificate of the device. D. Add the MAC address of the device to a list of blacklisted devices. E. Force the device to be locked with a PIN. NO.26 Which information can you display by executing the show crypto ipsec sacommand? A. proxy information for the connection between two peers B. IPsec SAs established between two peers C. recent changes to the IP address of a peer router D. ISAKMP SAs that are established between two peers NO.27 In which three cases does the ASA firewall permit inbound HTTP GETrequests during normal operations? (Choose three). A. when matching NAT entries are configured B. when matching ACL entries are configured C. when the firewall receives a SYN-ACK packet D. when the firewall receives a SYN packet E. when the firewall requires HTTP inspection F. when the firewall requires strict HTTP inspection NO.28 Which three statements are characteristics of DHCP Spoofing? (choosethree) A. Arp Poisoning B. Modify Traffic in transit C. Used to perform man-in-the-middle attack D. Physically modify the network gateway E. Protect the identity of the attacker by masking the DHCP address F. can access most network devices NO.29 In which two situations should you use in band management? (Choose two.) A. when multiple management applications need concurrent access to the device B. when you require administrator access from multiple locations C. when a network device fails to forward packets D. when you require ROMMON access E. when the control plane fails to respond NO.30 In which two situations should you use out-of-band management? (Choose two.) A. when a network device fails to forward packets B. when you require ROMMON access C. when management applications need concurrent access to the device D. when you require administrator access from multiple locations E. when the control plane fails to respond NO.31 If a switch port goes directly into a blocked state only when a superior BPDU is received, what mechanism must be in use? A. STP BPDU guard B. loop guard C. STP Root guard D. EtherChannel guard NO.32 What information does the key length provide in an encryption algorithm? A. the packet size B. the number of permutations C. the hash block size D. the cipher block size
| 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2019-3-15 23:34:33
置顶卡
喧嚣卡
变色卡
千斤顶