CCNP&CCIE Security SCOR思科认证网络工程师题库1.docx
-
资源ID:6745663
资源大小:37.25KB
全文页数:19页
- 资源格式: DOCX
下载积分:5金币
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
CCNP&CCIE Security SCOR思科认证网络工程师题库1.docx
CCNP/CCIESecuritySCOR题库1ExamAQUESTION1WhichfeaturerequiresanetworkdiscoverypolicyontheCiscoFirepowerNextGenerationIntrusionPreventionSystem?A. securityintelligenceB. impactflagsC. healthmonitoringD. URLfilteringCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION2aaanew-modelradius-serverhost10.0.0.12keysecret12Refertotheexhibit.Whichstatementabouttheauthenticationprotocolusedintheconfigurationistrue?A. TheauthenticationrequestcontainsonlyapasswordB. TheauthenticationrequestcontainsonlyausernameC. Theauthenticationandauthorizationrequestsaregroupedinasinglepacket.D. Thereareseparateauthenticationandauthorizationrequestpackets.CorrectAnswer:CSection:(none)ExplanationExpIanationZReference:QUESTION3Whichtwopreventivemeasuresareusedtocontrolcross-sitescripting?(Choosetwo.)A. Enableclient-sidescriptsonaper-domainbasis.B. Incorporatecontextualoutputecodingescaping.C. DisablecookieinspectionintheHTMLinspectionengine.D. RununtrustedHTMLinputthroughanHTMLsanitizationengine.E. SameSitecookieattributeshouldnotbeused.CorrectAnswer:ABSection:(none)ExplanationExpIanationZReference:QUESTION4WhichpolicyisusedtocapturehostinformationontheCiscoFirepowerNextGenerationIntrusionPreventionSystem?A. correlationB. intrusionC. accesscontrolD. networkdiscoveryCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION5InterfaceMACAddressMethociDomainStatusFgSessionIDGi4150050.b6d4.8a60dotlxDATAAuth0A02198200001Gi8430024.c4fe.1832dotlxVOICEAuth0A02198200000Gil0250026.7391.bbdldotlxDATAAuth0A02198200001Gi8280026.ObSe.SldSdotlxVOICEAuth0A02198200000Gi4130025.4593.e575dotlxVOICEAuth0A02198200000GilO/230025.8418.217fdotlxVOICEAuth0A02198200000Gi740025.8418.Ibc7dotlxVOICEAuth0A02198200000Gi770026.ObSe.SOfbdotlxVOICEAuth0A02198200000Gi814c85b.7604.falddotlxDATAAuth0A02198200001Gil0290026.0b5.528adotlxVOICEAuth0A02198200000Gi420026.0b5e.4f9fdotlxVOICEAuth0A02198200000Gil0300025.4593.e5acdotlxVOICEAuth0A02198200000Gi82968bd.aba5.2e44dotlxVOICEAuth0A02198200001Gi7454ee.75db.d766dotlxDATAAuth0A02198200001Gi234e804.62eb.a658dotlxVOICEAuth0A02198200000Gil022482a.e307.d9c8IdotlxIDATAAuth0A02198200001Gi9220007.b00c.8c3SImabDATAAuth0A02198200000Refertotheexhibit.Whichcommandwasusedtogeneratethisoutputandtoshowwhichportsareauthenticatingwithdotlxormab?A. showauthenticationregistrationsB. showauthenticationmethodC. showdotIxallD. showauthenticationsessionsCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION6AnengineerisconfiguringaCiscoESAandwantstocontrolwhethertoacceptorrejectemailmessagestoarecipientaddress.Whichlistcontainstheallowedrecipientaddresses?A. SATB. BATC. HATD. RATCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION7WhichtwocapabilitiesdoesTAXIIsupport?(Choosetwo.)A. exchangeB. pullmessagingC. bindingD. correlationE. mitigatingCorrectAnswer:BCSection:(none)ExpIanationZReference:QUESTION8Whichpolicyrepresentsasharedsetoffeaturesorparametersthatdefinetheaspectsofamanageddevicethatarelikelytobesimilartoothermanageddevicesinadeployment?A. grouppolicyB. accesscontrolpolicyC. devicemanagementpolicyD. platformservicepolicyCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:-config-guide-v622/platform_settings_policies_for_managed_devices.pdfQUESTION9Anadministratorwantstoensurethatallendpointsarecompliantbeforeusersareallowedaccessonthecorporatenetwork.TheendpointsmusthavethecorporateantivirusapplicationinstalledandberunningthelatestbuildofWindows10.Whatmusttheadministratorimplementtoensurethatalldevicesarecompliantbeforetheyareallowedonthenetwork?A. CiscoIdentityServicesEngineandAnyConnectPosturemoduleB. CiscoStealthwatchandCiscoIdentityServicesEngineintegrationC. CiscoASAfirewallwithDynamicAccessPoliciesconfiguredD. CiscoIdentityServicesEnginewithPxGridservicesenabledCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION10WhataretwoDetectionandAnalyticsEnginesofCognitiveThreatAnalytics?(Choosetwo.)A. dataexfiltrationB. commandandcontrolcommunicationC. intelligentproxyD.snortE.URLcategorizationCorrectAnswer:ABSection:(none)ExplanationExpIanationZReference:Reference:QUESTION11Inwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mostoftenobserved?A. smurfB. distributeddenialofserviceC. cross-sitescriptingD. rootkitexploitCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:QUESTION12WhichtwoconditionsareprerequisitesforstatefulfailoverforIPsec?(Choosetwo.)A. OnlytheIKEconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIPsecconfigurationiscopiedautomatically.B. TheactiveandstandbydevicescanrundifferentversionsoftheCiscoIOSsoftwarebutmustbethesametypeofdevice.C. TheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice.D. OnlytheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice;theIKEconfigurationiscopiedautomatically.E. TheactiveandstandbydevicesmustrunthesameversionoftheCiscoIOSsoftwareandmustbethesametypeofdevice.CorrectAnswer:BCSection:(none)ExplanationExpIanationZReference:Reference:mtsec-vpn-availability-15-mt-booksec-state-fail-ipsec.htmlQUESTION13WhenwebpoliciesareconfiguredinCiscoUmbrella,whatprovidestheabilitytoensurethatdomainsareblockedwhentheyhostmalware,commandandcontrol,phishing,andmorethreats?A. ApplicationControlB. SecurityCategoryBlockingC. ContentCategoryBlockingD. FileAnalysisCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:CategoriesQUESTION14WhattwomechanismsareusedtoredirectuserstoawebportaltoauthenticatetoISEforguestservices?(Choosetwo.)A. TACACS+B. centralwebauthC. singlesign-onD. multiplefactorauthE. localwebauthCorrectAnswer:BESection:(none)ExplanationExpIanationZReference:Reference:2/b_ise_admin_guide_22_chapter_01110.htmlQUESTION15WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?A. userinputvalidationinawebpageorwebapplicationB. 1.inuxandWindowsoperatingsystemsC. databaseD. webpageimagesCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:Reference:QUESTION16Whichdeploymentmodelisthemostsecurewhenconsideringriskstocloudadoption?A. publiccloudB. hybridcloudC. communitycloudD. privatecloudCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION17WhatdoestheCloudlockAppsFirewalldotomitigatesecurityconcernsfromanapplicationperspective?A. Itallowstheadministratortoquarantinemaliciousfilessothattheapplicationcanfunction,justnotmaliciously.B. Itdiscoversandcontrolscloudappsthatareconnectedtoacompany'scorporateenvironment.C. Itdeletesanyapplicationthatdoesnotbelonginthenetwork.D. Itsendstheapplicationinformationtoanadministratortoacton.CorrectAnSWe匚BSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/products/security/cloudlock/index.html#-featuresQUESTION18WhichexfiltrationmethoddoesanattackerusetohideandencodedatainsideDNSrequestsandqueries?A. DNStunnelingB. DNSCryptC. DNSsecurityD. DNSSECCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:https:/learn-QUESTION19Whichalgorithmprovidesencryptionandauthenticationfordataplanecommunication?A. AES-GCMB. SHA-96C.AES-256D.SHA-384CorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION20Whichtechnologyreducesdatalossbyidentifyingsensitiveinformationstoredinpubliccomputingenvironments?A. CiscoSDAB. CiscoFirepowerC. CiscoHyperFIexD. CiscoCloudlockCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION21snmp-servergroupSNMPv3authaccess15Refertotheexhibit.Whatdoesthenumber15representinthisconfiguration?A. privilegelevelforanauthorizedusertothisrouterB. accesslistthatidentifiestheSNMPdevicesthatcanaccesstherouterC. intervalinsecondsbetweenSNMPv3authenticationattemptsD. numberofpossiblefailedattemptsuntiltheSNMPv3userislockedoutCorrectAnSWe匚BSection:(none)ExplanationExpIanationZReference:QUESTION22Whichnetworkmonitoringsolutionusesstreamsandpushesoperationaldatatoprovideanearreal-timeviewofactivity?A. SNMPB. SMTPC. syslogD. model-driventelemetryCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION23WhatistheresultofrunningthecryptoisakmpkeyciscXXXXXXXXaddress172.16.0.0command?A. authenticatestheIKEv2peersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXB. authenticatestheIPaddressofthe172.16.0.0/32peerbyusingthekeyciscXXXXXXXXC. authenticatestheIKEvlpeersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXD. securesallthecertificatesintheIKEexchangebyusingthekeyciscXXXXXXXXCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:QUESTION24WhichtwoprobesareconfiguredtogatherattributesofconnectedendpointsusingCiscoIdentityServicesEngine?(Choosetwo.)A. RADIUSB. TACACS+C. DHCPD. sFlowE. SMTPCorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.htmlQUESTION25DRAGDROPDraganddroptheFirepowerNextGenerationIntrustionPreventionSystemdetectorsfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference:Reference:-config-guide-v64/detecting_specific_threats.htmlQUESTION26Whichsolutionprotectshybridclouddeploymentworkloadswithapplicationvisibilityandsegmentation?A. NexusB. StealthwatchC. FirepowerD. TetrationCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:solution/index.html#-productsQUESTION27Whatarethetwomostcommonlyusedauthenticationfactorsinmultifactorauthentication?(Choosetwo.)A. biometricfactorB. timefactorC. confidentialityfactorD. knowledgefactorE. encryptionfactorCorrectAnswer:ADSection:(none)ExplanationExpIanationZReference:QUESTION28DRAGDROPDraganddropthecapabilitiesfromtheleftontothecorrecttechnologiesontheright.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference:QUESTION29WhichtwokeyandblocksizesarevalidforAES?(Choosetwo.)A. 64-bitblocksize,112-bitkeylengthB. 64-bitblocksize,168-bitkeylengthC. 128-bitblocksize,192-bitkeyIengthD.128-bitblocksize,256-bitkeylengthE.192-bitblocksize,256-bitkeylengthCorrectAnswer:CDSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Advanced_Encryption_StandardQUESTION30HowdoesCiscoUmbrellaarchivelogstoanenterprise-ownedstorage?A. byusingtheApplicationProgrammingInterfacetofetchthelogsB. bysendinglogsviasyslogtoanon-premisesorcloud-basedsyslogserverC. bythesystemadministratordownloadingthelogsfromtheCiscoUmbrellawebportalD. bybeingconfiguredtosendlogstoaself-managedAWSS3bucketCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION31InwhichcloudservicesmodelisthetenantresponsibleforvirtualmachineOSpatching?A. IaaSB. UCaaSC. PaaSD. SaaSCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION32WhichtwodescriptionsofAESencryptionaretrue?(Choosetwo.)A. AESislesssecurethan3DES.B. AESismoresecurethan3DES.C. AEScanusea168-bitkeyforencryption.D. AEScanusea256-bitkeyforencryption.E. AESencryptsanddecryptsakeythreetimesinsequence.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/gpdb.docs.pivotal.io/43190/admin_guide/topics/ipsec.htmlQUESTION33Whichtechnologyisusedtoimprovewebtrafficperformancebyproxycaching?A. WSAB. FirepowerC. FireSIGHTD. ASACorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION34WhichstatementabouttheconfigurationofCiscoASANetFIowv9SecureEventLoggingistrue?A. ToviewbandwidthusageforNetFIowrecords,theQoSfeaturemustbeenabled.B. AsysoptcommandcanbeusedtoenableNSELonaspecificinterface.C. NSELcanbeusedwithoutacollectorconfigured.D. Aflow-exporteventtypemustbedefinedunderapolicy.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION35Whichbenefitdoesendpointsecurityprovidetheoverallsecuritypostureofanorganization?A. Itstreamlinestheincidentresponseprocesstoautomaticallyperformdigitalforensicsontheendpoint.B. Itallowstheorganizationtomitigateweb-basedattacksaslongastheuserisactiveinthedomain.C. Itallowstheorganizationtodetectandrespondtothreatsattheedgeofthenetwork.D. Itallowstheorganizationtodetectandmitigatethreatsthattheperimetersecuritydevicesdonotdetect.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION36AnengineerconfiguredanewnetworkidentityinCiscoUmbrellabutmustverifythattrafficisbeingroutedthroughtheCiscoUmbrellanetwork.Whichactionteststherouting?A. Ensurethattheclientcomputersarepointingtotheon-premisesDNSservers.B. EnabletheIntelligentProxytovalidatethattrafficisbeingroutedcorrectly.C. AddthepublicIPaddressthattheclientcomputersarebehindtoaCoreIdentity.D. BrowsetoCorrectAnswer
