CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx

上传人：李司机

文档编号：6745692

上传时间：2024-01-18

格式：DOCX

页数：21

大小：37.30KB

《CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx》由会员分享，可在线阅读，更多相关《CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx（21页珍藏版）》请在三一办公上搜索。

1、CCNP/CCIESecuritySCOR题库2QUESTION51AnengineerneedsasolutionforTACACS+authenticationandauthorizationfordeviceadministration.Theengineeralsowantstoenhancewiredandwirelessnetworksecuritybyrequiringusersandendpointstouse802.1X,MAB1orWebAuth.Whichproductmeetsalloftheserequirements?A. CiscoPrimeInfrastruct

2、ureB. CiscoIdentityServicesEngineC. CiscoStealthwatchD. CiscoAMPforEndpointsCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION52Whenwired802,IXauthenticationisimplemented,whichtwocomponentsarerequired?(Choosetwo.)A. authenticationserver:CiscoIdentityServiceEngineB. supplicant:Cis

3、coAnyConnectISEPosturemoduleC. authenticator:CiscoCatalystswitchD. authenticator:CiscoIdentityServicesEngineE. authenticationserver:CiscoPrimeInfrastructureCorrectAnSWe匚ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION53TheCiscoASAmustsupportTLSproxyforencryptedCiscoUrdfiedCommunic

4、ationstraffic.WheremusttheASAbeaddedontheCiscoUCManagerplatform?A.CertificateTrustListB. EndpointTrustListC. EnterpriseProxyServiceD. SecuredCollaborationProxyCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION54WhichAPIisusedforContentSecurity?A. NX-OSAPIB. IOSXRAPIC. O

5、penVuInAPID. AsyncOSAPICorrectAnSWe匚DSection:(none)ExplanationExpIanationZReference:Reference:-0/api/b_SMA_API_12/test_chapter_01.htmlQUESTION55Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo.)A. Theattackisfragmentedintogroupsof16octetsbeforetransmission.B. Theattackisfragmented

6、intogroupsof8octetsbeforetransmission.C. ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.D. Malformedpacketsareusedtocrashsystems.E. PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipe

7、dia.org/wiki/Ping_of_deathQUESTION56Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo.)A. Enablebrowseralertsforfraudulentwebsites.B. Definesecuritygroupmemberships.C. RevokeexpiredCRLofthewebsites.D. Useantispywaresoftware.E. Implementemailfilteringtechniques.CorrectAnswer:AESection:(non

8、e)ExplanationExplanation/Reference:QUESTION57WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?A. SSLVPNB. GETVPNC. FIexVPND. DMVPNCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:Reference:QUESTION58WhichSNMPv3configurationmustbeusedtosupportthestrongestse

9、curitypossible?A.asa-host(config)smp-servergroupmyv3v3privasa-host(config)smp-serveruserandymyv3authshaciscoprivdesciscXXXXXXXXasa-host(cofig)#snmp-serverhostinside10.255.254.1version3andyB. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscoprivaes256cis

10、cXXXXXXXXasa-host(config)#SnmP-SerVerhostinside10,255.254.1version3andyC. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscopriv3desciscXXXXXXXXasa-host(config)#snmp-serverhostinside10.255.254.1version3andyD. asa-host(cofig)snmp-servergroupmyv3v3privasa-

11、host(config)#snmp-serveruserandymyv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside10,255.254.1version3andyCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION59WhichfeatureissupportedwhendeployingCiscoASAvwithinAWSpubliccloud?A. multiplecontextmodeB. userd

12、eploymentofLayer3networksC. IPv6D. clusteringCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:QUESTION60WhichproxymodemustbeusedonCiscoWSAtoredirectTCPtrafficwithWCCP?A. transparentB. redirectionC. forwardD. proxygatewayCorrectAnswer:ASection:(none)ExplanationExpIanationZRefer

13、ence:Reference:QUESTION61AnMDMprovideswhichtwoadvantagestoanorganizationwithregardstodevicemanagement?(Choosetwo.)A. assetinventorymanagementB. allowedapplicationmanagementC. ActiveDirectorygrouppolicymanagementD. networkdevicemanagementE. criticaldevicemanagementCorrectAnswer:ABSection:(none)Explan

14、ationExpIanationZReference:QUESTION62WhichTalosreputationcenterallowsyoutotrackthereputationofIPaddressesforemailandwebtraffic?A. IPBlacklistCenterB. FileReputationCenterC. AMPReputationCenterD. IPandDomainReputationCenterCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION63Underw

15、hichtwocircumstancesisaCoAissued?(Choosetwo.)A. AnewauthenticationrulewasaddedtothepolicyonthePolicyServicenode.B. AnendpointisdeletedontheIdentityServiceEngineserver.C. AnewIdentitySourceSequenceiscreatedandreferencedintheauthenticationpolicy.D. Anendpointisprofiledforthefirsttime.E. AnewIdentitySe

16、rviceEngineserverisaddedtothedeploymentwiththeAdministrationpersona.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.htmlQUESTION64WhichsolutioncombinesCiscoIOSandIOSXEcomponentstoenableadministratorst

17、orecognizeapplications,collectandsendnetworkmetricstoCiscoPrimeandotherthird-partymanagementtools,andprioritizeapplicationtraffic?A. CiscoSecurityIntelligenceB. CiscoApplicationVisibilityandControlC. CiscoModelDrivenTelemetryD. CiscoDNACenterCorrectAnSWe匚BSection:(none)ExplanationExpIanationZReferen

18、ce:QUESTION65Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocialengineeringattacks?(Choosetwo.)A. Patchforcross-sitescripting.B. Performbackupstotheprivatecloud.C. Protectagainstinputvalidationandcharacterescapesintheendpoint.D. Installaspamandvirusemailfilter.E. Pr

19、otectsystemswithanup-to-dateantimalwareprogram.CorrectAnswer:DESection:(none)ExplanationExpIanationZReference:QUESTION66AnengineerusedaposturecheckonaMicrosoftWindowsendpointanddiscoveredthattheMS17-OlOpatchwasnotinstalled,whichlefttheendpointvulnerabletoWannaCryransomware.Whichtwosolutionsmitigatet

20、heriskofthisransomwareinfection?(Choosetwo.)A. ConfigureaposturepolicyinCiscoIdentityServicesEnginetoinstalltheMS17-010patchbeforeallowingaccessonthenetwork.B. SetupaprofilingpolicyinCiscoIdentityServiceEnginetocheckandendpointpatchlevelbeforeallowingaccessonthenetwork.C. ConfigureaposturepolicyinCi

21、scoIdentityServicesEnginetocheckthatanendpointpatchlevelismetbeforeallowingaccessonthenetwork.D. Configureendpointfirewallpoliciestostoptheexploittrafficfrombeingallowedtorunandreplicatethroughoutthenetwork.E. Setupawell-definedendpointpatchingstrategytoensurethatendpointshavecriticalvulnerabilities

22、patchedinatimelyfashion.CorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:QUESTION67DRAGDROPDraganddropthestepsfromtheleftintothecorrectorderontherighttoenableAppDynamicstomonitoranEC2instanceinAmazonWebServices.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference

23、:QUESTION68Whywouldauserchooseanon-premisesESAversustheCESsolution?A. Sensitivedatamustremainonsite.B. Demandisunpredictable.C. Theserverteamwantstooutsourcethisservice.D. ESAisdeployedinline.CorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION69Whichtechnologymustbeusedtoimplements

24、ecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?A. DMVPNB. FIexVPNC. IPsecDVTID. GETVPNCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION70WhichCiscosolutiondoesCiscoUmbrellaintegratewithtodetermineifaURLismalicious?A. AMPB. AnyConnec

25、tC. DynDNSD. TalosCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION71WhatisthepurposeoftheDecryptforApplicationDetectionfeaturewithintheWSADecryptionoptions?A. ItdecryptsHTTPSapplicationtrafficforunauthenticatedusers.B. ItalertsuserswhentheWSAdecryptstheirtraffic.C. ItdecryptsHT

26、TPSapplicationtrafficforauthenticatedusers.D. ItprovidesenhancedHTTPSapplicationdetectionforAsyncOS.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:serGuide_ll_7/b_WSA_UserGuide_ll_7_chapter_01011.htmlQUESTION72WhatistheprimaryroleoftheCiscoEmailSecurityAppliance?A. MailSubmi

27、ssionAgentB. MailTransferAgentC. MailDeliveryAgentD. MailUserAgentCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION73WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choosetwo.)A. accountingB. assuranceC. automationD. authenticationE. encryptionCorrectAn

28、swer:BCSection:(none)ExplanationExpIanationZReference:Reference:QUESTION74Whichcloudservicemodeloffersanenvironmentforcloudconsumerstodevelopanddeployapplicationswithoutneedingtomanageormaintaintheunderlyingcloudinfrastructure?A.PaaSB.XaaSC.IaaSD.SaaSCorrectAnSWe匚ASection:(none)ExplanationExpIanatio

29、nZReference:QUESTION75WhatisarequiredprerequisitetoenablemalwarefilescanningfortheSecureInternetGateway?A. EnableIPLayerenforcement.B. ActivatetheAdvancedMalwareProtectionlicenseC. ActivateSSLdecryption.D. EnableIntelligentProxy.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION7

30、6WhichtwofeaturesareusedtoconfigureCiscoESAwithamultilayerapproachtofightvirusesandmalware?(Choosetwo.)A. SophosengineB. whitelistC. RATD. outbreakfiltersE. DLPCorrectAnswer:ADSection:(none)ExplanationExpIanationZReference:QUESTION77HowisCiscoUmbrellaconfiguredtologonlysecurityevents?A. perpolicyB.

31、intheReportingsettingsC. intheSecuritySettingssectionD. pernetworkintheDeploymentssectionCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION78WhatistheprimarydifferencebetweenanEndpointProtectionPlatformandanEndpointDetectionandResponse?A.EPPfocusesonprevention,andEDRfoc

32、usesonadvancedthreatsthatevadeperimeterdefenses.B.EDRfocusesonprevention,andEPPfocusesonadvancedthreatsthatevadeperimeterdefenses.C.EPPfocusesonnetworksecurity,andEDRfocusesondevicesecurity.D.EDRfocusesonnetworksecurity,andEPPfocusesondevicesecurity.CorrectAnswer:ASection:(none)ExplanationExpIanatio

33、nZReference:Reference:endpoint-detection-response-edr.htmlQUESTION79OnwhichpartoftheITenvironmentdoesDevSecOpsfocus?A. applicationdevelopmentB. wirelessnetworkC. datacenterD. perimeternetworkCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION80WhichfunctionsofanSDNarchitecturerequ

34、iresouthboundAPIstoenablecommunication?A. SDNcontrollerandthenetworkelementsB. managementconsoleandtheSDNcontrollerC. managementconsoleandthecloudD. SDNcontrollerandthecloudCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION81Whatisacharacteristicoftrafficstormcontrolbehavior?A. T

35、rafficstormcontroldropsallbroadcastandmulticasttrafficifthecombinedtrafficexceedsthelevelwithintheinterval.B. Trafficstormcontrolcannotdetermineifthepacketisunicastorbroadcast.C. Trafficstormcontrolmonitorsincomingtrafficlevelsovera10-secondtrafficstormcontrolinterval.DTrafficstormcontrolusesthelndi

36、vidualGroupbitinthepacketsourceaddresstodetermineifthepacketisunicastorbroadcast.CorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:/storm.htmlQUESTION82WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo.)A. putB. optionsC.getD.pushE.connectCorrectAnswer:ACSection:

37、(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/security/asa/api/qsg-asa-api.htmlQUESTION83InaPaaSmodel,whichlayeristhetenantresponsibleformaintainingandpatching?A. hypervisorB. virtualmachineC. networkD. applicationCorrectAnswer:DSection:(none)ExplanationExpIan

38、ationZReference:Reference:QUESTION84AnengineerisconfiguringAMPforendpointsandwantstoblockcertainfilesfromexecuting.Whichoutbreakcontrolmethodisusedtoaccomplishthistask?A. deviceflowcorrelationB. simpledetectionsC. applicationblockinglistD. advancedcustomdetectionsCorrectAnswer:CSection:(none)Explana

39、tionExpIanationZReference:QUESTION85WhichASAdeploymentmodecanprovideseparationofmanagementonasharedappliance?A. DMZmultiplezonemodeB. transparentfirewallmodeC. multiplecontextmodeD. routedmodeCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION86Whichtwodeploymentmodelconfigurations

40、aresupportedforCiscoFTDvinAWS?(Choosetwo.)A. CiscoFTDvconfiguredinroutedmodeandmanagedbyanFMCvinstalledinAWSB. CiscoFTDvwithonemanagementinterfaceandtwotrafficinterfacesconfiguredC. CiscoFTDvconfiguredinroutedmodeandmanagedbyaphysicalFMCapplianceonpremisesD. CiscoFTDvwithtwomanagementinterfacesandon

41、etrafficinterfaceconfiguredE. CiscoFTDvconfiguredinroutedmodeandIPv6configuredCorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION87WhatcanbeintegratedwithCiscoThreatIntelligenceDirectortoprovideinformationaboutsecuritythreats,whichallowstheSOCtoproactivelyautomaterespon

42、sestothosethreats?A. CiscoUmbrellaB. ExternalThreatFeedsC. CiscoThreatGridD. CiscoStealthwatchCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION88Whatprovidesvisibilityandawarenessintowhatiscurrentlyoccurringonthenetwork?A. CMXB. WMIC. PrimeInfrastructureD. TelemetryCorrectAnSWe匚C

43、Section:(none)ExplanationExpIanationZReference:QUESTION89WhichattackiscommonlyassociatedwithCandC+programminglanguages?A. cross-sitescriptingB. waterholingC. DDoSD. bufferoverflowCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Buffer_overflowQUESTION90Anengineermustforceanendpointtore-authenticateanalreadyauthenticatedsessionwithoutd