版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
CCNP/CCIESecuritySCOR题库2
QUESTION51
AnengineerneedsasolutionforTACACS+authenticationandauthorizationfordevice
administration.Theengineeralsowantstoenhancewiredandwirelessnetworksecuritybyrequiring
usersandendpointstouse802.1X,MAB,orWebAuth.Whichproductmeetsalloftheserequirements?
A.CiscoPrimeInfrastructure
B.CiscoIdentityServicesEngine
C.CiscoStealthwatch
D.CiscoAMPforEndpoints
CorrectAnswer:B
Section:(none)
Explanation
Explanation/Reference:
QUESTION52
Whenwired802.1Xauthenticationisimplemented,whichtwocomponentsarerequired?(Choose
two.)
A.authenticationserver:CiscoIdentityServiceEngine
B.supplicant:CiscoAnyConnectISEPosturemodule
C.authenticator:CiscoCatalystswitch
D.authenticator:CiscoIdentityServicesEngine
E.authenticationserver:CiscoPrimeInfrastructure
CorrectAnswer:AC
Section:(none)
Explanation
Explanation/Reference:
Reference:/blog/ise-series-802.lx
QUESTION53
TheCiscoASAmustsupportTLSproxyforencryptedCiscoUnifiedCommunicationstraffic.Where
musttheASAbeaddedontheCiscoUCManagerplatform?
A.CertificateTrustList
B.EndpointTrustList
C.EnterpriseProxyService
D.SecuredCollaborationProxy
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/security/asa/special/unified-
communications/guide/unified-comm/unified-comm-tlsproxy.html
QUESTION54
WhichAPIisusedforContentSecurity?
A.NX-OSAPI
B.IOSXRAPI
C.OpenVulnAPI
D.AsyncOSAPI
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/security/security_management/sma/smal2
-0/api/b_SMA_API_12/test_chapter_01.html
QUESTION55
Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo.)
A.Theattackisfragmentedintogroupsof16octetsbeforetransmission.
B.Theattackisfragmentedintogroupsof8octetsbeforetransmission.
C.ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.
D.Malformedpacketsareusedtocrashsystems.
E.PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.
CorrectAnswer:BD
Section:(none)
Explanation
Explanation/Reference:
Reference:/wiki/Ping_of_death
QUESTION56
Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo.)
A.Enablebrowseralertsforfraudulentwebsites.
B.Definesecuritygroupmemberships.
C.RevokeexpiredCRLofthewebsites.
D.Useantispywaresoftware.
E.Implementemailfilteringtechniques.
CorrectAnswer:AE
Section:(none)
Explanation
Explanation/Reference:
QUESTION57
WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?
A.SSLVPN
B.GETVPN
C.FlexVPN
D.DMVPN
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/products/collateral/routers/asr-1000-series-
aggregation-services-routers/data_sheet_c78-704277.html
QUESTION58
WhichSNMPv3configurationmustbeusedtosupportthestrongestsecuritypossible?
A.asa-host(config)#snmp-servergroupmyv3v3privasa-host(config)#snmp-serveruserandymyv3
authshaciscoprivdesciscXXXXXXXXasa-host(config)#snmp-serverhostinsideversion
3andy
B.asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)#snmp-serveruserandy
myv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside
version3andy
C.asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)#snmp-serveruserandy
myv3authshaciscopriv3desciscXXXXXXXXasa-host(config)#snmp-serverhostinside
version3andy
D.asa-host(config)#snmp-servergroupmyv3v3privasa-host(config)#snmp-serveruserandy
myv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside
version3andy
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION59
WhichfeatureissupportedwhendeployingCiscoASAvwithinAWSpubliccloud?
A.multiplecontextmode
B.userdeploymentofLayer3networks
C.IPv6
D.clustering
CorrectAnswer:B
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/security/asa/asa96/asav/quick-start-
book/asav-96-qsg/asav-aws.html
QUESTION60
WhichproxymodemustbeusedonCiscoWSAtoredirectTCPtrafficwithWCCP?
A.transparent
B.redirection
C.forward
D.proxygateway
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/support/docs/security/web-security-
appliance/117940-qa-wsa-00.html
QUESTION61
AnMDMprovideswhichtwoadvantagestoanorganizationwithregardstodevicemanagement?
(Choosetwo.)
A.assetinventorymanagement
B.allowedapplicationmanagement
C.ActiveDirectorygrouppolicymanagement
D.networkdevicemanagement
E.criticaldevicemanagement
CorrectAnswer:AB
Section:(none)
Explanation
Explanation/Reference:
QUESTION62
WhichTalosreputationcenterallowsyoutotrackthereputationofIPaddressesforemailandweb
traffic?
A.IPBlacklistCenter
B.FileReputationCenter
C.AMPReputationCenter
D.IPandDomainReputationCenter
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION63
UnderwhichtwocircumstancesisaCoAissued?(Choosetwo.)
A.AnewauthenticationrulewasaddedtothepolicyonthePolicyServicenode.
B.AnendpointisdeletedontheIdentityServiceEngineserver.
C.AnewIdentitySourceSequenceiscreatedandreferencedintheauthenticationpolicy.
D.Anendpointisprofiledforthefirsttime.
E.AnewIdentityServiceEngineserverisaddedtothedeploymentwiththeAdministrationpersona.
CorrectAnswer:BD
Section:(none)
Explanation
Explanation/Reference:
Reference:https://www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.html
QUESTION64
WhichsolutioncombinesCiscoIOSandIOSXEcomponentstoenableadministratorstorecognize
applications,collectandsendnetworkmetricstoCiscoPrimeandotherthird-partymanagement
tools,andprioritizeapplicationtraffic?
A.CiscoSecurityIntelligence
B.CiscoApplicationVisibilityandControl
C.CiscoModelDrivenTelemetry
D.CiscoDNACenter
CorrectAnswer:B
Section:(none)
Explanation
Explanation/Reference:
QUESTION65
Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingand
socialengineeringattacks?(Choosetwo.)
A.Patchforcross-sitescripting.
B.Performbackupstotheprivatecloud.
C.Protectagainstinputvalidationandcharacterescapesintheendpoint.
D.Installaspamandvirusemailfilter.
E.Protectsystemswithanup-to-dateantimalwareprogram.
CorrectAnswer:DE
Section:(none)
Explanation
Explanation/Reference:
QUESTION66
AnengineerusedaposturecheckonaMicrosoftWindowsendpointanddiscoveredthattheMS17-
010patchwasnotinstalled,whichlefttheendpointvulnerabletoWannaCryransomware.Whichtwo
solutionsmitigatetheriskofthisransomwareinfection?(Choosetwo.)
A.ConfigureaposturepolicyinCiscoIdentityServicesEnginetoinstalltheMS17-010patchbefore
allowingaccessonthenetwork.
B.SetupaprofilingpolicyinCiscoIdentityServiceEnginetocheckandendpointpatchlevelbefore
allowingaccessonthenetwork.
C.ConfigureaposturepolicyinCiscoIdentityServicesEnginetocheckthatanendpointpatchlevel
ismetbeforeallowingaccessonthenetwork.
D.Configureendpointfirewallpoliciestostoptheexploittrafficfrombeingallowedtorunand
replicatethroughoutthenetwork.
E.Setupawell-definedendpointpatchingstrategytoensurethatendpointshavecritical
vulnerabilitiespatchedinatimelyfashion.
CorrectAnswer:AC
Section:(none)
Explanation
Explanation/Reference:
QUESTION67
DRAGDROP
DraganddropthestepsfromtheleftintothecorrectorderontherighttoenableAppDynamicsto
monitoranEC2instanceinAmazonWebServices.
SelectandPlace:
CorrectAnswer:
Section:(none)
Explanation
Explanation/Reference:
QUESTION68
Whywouldauserchooseanon-premisesESAversustheCESsolution?
A.Sensitivedatamustremainonsite.
B.Demandisunpredictable.
C.Theserverteamwantstooutsourcethisservice.
D.ESAisdeployedinline.
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
QUESTION69
WhichtechnologymustbeusedtoimplementsecureVPNconnectivityamongcompanybranches
overaprivateIPcloudwithany-to-anyscalableconnectivity?
A.DMVPN
B.FlexVPN
C.IPsecDVTI
D.GETVPN
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION70
WhichCiscosolutiondoesCiscoUmbrellaintegratewithtodetermineifaURLismalicious?
A.AMP
B.AnyConnect
C.DynDNS
D.Talos
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION71
WhatisthepurposeoftheDecryptforApplicationDetectionfeaturewithintheWSADecryption
options?
A.ItdecryptsHTTPSapplicationtrafficforunauthenticatedusers.
B.ItalertsuserswhentheWSAdecryptstheirtraffic.
C.ItdecryptsHTTPSapplicationtrafficforauthenticatedusers.
D.ItprovidesenhancedHTTPSapplicationdetectionforAsyncOS.
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/security/wsa/wsall7/user_guide/b_WSA_U
serGuide_ll_7/b_WSA_UserGuide_ll_7_chapter_01011.html
QUESTION72
WhatistheprimaryroleoftheCiscoEmailSecurityAppliance?
A.MailSubmissionAgent
B.MailTransferAgent
C.MailDeliveryAgent
D.MailUserAgent
CorrectAnswer:B
Section:(none)
Explanation
Explanation/Reference:
QUESTION73
WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choose
two.)
A.accounting
B.assurance
C.automation
D.authentication
E.encryption
CorrectAnswer:BC
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/products/cloud-systems-management/dna-
center/index.html
QUESTION74
Whichcloudservicemodeloffersanenvironmentforcloudconsumerstodevelopanddeploy
applicationswithoutneedingtomanageormaintaintheunderlyingcloudinfrastructure?
A.PaaS
B.XaaS
C.laaS
D.SaaS
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
QUESTION75
WhatisarequiredprerequisitetoenablemalwarefilescanningfortheSecureInternetGateway?
A.EnableIPLayerenforcement.
B.ActivatetheAdvancedMalwareProtectionlicense
C.ActivateSSLdecryption.
D.EnableIntelligentProxy.
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION76
WhichtwofeaturesareusedtoconfigureCiscoESAwithamultilayerapproachtofightvirusesand
malware?(Choosetwo.)
A.Sophosengine
B.whitelist
C.RAT
D.outbreakfilters
E.DLP
CorrectAnswer:AD
Section:(none)
Explanation
Explanation/Reference:
QUESTION77
HowisCiscoUmbrellaconfiguredtologonlysecurityevents?
A.perpolicy
B.intheReportingsettings
C.intheSecuritySettingssection
D.pernetworkintheDeploymentssection
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/deployment-umbrella/docs/log-management
QUESTION78
WhatistheprimarydifferencebetweenanEndpointProtectionPlatformandanEndpointDetection
andResponse?
A.EPPfocusesonprevention,andEDRfocusesonadvancedthreatsthatevadeperimeterdefenses.
B.EDRfocusesonprevention,andEPPfocusesonadvancedthreatsthatevadeperimeterdefenses.
C.EPPfocusesonnetworksecurity,andEDRfocusesondevicesecurity.
D.EDRfocusesonnetworksecurity,andEPPfocusesondevicesecurity.
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/products/security/endpoint-security/what-is-
endpoint-detection-response-edr.html
QUESTION79
OnwhichpartoftheITenvironmentdoesDevSecOpsfocus?
A.applicationdevelopment
B.wirelessnetwork
C.datacenter
D.perimeternetwork
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
QUESTION80
WhichfunctionsofanSDNarchitecturerequiresouthboundAPIstoenablecommunication?
A.SDNcontrollerandthenetworkelements
B.managementconsoleandtheSDNcontroller
C.managementconsoleandthecloud
D.SDNcontrollerandthecloud
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
QUESTION81
Whatisacharacteristicoftrafficstormcontrolbehavior?
A.Trafficstormcontroldropsallbroadcastandmulticasttrafficifthecombinedtrafficexceedsthe
levelwithintheinterval.
B.Trafficstormcontrolcannotdetermineifthepacketisunicastorbroadcast.
C.Trafficstormcontrolmonitorsincomingtrafficlevelsovera10-secondtrafficstormcontrolinterval.
0.TrafficstormcontrolusestheIndividual/Groupbitinthepacketsourceaddresstodetermineifthe
packetisunicastorbroadcast.
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/routers/7600/ios/121E/configuration/guide
/storm.html
QUESTION82
WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo.)
A.put
B.options
C.get
D.push
E.connect
CorrectAnswer:AC
Section:(none)
Explanation
Explanation/Reference:
Reference:https://www.cisco.eom/c/en/us/td/docs/security/asa/api/qsg-asa-api.html
QUESTION83
InaPaaSmodel,whichlayeristhetenantresponsibleformaintainingandpatching?
A.hypervisor
B.virtualmachine
C.network
D.application
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
Reference:https:〃/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and-
how-to-choose/
QUESTION84
AnengineerisconfiguringAMPforendpointsandwantstoblockcertainfilesfromexecuting.Which
outbreakcontrolmethodisusedtoaccomplishthistask?
A.deviceflowcorrelation
B.simpledetections
C.applicationblockinglist
D.advancedcustomdetections
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
QUESTION85
WhichASAdeploymentmodecanprovideseparationofmanagementonasharedappliance?
A.DMZmultiplezonemode
B.transparentfirewallmode
C.multiplecontextmode
D.routedmode
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
QUESTION86
WhichtwodeploymentmodelconfigurationsaresupportedforCiscoFTDvinAWS?(Choosetwo.)
A.CiscoFTDvconfiguredinroutedmodeandmanagedbyanFMCvinstalledinAWS
B.CiscoFTDvwithonemanagementinterfaceandtwotrafficinterfacesconfigured
C.CiscoFTDvconfiguredinroutedmodeandmanagedbyaphysicalFMCapplianceonpremises
D.CiscoFTDvwithtwomanagementinterfacesandonetrafficinterfaceconfigured
E.CiscoFTDvconfiguredinroutedmodeandIPv6configured
CorrectAnswer:AC
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/products/collateral/security/adaptive-security-
virtual-appliance-asav/white-paper-cll-740505.html
QUESTION87
WhatcanbeintegratedwithCiscoThreatIntelligenceDirectortoprovideinformationaboutsecurity
threats,whichallowstheSOCtoproactivelyautomateresponsestothosethreats?
A.CiscoUmbrella
B.ExternalThreatFeeds
C.CiscoThreatGrid
D.CiscoStealthwatch
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
QUESTION88
Whatprovidesvisibilityandawarenessintowhatiscurrentlyoccurringonthenetwork?
A.CMX
B.WMI
C.PrimeInfrastructure
D.Telemetry
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
QUESTION89
WhichattackiscommonlyassociatedwithCandC++programminglanguages?
A.cross-sitescripting
B.waterholing
C.DDoS
D.bufferoverflow
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
Reference:/wiki/Buffer_overflow
QUESTION90
Anengineermustforceanendpointtore-authenticateanalreadyauthenticatedsessionwithout
disruptingtheendpointtoapplyaneworupdatedpolicyfromISE.WhichCoAtypeachievesthis
goal?
A.PortBounce
B.CoATerminate
C.CoAReauth
D.CoASessionQuery
CorrectAnswer:C
Section:(none)
Explanation
Explanation/Reference:
QUESTION91
SysauthcontrolEnabled
DotlxProtocolVersion3
DotlxInfoforGigabitEthernetl/0/12
PAEAUTHENTICATOR
PortcontrolFORCE__AUTHORIZED
ControlDirection=Both
HostModeSINGLE__HOST
QuietPeriod60
ServerTimeout0
SuppTimeout30
ReAuthMax2
MaxReq2
TxPeriod30
Refertotheexhibit.Whichcommandwasusedtodisplaythisoutput?
A.showdotlxall
B.showdotlx
C.showdotlxallsummary
D.showdotlxinterfacegil/0/12
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/ios-xml/ios/sec_usr8021x/configuration/xe-
3se/3850/sec-user-8021x-xe-3se-3850-book/config-ieee-802x-pba.html
QUESTION92
WhichtwopreventiontechniquesareusedtomitigateSQLinjectionattacks?(Choosetwo.)
A.Checkinteger,float,orBooleanstringparameterstoensureaccuratevalues.
B.Usepreparedstatementsandparameterizedqueries.
C.Securetheconnectionbetweenthewebandtheapptier.
D.WriteSQLcodeinsteadofusingobject-relationalmappinglibraries.
E.BlockSQLcodeexecutioninthewebapplicationdatabaselogin.
CorrectAnswer:AB
Section:(none)
Explanation
Explanation/Reference:
Reference:/wiki/SQL_injection
QUESTION93
HowdoesCiscoStealthwatchCloudprovidesecurityforcloudenvironments?
A.Itdeliversvisibilityandthreatdetection.
B.Itpreventsexfiltrationofsensitivedata.
C.ItassignsInternet-basedDNSprotectionforclientsandservers.
D.Itfacilitatessecureconnectivitybetweenpublicandprivatenetworks.
CorrectAnswer:A
Section:(none)
Explanation
Explanation/Reference:
Reference:
/SHIcom/ContentAttachmentlmages/SharedResources/FBLP/Cisco/Ci
sco-091919-Simple-IT-Whitepaper.pdf
QUESTION94
WhichtwoapplicationlayerpreprocessorsareusedbyFirepowerNextGenerationIntrusionPrevention
System?(Choosetwo.)
A.SIP
B.inlinenormalization
C.SSL
D.packetdecoder
E.modbus
CorrectAnswer:AC
Section:(none)
Explanation
Explanation/Reference:
Reference:/c/en/us/td/docs/security/firepower/60/configuration/guide/
fpmc-config-guide-v60/Application_Layer_Preprocessors.html
QUESTION95
WhichfeatureisconfiguredformanageddevicesinthedeviceplatformsettingsoftheFirepower
ManagementCenter?
A.qualityofservice
B.timesynchronization
C.networkaddresstranslations
D.intrusionpolicy
CorrectAnswer:B
Section:(none)
Explanation
Explanation/Reference:
QUESTION96
ThemainfunctionofnorthboundAPIsintheSDNarchitectureistoenablecommunicationbetweenwhich
twoareasofanetwork?
A.SDNcontrollerandthecloud
B.managementconsoleandtheSDNcontrollerC.managementconsoleandthecloud
D.SDNcontrollerandthemanagementsolution
CorrectAnswer:D
Section:(none)
Explanation
Explanation/Reference:
QUESTION97
Gatewayoflastresortis1.1.1.1tonetwork0.0.0.0
S*0.0.0.0[1/0]via1.1.1.1zoutside
Cisdirectlyconnectxoutside
S[1/0]via,inside
Cisdirectlyconnected,inside
Cisdirectlyconnected,dmz
S(1/0]via,dmz
access-listredirect-aclpermitipany
access-listredirect-aclpermitipany
class-mapredirect-class
matchaccess-listredirect-acl
policy-mapinside-policy
class
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 电动汽车为什么要上800V
- 苏教版二年级英语上册期末考试题解析及答案
- 二年级北师大版数学单位换算教学演示
- 动物聚会中的数学奥秘解析
- 北师大版五年级数学下册教案改进
- 圆的面积苏教版课件分享
- 英语四下苏教版易错点分析
- 新版北师大三年级数学下册单元测试卷全解析
- 六年级苏教版数学简便运算的解析与技巧
- 苏教版三年级上册语文课本精讲
- 西方经济思想史(第三版)第08章马尔萨斯的经济思想
- 人教版四年级数学上册 亿以内数的改写和近似数
- 蓝色科技风网络安全共享文明PPT模板
- 一年级上册数学教案-3.2 十几就是十和几 ▏沪教版
- 人教版一年级数学上册:第1-2单元检测卷(含答案)
- 《大数据金融》教学大纲(第六学期)附课程考核标准
- 【预习新知】六年级语文上册预习单
- 泛微协同办公平台e-office产品白皮书
- 绩效评价师考试-随机题库
- 胸腔镜下三切口切除食管癌的手术配合
- 保温装饰一体板(陶瓷薄板)施工方案
评论
0/150
提交评论