CCNA640553真题精选Word格式.docx
《CCNA640553真题精选Word格式.docx》由会员分享,可在线阅读,更多相关《CCNA640553真题精选Word格式.docx(17页珍藏版)》请在冰豆网上搜索。
C.Access-list 101 will prevent address spoofing from interface E0.
D.This ACL will prevent any host on the Internet from spoofing the inside network address as the sourceaddress for packets coming into the router from the Internet.
C
3、Which description about asymmetric encryption algorithms is correct?
A.They use the same key for encryption and decryption of data.
B.They usedifferent keys for decryption but the same key for encryption of data.
C.They use different keys for encryption and decryption of data.
D.They use the same key for decryption but different keys for encryption of data.
4、For the following items,which management topology keeps management traffic isolated from ActualTproduction traffic?
A.OTP
B.OOB
C.SAFE
D.MARS
B
5、You work as a network engineer,do you know an IPsec tunnel is negotiated within the protection of whichtype of tunnel?
A.L2F tunnel
B.L2TP tunnel
C.GRE tunnel
D.ISAKMP tunnel
D
6、Examine the following options ,when editing global IPS settings,which one determines if the IOS- basedIPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for thatengine is being compiled?
A.Enable Signature Default
B.Enable Engine Fail Closed
C.Enable Default IOS SignatureActualT
D.Enable Fail Opened
7、Which statement best describes CiscoIOS Zone-Based Policy Firewall?
A.A router interface can belong to multiple zones.
B.Policy maps are used to classify traffic into different traffic classes,and class maps are used to assignaction to the traffic classes.
C.The pass action works in onlyone direction
D.A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pairin both directions.
8、Which statement best describes configuring access control lists to control Telnet traffic destined to therouter itself?
A.The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.
B.The ACL is applied to the Telnet port with the ip access-group command.
C.The ACL must be applied to each vty line individually.
D.The ACL should be applied to all vty lines in the in direction to prevent an unwanted user fromconnecting to an unsecured port.
9、What is the MD5 algorithm used for?
A.takes a fixed-length message and produces a 128-bit message digest
B.takes a variable-length message and produces a 168-bit message digest
C.takes a message less than 2^64 bits as input and produces a 160-bit message digest
D.takes a variable-length message and produces a 128-bit message digest ActualT
10、For the following options ,which one accurately matches the CLI command(s)to the equivalent SDM wizardthat performs similar configuration functions?
A.aaa configuration commands and the SDM Basic Firewall wizard
B.setup exec command and the SDM Security Audit wizard
C.auto secure exec command and the SDM One-Step Lockdown wizard
D.Cisco Common Classification Policy Language configuration commands and the SDM Site-to- Site VPN
[多项选择题]
11、Based on the following items,which two typesof interfaces are found on all network-based IPS sensors?
A.Loopback interface
B.Command and control interface
C.Monitoring interface
D.Management interface
B,C
12、Which description is true about the show login command output displayed in the exhibit?
A.Three or more login requests have failed within the last 100 seconds.
B.When the router goes into quiet mode,any host is permitted to access the router via Telnet,actual
SSH,and HTTP,since the quiet-mode access list has not been configured.
C.The login block-for command is configured to block login hosts for 93 seconds.
D.All logins from any sources are blocked for another 193 seconds.
13、Given the exhibit below. You are a network manager of your company. You are reading your Syslog serverreports. On the basis of the Syslog message shown,which two descriptions are correct?
A.This is a normal system-generated information message and does not require further investigation.
B.Service timestamps have been globally enabled.
C.This message is unimportant and can be ignored.
D.This message is a level 5 notification message.
B,D
14、What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)?
A.Firmware-level virus detection
B.Signature-based virus filtering
C.Layer 4 virus detection
D.Signature-based spyware filtering
15、Which statement best describes the relationships between AAA function and TACACS+,RADIUS based onthe exhibit shown?
A.TACACS+ - P4S1 and P4S4RADIUS - P4S2 and P4S3
B.TACACS+ - P4S2 and P4S4RADIUS - P4S1 and P4S3
C.TACACS+ - P4S1 and P4S3ActualRADIUS - P4S2 and P4S4
D.TACACS+ - P4S2 and P4S3RADIUS - P4S1 and P4S4
16、Which kind of table will be used by most firewalls today to keep track of the connections through thefirewall?
A.reflexive ACL
B.dynamic ACL
C.queuing
D.netflow
E.state
E
17、Based on the username global configuration mode command displayed in the exhibit. What does the optionsecret 5 indicate about the enable secret password?
A.It is hashed using MD5
B.It is encrypted using a proprietary Cisco encryption algorithm
C.It is hashed using SHA
D.It is encrypted using DH group 5
18、Before a Diffie-Hellman exchange may begin,the two parties involved must agree on what?
A.Two secret keys
B.Two nonsecret keys
C.Two secret numbers
D.Two nonsecret numbers
19、Which three items are Cisco best-practice recommendations for securing a network?
A.Routinely apply patches to operating systems and applications
B.Disable unneeded services and ports on hosts
C.Deploy HIPS software on all end-user workstations
D.Require strong passwordsand enable password expiration
A,B,D
20、What Cisco Security Agent Interceptor is in charge of intercepting all read/write requests to the rc files inUNIX?
A.Configuration interceptor
B.Network interceptor
C.File system interceptor
D.Execution space interceptor
21、Which location will be recommended for extended or extended named ACLs?
A.when using the established keyword,a location close to the destination point to ensure that return trafficis allowed
B.an intermediate location to filter as much traffic as possible ActualT
C.a location as close to the source traffic as possible
D.a location as close to the destination traffic as possible
更多内容请访问《睦霖题库》微信公众号
22、Refer to Cisco IOSZone-Based Policy Firewall,where will the inspection policy be applied?
A.to the zone-pair
B.to the zone
C.to the interface
D.to the global service policy
23、Which statement is true about vishing?
A.Influencing users to forward a call to a toll number (for example,a long distance or internationalnumber)
B.Influencing users to provide personal information over a web page
C.Using an inside facilitator to intentionally forward a call to a toll number (for example,a long distance orinternational number)
D.Influencing users to provide personal information over the phone
24、Which one of the following items may be added to a password stored in MD5 to make it more secure?
A.Ciphertext
B.Salt
C.Cryptotext
D.Rainbow table
25、Which example is of a function intended for cryptographic hashing?
A.MD65
B.SHA-135
C.XR12
D.MD5
26、Which is the main difference between host-based and network-based intrusion prevention?
A.Host-based IPS can work inpromiscuous mode or inline mode.
B.Network-based IPS can provide protection to desktops and servers without the need of installingspecialized software on the end hosts and servers.
C.Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
D.Host-based IPS deployment requires less planning than network-based IPS.
27、Which classes does the U.S. government place classified data into?
A.Top-secret
B.Confidential
C.SBU
D.Secret
28、Which three options are network evaluation techniques?
A.Performing end-user training on the use of antispyware software
B.Performing virus scans
C.Scanning a network for active IP addresses and open ports on those IP addresses
D.Using password-cracking utilities
B,C,D
29、You are a network technician at C. Which description is correct when you have generatedRSA keys on your Cisco router to prepare for secure device management?
A.You must then specify the general-purpose key size used for authentication with the crypto key generatersa general-keys modulus command.
B.You must then zeroize the keys to reset secure shell before configuring other parameters.
C.All vty ports are automatically enabled for SSH to provide secure management.
D.The SSH protocol is automatically enabled.
30、Which result is of securing the Cisco IOS image by use of the Cisco IOS image resilience feature?
A.The Cisco IOS image file will not be visible in the output from the show flash command.
B.The show version command will not show the Cisco IOS image file location.
C.When the route
升级会员 