- 类型：网络认证大小：1.2M语言：中文 评分：6.6
1. The LWAPP protocol supports which type of native encryption?
2. Which Cisco software agent uses content scanning to identify sensitive content and controls the transfer
of sensitive content off the local endpoint over removable storage, locally or network-attached hardware, or
A. Cisco Trust Agent 2.0
B. Cisco NAC Appliance Agent 4.1.3
C. Cisco NAC Appliance Web Agent 1.0
D. Cisco Security Agent 6.0
E. Cisco IronPortAgent 3.0
3. Cisco Security MARS and Cisco Security Manager can work together to perform which two functions?
A. centralized attacks mitigation commands management
B. centralized syslog storage and management
C. firewall events-to-Cisco Security MARS events correlations
events-to-Cisco Security MARS events correlations
E. false-positive tuning
F. incident-vector analysis
4. Which is used to authenticate remote IPsec VPN users?
C. mode configuration
D. single sign-on (SSO)
E. Diffie-Hellman (DH)
F. pre-shared key
5. Which statement regarding the hybrid user authentication model for remote-access IPsec VPNs is
A. VPN servers authenticate by using pre-shared keys, and users authenticate by using usernames and
B. VPN servers authenticate by using digital certificates, and users authenticate by using usernames and
C. VPN servers authenticate by using digital certificates, and users authenticate by using pre-shared keys.
D. VPN servers and users authenticate by using digital certificates.
E. VPN servers and users authenticate by using pre-shared keys.
6. Cisco IOS Flexible Packet Matching (FPM) is an example of which kind of network security technology?
A. Layer 37 stateless packet filter
B. stateful Layer 7 (application) firewall
C. deep packet inspection (DPI) firewall
D. stateful packet inspection
E. proxy firewall
7. Cisco SSL VPN solution uses the Cisco Secure Desktop to provide which four functionalities? (Choose
A. pre-login assessment
B. application plug-ins
C. secure vault
D. Cache Cleaner
E. Advanced Endpoint Assessment
F. smart tunnel
8. Which of the followings are two of the key criteria to use when sizing which Cisco Security MARS model
to deploy? (Choose two.)
A. monitoring and reporting protocols being used (e.g., syslog versus SNMP)
B. using a one-, two-, or three-tier Cisco Security MARS architecture
C. events-storage requirements
D. database-reporting requirements
E. incoming events per second rate
F. auto-mitigation requirements
9.What should be configured to maintain symmetric flow of traffic when using the Gateway Load Balancing
Protocol to enable high-availability Cisco IOS firewalls?
A. policy-based routing
B. static routing
C. dynamic routing
E. network address translation (NAT)
F. reflexive ACL
10. Which Cisco Security Management product supports both Cisco and third party security products?
A. Cisco IME
B. Cisco ASDM
C. Cisco Security Manager
D. Cisco Security MARS
E. Cisco Configuration Professional
F. Cisco SDM
11. What is the primary reason that GET VPN is not deployed over the public Internet?
A. because GET VPN supports re-keying using multicast only
B. because GET VPN preserves the original source and destination IP addresses, which may be private
addresses that are not routable over the Internet
C. because GET VPN uses IPsec transport mode, which would expose the IP addresses to the public if
using the Internet
D. because the GET VPN group members use multicast to register with the key servers
E. because the GET VPN key servers and group members requires a secure path to exchange the Key
Encryption Key (KEK) and the Trafflc Encryption Key (TEK)
12. What are two differences between symmetric and asymmetric encryption algorithms? (Choose two.)
A. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk encryption.
B. Asymmetric encryption is slower than symmetric encryption.
C. Asymmetric encryption requires a much larger key size to achieve the same level of protection as
D. Symmetric encryption is used in digital signatures and asymmetric encryption is used in HMACs.
13. What is implemented on Cisco IP Phones so that they can authenticate itself before gaining network
A. Cisco Secure Services Client
B. Cisco NAC Appliance Agent (NAA)
C. IEEE 802.1X supplicant
D. AAA client
E. Cisco Security Agent
F. one-time password
14. The Cisco ASA can use which three network controls or technologies to filter network traffic? (Choose
A. stateful packet filters with Application Inspection and Control
B. network IPS with the AIP-SSM
C. adaptive control protocol
D. zone-based policy firewall
E. XML firewalling
F. proxy services with the CSC-SSM
15. The Cisco ACE 4710 Appliance can be used in the enterprise data center to provide which three
functions? (Choose three.)
A. SYN floodin
g attacks protection
B. anti-spoofing protection
C. XML firewalling
D. HTTPS session decryption through SSL/TLS termination
E. HTTP protocol verification