CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx
-
资源ID:6745692
资源大小:37.30KB
全文页数:21页
- 资源格式: DOCX
下载积分:5金币
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx
CCNP/CCIESecuritySCOR题库2QUESTION51AnengineerneedsasolutionforTACACS+authenticationandauthorizationfordeviceadministration.Theengineeralsowantstoenhancewiredandwirelessnetworksecuritybyrequiringusersandendpointstouse802.1X,MAB1orWebAuth.Whichproductmeetsalloftheserequirements?A. CiscoPrimeInfrastructureB. CiscoIdentityServicesEngineC. CiscoStealthwatchD. CiscoAMPforEndpointsCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION52Whenwired802,IXauthenticationisimplemented,whichtwocomponentsarerequired?(Choosetwo.)A. authenticationserver:CiscoIdentityServiceEngineB. supplicant:CiscoAnyConnectISEPosturemoduleC. authenticator:CiscoCatalystswitchD. authenticator:CiscoIdentityServicesEngineE. authenticationserver:CiscoPrimeInfrastructureCorrectAnSWe匚ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION53TheCiscoASAmustsupportTLSproxyforencryptedCiscoUrdfiedCommunicationstraffic.WheremusttheASAbeaddedontheCiscoUCManagerplatform?A.CertificateTrustListB. EndpointTrustListC. EnterpriseProxyServiceD. SecuredCollaborationProxyCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION54WhichAPIisusedforContentSecurity?A. NX-OSAPIB. IOSXRAPIC. OpenVuInAPID. AsyncOSAPICorrectAnSWe匚DSection:(none)ExplanationExpIanationZReference:Reference:-0/api/b_SMA_API_12/test_chapter_01.htmlQUESTION55Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo.)A. Theattackisfragmentedintogroupsof16octetsbeforetransmission.B. Theattackisfragmentedintogroupsof8octetsbeforetransmission.C. ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.D. Malformedpacketsareusedtocrashsystems.E. PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Ping_of_deathQUESTION56Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo.)A. Enablebrowseralertsforfraudulentwebsites.B. Definesecuritygroupmemberships.C. RevokeexpiredCRLofthewebsites.D. Useantispywaresoftware.E. Implementemailfilteringtechniques.CorrectAnswer:AESection:(none)ExplanationExplanation/Reference:QUESTION57WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?A. SSLVPNB. GETVPNC. FIexVPND. DMVPNCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:Reference:QUESTION58WhichSNMPv3configurationmustbeusedtosupportthestrongestsecuritypossible?A.asa-host(config)smp-servergroupmyv3v3privasa-host(config)smp-serveruserandymyv3authshaciscoprivdesciscXXXXXXXXasa-host(cofig)#snmp-serverhostinside10.255.254.1version3andyB. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#SnmP-SerVerhostinside10,255.254.1version3andyC. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscopriv3desciscXXXXXXXXasa-host(config)#snmp-serverhostinside10.255.254.1version3andyD. asa-host(cofig)snmp-servergroupmyv3v3privasa-host(config)#snmp-serveruserandymyv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside10,255.254.1version3andyCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION59WhichfeatureissupportedwhendeployingCiscoASAvwithinAWSpubliccloud?A. multiplecontextmodeB. userdeploymentofLayer3networksC. IPv6D. clusteringCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:QUESTION60WhichproxymodemustbeusedonCiscoWSAtoredirectTCPtrafficwithWCCP?A. transparentB. redirectionC. forwardD. proxygatewayCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION61AnMDMprovideswhichtwoadvantagestoanorganizationwithregardstodevicemanagement?(Choosetwo.)A. assetinventorymanagementB. allowedapplicationmanagementC. ActiveDirectorygrouppolicymanagementD. networkdevicemanagementE. criticaldevicemanagementCorrectAnswer:ABSection:(none)ExplanationExpIanationZReference:QUESTION62WhichTalosreputationcenterallowsyoutotrackthereputationofIPaddressesforemailandwebtraffic?A. IPBlacklistCenterB. FileReputationCenterC. AMPReputationCenterD. IPandDomainReputationCenterCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION63UnderwhichtwocircumstancesisaCoAissued?(Choosetwo.)A. AnewauthenticationrulewasaddedtothepolicyonthePolicyServicenode.B. AnendpointisdeletedontheIdentityServiceEngineserver.C. AnewIdentitySourceSequenceiscreatedandreferencedintheauthenticationpolicy.D. Anendpointisprofiledforthefirsttime.E. AnewIdentityServiceEngineserverisaddedtothedeploymentwiththeAdministrationpersona.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.htmlQUESTION64WhichsolutioncombinesCiscoIOSandIOSXEcomponentstoenableadministratorstorecognizeapplications,collectandsendnetworkmetricstoCiscoPrimeandotherthird-partymanagementtools,andprioritizeapplicationtraffic?A. CiscoSecurityIntelligenceB. CiscoApplicationVisibilityandControlC. CiscoModelDrivenTelemetryD. CiscoDNACenterCorrectAnSWe匚BSection:(none)ExplanationExpIanationZReference:QUESTION65Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocialengineeringattacks?(Choosetwo.)A. Patchforcross-sitescripting.B. Performbackupstotheprivatecloud.C. Protectagainstinputvalidationandcharacterescapesintheendpoint.D. Installaspamandvirusemailfilter.E. Protectsystemswithanup-to-dateantimalwareprogram.CorrectAnswer:DESection:(none)ExplanationExpIanationZReference:QUESTION66AnengineerusedaposturecheckonaMicrosoftWindowsendpointanddiscoveredthattheMS17-OlOpatchwasnotinstalled,whichlefttheendpointvulnerabletoWannaCryransomware.Whichtwosolutionsmitigatetheriskofthisransomwareinfection?(Choosetwo.)A. ConfigureaposturepolicyinCiscoIdentityServicesEnginetoinstalltheMS17-010patchbeforeallowingaccessonthenetwork.B. SetupaprofilingpolicyinCiscoIdentityServiceEnginetocheckandendpointpatchlevelbeforeallowingaccessonthenetwork.C. ConfigureaposturepolicyinCiscoIdentityServicesEnginetocheckthatanendpointpatchlevelismetbeforeallowingaccessonthenetwork.D. Configureendpointfirewallpoliciestostoptheexploittrafficfrombeingallowedtorunandreplicatethroughoutthenetwork.E. Setupawell-definedendpointpatchingstrategytoensurethatendpointshavecriticalvulnerabilitiespatchedinatimelyfashion.CorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:QUESTION67DRAGDROPDraganddropthestepsfromtheleftintothecorrectorderontherighttoenableAppDynamicstomonitoranEC2instanceinAmazonWebServices.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference:QUESTION68Whywouldauserchooseanon-premisesESAversustheCESsolution?A. Sensitivedatamustremainonsite.B. Demandisunpredictable.C. Theserverteamwantstooutsourcethisservice.D. ESAisdeployedinline.CorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION69WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?A. DMVPNB. FIexVPNC. IPsecDVTID. GETVPNCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION70WhichCiscosolutiondoesCiscoUmbrellaintegratewithtodetermineifaURLismalicious?A. AMPB. AnyConnectC. DynDNSD. TalosCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION71WhatisthepurposeoftheDecryptforApplicationDetectionfeaturewithintheWSADecryptionoptions?A. ItdecryptsHTTPSapplicationtrafficforunauthenticatedusers.B. ItalertsuserswhentheWSAdecryptstheirtraffic.C. ItdecryptsHTTPSapplicationtrafficforauthenticatedusers.D. ItprovidesenhancedHTTPSapplicationdetectionforAsyncOS.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:serGuide_ll_7/b_WSA_UserGuide_ll_7_chapter_01011.htmlQUESTION72WhatistheprimaryroleoftheCiscoEmailSecurityAppliance?A. MailSubmissionAgentB. MailTransferAgentC. MailDeliveryAgentD. MailUserAgentCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION73WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choosetwo.)A. accountingB. assuranceC. automationD. authenticationE. encryptionCorrectAnswer:BCSection:(none)ExplanationExpIanationZReference:Reference:QUESTION74Whichcloudservicemodeloffersanenvironmentforcloudconsumerstodevelopanddeployapplicationswithoutneedingtomanageormaintaintheunderlyingcloudinfrastructure?A.PaaSB.XaaSC.IaaSD.SaaSCorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION75WhatisarequiredprerequisitetoenablemalwarefilescanningfortheSecureInternetGateway?A. EnableIPLayerenforcement.B. ActivatetheAdvancedMalwareProtectionlicenseC. ActivateSSLdecryption.D. EnableIntelligentProxy.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION76WhichtwofeaturesareusedtoconfigureCiscoESAwithamultilayerapproachtofightvirusesandmalware?(Choosetwo.)A. SophosengineB. whitelistC. RATD. outbreakfiltersE. DLPCorrectAnswer:ADSection:(none)ExplanationExpIanationZReference:QUESTION77HowisCiscoUmbrellaconfiguredtologonlysecurityevents?A. perpolicyB. intheReportingsettingsC. intheSecuritySettingssectionD. pernetworkintheDeploymentssectionCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION78WhatistheprimarydifferencebetweenanEndpointProtectionPlatformandanEndpointDetectionandResponse?A.EPPfocusesonprevention,andEDRfocusesonadvancedthreatsthatevadeperimeterdefenses.B.EDRfocusesonprevention,andEPPfocusesonadvancedthreatsthatevadeperimeterdefenses.C.EPPfocusesonnetworksecurity,andEDRfocusesondevicesecurity.D.EDRfocusesonnetworksecurity,andEPPfocusesondevicesecurity.CorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:endpoint-detection-response-edr.htmlQUESTION79OnwhichpartoftheITenvironmentdoesDevSecOpsfocus?A. applicationdevelopmentB. wirelessnetworkC. datacenterD. perimeternetworkCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION80WhichfunctionsofanSDNarchitecturerequiresouthboundAPIstoenablecommunication?A. SDNcontrollerandthenetworkelementsB. managementconsoleandtheSDNcontrollerC. managementconsoleandthecloudD. SDNcontrollerandthecloudCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION81Whatisacharacteristicoftrafficstormcontrolbehavior?A. Trafficstormcontroldropsallbroadcastandmulticasttrafficifthecombinedtrafficexceedsthelevelwithintheinterval.B. Trafficstormcontrolcannotdetermineifthepacketisunicastorbroadcast.C. Trafficstormcontrolmonitorsincomingtrafficlevelsovera10-secondtrafficstormcontrolinterval.DTrafficstormcontrolusesthelndividualGroupbitinthepacketsourceaddresstodetermineifthepacketisunicastorbroadcast.CorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:/storm.htmlQUESTION82WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo.)A. putB. optionsC.getD.pushE.connectCorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/security/asa/api/qsg-asa-api.htmlQUESTION83InaPaaSmodel,whichlayeristhetenantresponsibleformaintainingandpatching?A. hypervisorB. virtualmachineC. networkD. applicationCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION84AnengineerisconfiguringAMPforendpointsandwantstoblockcertainfilesfromexecuting.Whichoutbreakcontrolmethodisusedtoaccomplishthistask?A. deviceflowcorrelationB. simpledetectionsC. applicationblockinglistD. advancedcustomdetectionsCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:QUESTION85WhichASAdeploymentmodecanprovideseparationofmanagementonasharedappliance?A. DMZmultiplezonemodeB. transparentfirewallmodeC. multiplecontextmodeD. routedmodeCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION86WhichtwodeploymentmodelconfigurationsaresupportedforCiscoFTDvinAWS?(Choosetwo.)A. CiscoFTDvconfiguredinroutedmodeandmanagedbyanFMCvinstalledinAWSB. CiscoFTDvwithonemanagementinterfaceandtwotrafficinterfacesconfiguredC. CiscoFTDvconfiguredinroutedmodeandmanagedbyaphysicalFMCapplianceonpremisesD. CiscoFTDvwithtwomanagementinterfacesandonetrafficinterfaceconfiguredE. CiscoFTDvconfiguredinroutedmodeandIPv6configuredCorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION87WhatcanbeintegratedwithCiscoThreatIntelligenceDirectortoprovideinformationaboutsecuritythreats,whichallowstheSOCtoproactivelyautomateresponsestothosethreats?A. CiscoUmbrellaB. ExternalThreatFeedsC. CiscoThreatGridD. CiscoStealthwatchCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION88Whatprovidesvisibilityandawarenessintowhatiscurrentlyoccurringonthenetwork?A. CMXB. WMIC. PrimeInfrastructureD. TelemetryCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION89WhichattackiscommonlyassociatedwithCandC+programminglanguages?A. cross-sitescriptingB. waterholingC. DDoSD. bufferoverflowCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Buffer_overflowQUESTION90Anengineermustforceanendpointtore-authenticateanalreadyauthenticatedsessionwithoutd
