单项选择题Which is a benefit of implementing RFC 2827?()

A.Prevents DoS from legimate, non-hostile end systems
B.Prevents disruption of "special services", such as Mobile IP
C.Defeats DoS Attacks which employ IPSource Address Spoofing
D.Restricts directed broadcasts at the ingress router
E.Allows DHCP or BOOTP packets to reach the relay agents asappropriate

点击查看答案

您可能感兴趣的试卷

你可能感兴趣的试题

1.单项选择题When configuring a Cisco Adaptive Security Appliance in multiple context mode, which of the follow capabilities are supported?()

A. Multicastis supported
B. Dynamic routing protocols are supported
C. VPN configurations are supported
D. Static routes are supported

点击查看答案
2.单项选择题When configuring system state conditions with the Cisco SecurityAgent, what is the resulting action when configuring more than one system state condition? ()

A.Any matching state condition will result with the state being triggered
B. Once a state condition ismet, the system ceases searching further conditions and will cause the state condition to trigger
C. All specified state conditions are used as part of the requirements tobe met to for the state to trigger
D. Once the state conditions are met, they become persistent and can only be removed using the Reset feature

点击查看答案
3.多项选择题The RiskRating for an IPS signatureis calculatedusing four primary components. Select the four components below.   ()

A. SignatureFidelity Rating
B. Alert Severity Rating
C. Exploit Probability Rating
D. Target Value Rating
E. Attack Relevancy Rating

点击查看答案
4.多项选择题An IPS sensor with3 sniffing interfaces can be configuredas:  ()

A. 3 promiscuous sensors
B. 3 inline sensors
C. 1 inline sensor, 1 promiscuous sensor
D. 2 inline sensors, 1 promiscuous sensors

点击查看答案
5.多项选择题Given the topology of a server (with IP 209.165.202.150) protected behind the inside interface of an ASA/PIX,and the Internet on the outside interface. Users on the Internet need to access the server at any time, but the firewall administrator does not want to NAT the address of the server - since itis currentlya public address. Which of the following commands can be used to accomplish this? ()

A. nat (inside) 0 209.165.202.150 255.255.255.255
B. access-list no-nat permit ip host209.165.202.150 anynat(inside) 0 access-list no-nat
C. static(inside,outside) 209.165.202.150 209.165.202.150 netmask 255.255.255.255
D. no nat-control
E. nat (inside) 1 209.165.202.150 255.255.255.255

点击查看答案
6.单项选择题What command can be used toglobally disable the requirement that a translation rulemust exist beforepackets can pass through the firewall?() 

A. nat  0
B. nonat-control
C. access-list
D. none of the above

点击查看答案
7.单项选择题Select thebest answer to this qestion. ASA/PIX Active/Active failover can be used toload-balance:()

A. All traffic passing through theappliance
B. Traffic from internal networks on a per IP basis
C. Based on protocol only.
D. On a per-context basis only.

点击查看答案
8.单项选择题The number of packets (or flows) dropped because they do not conform to the ASA/PIX security policy can be viewed using what command? ()

A. show asp drop
B. show counters drop
C. show security-policy
D. show policy-map

点击查看答案
9.单项选择题ASA/PIXversion 7.0 introduced ModularPolicyFramework (MPF) as anextensible wayto classify traffic,and then apply policies (or actions) to that traffic. MPF at aminimum requires which three commands?()

A. http-map, tcp-map, class-map
B. class-map, tcp-map, policy-map
C. class-map, policy-map, service-map
D. class-map, service-policy, policy-map

点击查看答案
10.单项选择题In PIX versions prior to 7.x, multi-channel protocols were fixedup using the ’fixupprotocol’ command. Inversion 7.0 and higher the ’fixup protocol’commands were replaced by what commands?() 

A. audit 
B. secure 
C. inspect 
D.The fixup protocol commands did not change in

点击查看答案

最新试题

Which SSL protocol takes anapplication message tobe transmitted, fragments the datainto manageable blocks, optionally compresses the data, applies a MAC, encrypts, adds a header, and transmits the resulting unit ina TCPsegment?()

题型:单项选择题

CSA protects your host by: ()

题型:单项选择题

Which two statements are correct about the aaa authentication login default grouptacacs+ localglobal configuration command? ()

题型:多项选择题

When implementing internet standards you are required to follow RFC’s processes and procedures based onwhat RFC?()

题型:单项选择题

Which ones are the two type of ciphers?()

题型:单项选择题

Which of these is the best way to provide sender non-repudiation?()

题型:单项选择题

What Cisco Switch feature best protects against CAM table overflow attacks?()

题型:单项选择题

What technologies are included inAnti-X? ()

题型:多项选择题

Which access methods can CS-MARS use toget configuration information from an Adaptive SecurityAppliance (ASA)? ()

题型:多项选择题

Which Cisco security software product mitigates Day Zero attacks on desktops and servers - stopping known and unknown attacks without requiring reconfigurations or updates on the endpoints?()

题型:单项选择题