《CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx》由会员分享,可在线阅读,更多相关《CCNP&CCIE Security SCOR思科认证网络工程师题库2.docx(21页珍藏版)》请在课桌文档上搜索。
1、CCNP/CCIESecuritySCOR题库2QUESTION51AnengineerneedsasolutionforTACACS+authenticationandauthorizationfordeviceadministration.Theengineeralsowantstoenhancewiredandwirelessnetworksecuritybyrequiringusersandendpointstouse802.1X,MAB1orWebAuth.Whichproductmeetsalloftheserequirements?A. CiscoPrimeInfrastruct
2、ureB. CiscoIdentityServicesEngineC. CiscoStealthwatchD. CiscoAMPforEndpointsCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION52Whenwired802,IXauthenticationisimplemented,whichtwocomponentsarerequired?(Choosetwo.)A. authenticationserver:CiscoIdentityServiceEngineB. supplicant:Cis
3、coAnyConnectISEPosturemoduleC. authenticator:CiscoCatalystswitchD. authenticator:CiscoIdentityServicesEngineE. authenticationserver:CiscoPrimeInfrastructureCorrectAnSWe匚ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION53TheCiscoASAmustsupportTLSproxyforencryptedCiscoUrdfiedCommunic
4、ationstraffic.WheremusttheASAbeaddedontheCiscoUCManagerplatform?A.CertificateTrustListB. EndpointTrustListC. EnterpriseProxyServiceD. SecuredCollaborationProxyCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION54WhichAPIisusedforContentSecurity?A. NX-OSAPIB. IOSXRAPIC. O
5、penVuInAPID. AsyncOSAPICorrectAnSWe匚DSection:(none)ExplanationExpIanationZReference:Reference:-0/api/b_SMA_API_12/test_chapter_01.htmlQUESTION55Whichtwobehavioralpatternscharacterizeapingofdeathattack?(Choosetwo.)A. Theattackisfragmentedintogroupsof16octetsbeforetransmission.B. Theattackisfragmented
6、intogroupsof8octetsbeforetransmission.C. ShortsynchronizedburstsoftrafficareusedtodisruptTCPconnections.D. Malformedpacketsareusedtocrashsystems.E. PubliclyaccessibleDNSserversaretypicallyusedtoexecutetheattack.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipe
7、dia.org/wiki/Ping_of_deathQUESTION56Whichtwomechanismsareusedtocontrolphishingattacks?(Choosetwo.)A. Enablebrowseralertsforfraudulentwebsites.B. Definesecuritygroupmemberships.C. RevokeexpiredCRLofthewebsites.D. Useantispywaresoftware.E. Implementemailfilteringtechniques.CorrectAnswer:AESection:(non
8、e)ExplanationExplanation/Reference:QUESTION57WhichVPNtechnologycansupportamultivendorenvironmentandsecuretrafficbetweensites?A. SSLVPNB. GETVPNC. FIexVPND. DMVPNCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:Reference:QUESTION58WhichSNMPv3configurationmustbeusedtosupportthestrongestse
9、curitypossible?A.asa-host(config)smp-servergroupmyv3v3privasa-host(config)smp-serveruserandymyv3authshaciscoprivdesciscXXXXXXXXasa-host(cofig)#snmp-serverhostinside10.255.254.1version3andyB. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscoprivaes256cis
10、cXXXXXXXXasa-host(config)#SnmP-SerVerhostinside10,255.254.1version3andyC. asa-host(config)#snmp-servergroupmyv3v3noauthasa-host(config)snmp-serveruserandymyv3authshaciscopriv3desciscXXXXXXXXasa-host(config)#snmp-serverhostinside10.255.254.1version3andyD. asa-host(cofig)snmp-servergroupmyv3v3privasa-
11、host(config)#snmp-serveruserandymyv3authshaciscoprivaes256ciscXXXXXXXXasa-host(config)#snmp-serverhostinside10,255.254.1version3andyCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION59WhichfeatureissupportedwhendeployingCiscoASAvwithinAWSpubliccloud?A. multiplecontextmodeB. userd
12、eploymentofLayer3networksC. IPv6D. clusteringCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:QUESTION60WhichproxymodemustbeusedonCiscoWSAtoredirectTCPtrafficwithWCCP?A. transparentB. redirectionC. forwardD. proxygatewayCorrectAnswer:ASection:(none)ExplanationExpIanationZRefer
13、ence:Reference:QUESTION61AnMDMprovideswhichtwoadvantagestoanorganizationwithregardstodevicemanagement?(Choosetwo.)A. assetinventorymanagementB. allowedapplicationmanagementC. ActiveDirectorygrouppolicymanagementD. networkdevicemanagementE. criticaldevicemanagementCorrectAnswer:ABSection:(none)Explan
14、ationExpIanationZReference:QUESTION62WhichTalosreputationcenterallowsyoutotrackthereputationofIPaddressesforemailandwebtraffic?A. IPBlacklistCenterB. FileReputationCenterC. AMPReputationCenterD. IPandDomainReputationCenterCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION63Underw
15、hichtwocircumstancesisaCoAissued?(Choosetwo.)A. AnewauthenticationrulewasaddedtothepolicyonthePolicyServicenode.B. AnendpointisdeletedontheIdentityServiceEngineserver.C. AnewIdentitySourceSequenceiscreatedandreferencedintheauthenticationpolicy.D. Anendpointisprofiledforthefirsttime.E. AnewIdentitySe
16、rviceEngineserverisaddedtothedeploymentwiththeAdministrationpersona.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.htmlQUESTION64WhichsolutioncombinesCiscoIOSandIOSXEcomponentstoenableadministratorst
17、orecognizeapplications,collectandsendnetworkmetricstoCiscoPrimeandotherthird-partymanagementtools,andprioritizeapplicationtraffic?A. CiscoSecurityIntelligenceB. CiscoApplicationVisibilityandControlC. CiscoModelDrivenTelemetryD. CiscoDNACenterCorrectAnSWe匚BSection:(none)ExplanationExpIanationZReferen
18、ce:QUESTION65Whichtwoendpointmeasuresareusedtominimizethechancesoffallingvictimtophishingandsocialengineeringattacks?(Choosetwo.)A. Patchforcross-sitescripting.B. Performbackupstotheprivatecloud.C. Protectagainstinputvalidationandcharacterescapesintheendpoint.D. Installaspamandvirusemailfilter.E. Pr
19、otectsystemswithanup-to-dateantimalwareprogram.CorrectAnswer:DESection:(none)ExplanationExpIanationZReference:QUESTION66AnengineerusedaposturecheckonaMicrosoftWindowsendpointanddiscoveredthattheMS17-OlOpatchwasnotinstalled,whichlefttheendpointvulnerabletoWannaCryransomware.Whichtwosolutionsmitigatet
20、heriskofthisransomwareinfection?(Choosetwo.)A. ConfigureaposturepolicyinCiscoIdentityServicesEnginetoinstalltheMS17-010patchbeforeallowingaccessonthenetwork.B. SetupaprofilingpolicyinCiscoIdentityServiceEnginetocheckandendpointpatchlevelbeforeallowingaccessonthenetwork.C. ConfigureaposturepolicyinCi
21、scoIdentityServicesEnginetocheckthatanendpointpatchlevelismetbeforeallowingaccessonthenetwork.D. Configureendpointfirewallpoliciestostoptheexploittrafficfrombeingallowedtorunandreplicatethroughoutthenetwork.E. Setupawell-definedendpointpatchingstrategytoensurethatendpointshavecriticalvulnerabilities
22、patchedinatimelyfashion.CorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:QUESTION67DRAGDROPDraganddropthestepsfromtheleftintothecorrectorderontherighttoenableAppDynamicstomonitoranEC2instanceinAmazonWebServices.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference
23、:QUESTION68Whywouldauserchooseanon-premisesESAversustheCESsolution?A. Sensitivedatamustremainonsite.B. Demandisunpredictable.C. Theserverteamwantstooutsourcethisservice.D. ESAisdeployedinline.CorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION69Whichtechnologymustbeusedtoimplements
24、ecureVPNconnectivityamongcompanybranchesoveraprivateIPcloudwithany-to-anyscalableconnectivity?A. DMVPNB. FIexVPNC. IPsecDVTID. GETVPNCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION70WhichCiscosolutiondoesCiscoUmbrellaintegratewithtodetermineifaURLismalicious?A. AMPB. AnyConnec
25、tC. DynDNSD. TalosCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION71WhatisthepurposeoftheDecryptforApplicationDetectionfeaturewithintheWSADecryptionoptions?A. ItdecryptsHTTPSapplicationtrafficforunauthenticatedusers.B. ItalertsuserswhentheWSAdecryptstheirtraffic.C. ItdecryptsHT
26、TPSapplicationtrafficforauthenticatedusers.D. ItprovidesenhancedHTTPSapplicationdetectionforAsyncOS.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:serGuide_ll_7/b_WSA_UserGuide_ll_7_chapter_01011.htmlQUESTION72WhatistheprimaryroleoftheCiscoEmailSecurityAppliance?A. MailSubmi
27、ssionAgentB. MailTransferAgentC. MailDeliveryAgentD. MailUserAgentCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:QUESTION73WhichtwofeaturesofCiscoDNACenterareusedinaSoftwareDefinedNetworksolution?(Choosetwo.)A. accountingB. assuranceC. automationD. authenticationE. encryptionCorrectAn
28、swer:BCSection:(none)ExplanationExpIanationZReference:Reference:QUESTION74Whichcloudservicemodeloffersanenvironmentforcloudconsumerstodevelopanddeployapplicationswithoutneedingtomanageormaintaintheunderlyingcloudinfrastructure?A.PaaSB.XaaSC.IaaSD.SaaSCorrectAnSWe匚ASection:(none)ExplanationExpIanatio
29、nZReference:QUESTION75WhatisarequiredprerequisitetoenablemalwarefilescanningfortheSecureInternetGateway?A. EnableIPLayerenforcement.B. ActivatetheAdvancedMalwareProtectionlicenseC. ActivateSSLdecryption.D. EnableIntelligentProxy.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION7
30、6WhichtwofeaturesareusedtoconfigureCiscoESAwithamultilayerapproachtofightvirusesandmalware?(Choosetwo.)A. SophosengineB. whitelistC. RATD. outbreakfiltersE. DLPCorrectAnswer:ADSection:(none)ExplanationExpIanationZReference:QUESTION77HowisCiscoUmbrellaconfiguredtologonlysecurityevents?A. perpolicyB.
31、intheReportingsettingsC. intheSecuritySettingssectionD. pernetworkintheDeploymentssectionCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION78WhatistheprimarydifferencebetweenanEndpointProtectionPlatformandanEndpointDetectionandResponse?A.EPPfocusesonprevention,andEDRfoc
32、usesonadvancedthreatsthatevadeperimeterdefenses.B.EDRfocusesonprevention,andEPPfocusesonadvancedthreatsthatevadeperimeterdefenses.C.EPPfocusesonnetworksecurity,andEDRfocusesondevicesecurity.D.EDRfocusesonnetworksecurity,andEPPfocusesondevicesecurity.CorrectAnswer:ASection:(none)ExplanationExpIanatio
33、nZReference:Reference:endpoint-detection-response-edr.htmlQUESTION79OnwhichpartoftheITenvironmentdoesDevSecOpsfocus?A. applicationdevelopmentB. wirelessnetworkC. datacenterD. perimeternetworkCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION80WhichfunctionsofanSDNarchitecturerequ
34、iresouthboundAPIstoenablecommunication?A. SDNcontrollerandthenetworkelementsB. managementconsoleandtheSDNcontrollerC. managementconsoleandthecloudD. SDNcontrollerandthecloudCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION81Whatisacharacteristicoftrafficstormcontrolbehavior?A. T
35、rafficstormcontroldropsallbroadcastandmulticasttrafficifthecombinedtrafficexceedsthelevelwithintheinterval.B. Trafficstormcontrolcannotdetermineifthepacketisunicastorbroadcast.C. Trafficstormcontrolmonitorsincomingtrafficlevelsovera10-secondtrafficstormcontrolinterval.DTrafficstormcontrolusesthelndi
36、vidualGroupbitinthepacketsourceaddresstodetermineifthepacketisunicastorbroadcast.CorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:/storm.htmlQUESTION82WhichtworequestofRESTAPIarevalidontheCiscoASAPlatform?(Choosetwo.)A. putB. optionsC.getD.pushE.connectCorrectAnswer:ACSection:
37、(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/security/asa/api/qsg-asa-api.htmlQUESTION83InaPaaSmodel,whichlayeristhetenantresponsibleformaintainingandpatching?A. hypervisorB. virtualmachineC. networkD. applicationCorrectAnswer:DSection:(none)ExplanationExpIan
38、ationZReference:Reference:QUESTION84AnengineerisconfiguringAMPforendpointsandwantstoblockcertainfilesfromexecuting.Whichoutbreakcontrolmethodisusedtoaccomplishthistask?A. deviceflowcorrelationB. simpledetectionsC. applicationblockinglistD. advancedcustomdetectionsCorrectAnswer:CSection:(none)Explana
39、tionExpIanationZReference:QUESTION85WhichASAdeploymentmodecanprovideseparationofmanagementonasharedappliance?A. DMZmultiplezonemodeB. transparentfirewallmodeC. multiplecontextmodeD. routedmodeCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION86Whichtwodeploymentmodelconfigurations
40、aresupportedforCiscoFTDvinAWS?(Choosetwo.)A. CiscoFTDvconfiguredinroutedmodeandmanagedbyanFMCvinstalledinAWSB. CiscoFTDvwithonemanagementinterfaceandtwotrafficinterfacesconfiguredC. CiscoFTDvconfiguredinroutedmodeandmanagedbyaphysicalFMCapplianceonpremisesD. CiscoFTDvwithtwomanagementinterfacesandon
41、etrafficinterfaceconfiguredE. CiscoFTDvconfiguredinroutedmodeandIPv6configuredCorrectAnswer:ACSection:(none)ExplanationExpIanationZReference:Reference:QUESTION87WhatcanbeintegratedwithCiscoThreatIntelligenceDirectortoprovideinformationaboutsecuritythreats,whichallowstheSOCtoproactivelyautomaterespon
42、sestothosethreats?A. CiscoUmbrellaB. ExternalThreatFeedsC. CiscoThreatGridD. CiscoStealthwatchCorrectAnSWe匚CSection:(none)ExplanationExpIanationZReference:QUESTION88Whatprovidesvisibilityandawarenessintowhatiscurrentlyoccurringonthenetwork?A. CMXB. WMIC. PrimeInfrastructureD. TelemetryCorrectAnSWe匚C
43、Section:(none)ExplanationExpIanationZReference:QUESTION89WhichattackiscommonlyassociatedwithCandC+programminglanguages?A. cross-sitescriptingB. waterholingC. DDoSD. bufferoverflowCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Buffer_overflowQUESTION90Anengineermustforceanendpointtore-authenticateanalreadyauthenticatedsessionwithoutd