A.Configure SNMP with only read-only community strings.
B.Encrypt TFTP and syslog traffic in an IPSec tunnel.
C.Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D.Synchronize the NTP master clock with an Internet atomic clock.
E.Use SNMP version 2.
F.Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.
您可能感兴趣的试卷
你可能感兴趣的试题
A.A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B.An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C.There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D.A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E.A received labeled IP packet is forwarded based upon both the label and the IP address.
F.A received labeled packet is forwarded based on the label. After the label is swapped,the newly labeled packet is sent.
A.contain,inoculate,quarantine,and treat
B.inoculate,contain,quarantine,and treat
C.quarantine,contain,inoculate,and treat
D.preparation,identification,traceback,and postmortem
E.preparation,classification,reaction,and treat
F.identification,inoculation,postmortem,and reaction
A.Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.
B.Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.
C.DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.
D.DoS attacks can consist of IP spoofing and DDoS attacks.
E.IP spoofing can be reduced through the use of policy-based routing.
F.IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
Refer to the exhibit. What statement is true about the interface S1/0 on router R1?()
A.Labeled packets can be sent over an interface.
B.MPLS Layer 2 negotiations have occurred.
C.IP label switching has been disabled on this interface.
D.None of the MPLS protocols have been configured on the interface.
A.A network administrator entering a wrong password would generate a true-negative alarm.
B.A false positive alarm is generated when an IDS/IPS signature is correctly identified.
C.An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.
D.Cisco IDS works inline and stops attacks before they enter the network.
E.Cisco IPS taps the network traffic and responds after an attack.
F.Profile-based intrusion detection is also known as "anomaly detection".
A.Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.
B.Access attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.
C.Access attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.
D.Reconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.
E.Reconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.
F.Reconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
A.It can be configured to block Java traffic.
B.It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.
C.It can only examine network layer and transport layer information.
D.It can only examine transport layer and application layer information.
E.The inspection rules can be used to set timeout values for specified protocols.
F.The ip inspect cbac-name command must be configured in global configuration mode.
A.allows dynamic routing over the tunnel
B.supports multi-protocol (non-IP) traffic over the tunnel
C.reduces IPsec headers overhead since tunnel mode is used
D.simplifies the ACL used in the crypto map
E.uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
A.removes the entire CBAC configuration
B.removes all associated static ACLs
C.turns off the automatic audit feature in SDM
D.denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E.resets all global timeouts and thresholds to the defaults
F.deletes all existing sessions
Refer to the exhibit. On the basis of the information that is provided, which two statements are true?()
A.An IPS policy can be edited by choosing the Edit button.
B.Right-clicking on an interface will display a shortcut menu with options to edit an action or to set severity levels.
C.The Edit IPS window is currently in Global Settings view.
D.The Edit IPS window is currently in IPS Policies view.
E.The Edit IPS window is currently in Signatures view.
F.To enable an IPS policy on an interface, click on the interface and deselect Disable.
最新试题
Refer to the exhibit. What type of security solution will be provided for the inside network?()
Which three statements are true when configuring Cisco IOS Firewall features using the SDM? ()
Which form of DSL technology is typically used as a replacement for T1 lines?()
Refer to the exhibit. Which statement is true about the configuration of split tunnels using SDM?()
Refer to the exhibit.What are the two options that are used to provide High Availability IPsec?()
Which three techniques should be used to secure management protocols?()
Which two statements about the Cisco AutoSecure feature are true?()
Which statement is true when ICMP echo and echo-reply are disabled on edge devices?()
Which statement describes the Authentication Proxy feature?()
Which two statements about an IDS are true?()