《CCNP&CCIE Security SCOR思科认证网络工程师题库1.docx》由会员分享,可在线阅读,更多相关《CCNP&CCIE Security SCOR思科认证网络工程师题库1.docx(19页珍藏版)》请在三一办公上搜索。
1、CCNP/CCIESecuritySCOR题库1ExamAQUESTION1WhichfeaturerequiresanetworkdiscoverypolicyontheCiscoFirepowerNextGenerationIntrusionPreventionSystem?A. securityintelligenceB. impactflagsC. healthmonitoringD. URLfilteringCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION2aaanew-modelradius
2、-serverhost10.0.0.12keysecret12Refertotheexhibit.Whichstatementabouttheauthenticationprotocolusedintheconfigurationistrue?A. TheauthenticationrequestcontainsonlyapasswordB. TheauthenticationrequestcontainsonlyausernameC. Theauthenticationandauthorizationrequestsaregroupedinasinglepacket.D. Thereares
3、eparateauthenticationandauthorizationrequestpackets.CorrectAnswer:CSection:(none)ExplanationExpIanationZReference:QUESTION3Whichtwopreventivemeasuresareusedtocontrolcross-sitescripting?(Choosetwo.)A. Enableclient-sidescriptsonaper-domainbasis.B. Incorporatecontextualoutputecodingescaping.C. Disablec
4、ookieinspectionintheHTMLinspectionengine.D. RununtrustedHTMLinputthroughanHTMLsanitizationengine.E. SameSitecookieattributeshouldnotbeused.CorrectAnswer:ABSection:(none)ExplanationExpIanationZReference:QUESTION4WhichpolicyisusedtocapturehostinformationontheCiscoFirepowerNextGenerationIntrusionPreven
5、tionSystem?A. correlationB. intrusionC. accesscontrolD. networkdiscoveryCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION5InterfaceMACAddressMethociDomainStatusFgSessionIDGi4150050.b6d4.8a60dotlxDATAAuth0A02198200001Gi8430024.c4fe.1832dotlxVOICEAuth0A02198200000Gil0250026.7391.b
6、bdldotlxDATAAuth0A02198200001Gi8280026.ObSe.SldSdotlxVOICEAuth0A02198200000Gi4130025.4593.e575dotlxVOICEAuth0A02198200000GilO/230025.8418.217fdotlxVOICEAuth0A02198200000Gi740025.8418.Ibc7dotlxVOICEAuth0A02198200000Gi770026.ObSe.SOfbdotlxVOICEAuth0A02198200000Gi814c85b.7604.falddotlxDATAAuth0A0219820
7、0001Gil0290026.0b5.528adotlxVOICEAuth0A02198200000Gi420026.0b5e.4f9fdotlxVOICEAuth0A02198200000Gil0300025.4593.e5acdotlxVOICEAuth0A02198200000Gi82968bd.aba5.2e44dotlxVOICEAuth0A02198200001Gi7454ee.75db.d766dotlxDATAAuth0A02198200001Gi234e804.62eb.a658dotlxVOICEAuth0A02198200000Gil022482a.e307.d9c8Id
8、otlxIDATAAuth0A02198200001Gi9220007.b00c.8c3SImabDATAAuth0A02198200000Refertotheexhibit.Whichcommandwasusedtogeneratethisoutputandtoshowwhichportsareauthenticatingwithdotlxormab?A. showauthenticationregistrationsB. showauthenticationmethodC. showdotIxallD. showauthenticationsessionsCorrectAnswer:BSe
9、ction:(none)ExplanationExpIanationZReference:QUESTION6AnengineerisconfiguringaCiscoESAandwantstocontrolwhethertoacceptorrejectemailmessagestoarecipientaddress.Whichlistcontainstheallowedrecipientaddresses?A. SATB. BATC. HATD. RATCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION7
10、WhichtwocapabilitiesdoesTAXIIsupport?(Choosetwo.)A. exchangeB. pullmessagingC. bindingD. correlationE. mitigatingCorrectAnswer:BCSection:(none)ExpIanationZReference:QUESTION8Whichpolicyrepresentsasharedsetoffeaturesorparametersthatdefinetheaspectsofamanageddevicethatarelikelytobesimilartoothermanage
11、ddevicesinadeployment?A. grouppolicyB. accesscontrolpolicyC. devicemanagementpolicyD. platformservicepolicyCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:-config-guide-v622/platform_settings_policies_for_managed_devices.pdfQUESTION9Anadministratorwantstoensurethatallendpoint
12、sarecompliantbeforeusersareallowedaccessonthecorporatenetwork.TheendpointsmusthavethecorporateantivirusapplicationinstalledandberunningthelatestbuildofWindows10.Whatmusttheadministratorimplementtoensurethatalldevicesarecompliantbeforetheyareallowedonthenetwork?A. CiscoIdentityServicesEngineandAnyCon
13、nectPosturemoduleB. CiscoStealthwatchandCiscoIdentityServicesEngineintegrationC. CiscoASAfirewallwithDynamicAccessPoliciesconfiguredD. CiscoIdentityServicesEnginewithPxGridservicesenabledCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION10WhataretwoDetectionandAnalytics
14、EnginesofCognitiveThreatAnalytics?(Choosetwo.)A. dataexfiltrationB. commandandcontrolcommunicationC. intelligentproxyD.snortE.URLcategorizationCorrectAnswer:ABSection:(none)ExplanationExpIanationZReference:Reference:QUESTION11Inwhichformofattackisalternateencoding,suchashexadecimalrepresentation,mos
15、toftenobserved?A. smurfB. distributeddenialofserviceC. cross-sitescriptingD. rootkitexploitCorrectAnswer:CSection:(none)ExplanationExpIanationZReference:QUESTION12WhichtwoconditionsareprerequisitesforstatefulfailoverforIPsec?(Choosetwo.)A. OnlytheIKEconfigurationthatissetupontheactivedevicemustbedup
16、licatedonthestandbydevice;theIPsecconfigurationiscopiedautomatically.B. TheactiveandstandbydevicescanrundifferentversionsoftheCiscoIOSsoftwarebutmustbethesametypeofdevice.C. TheIPsecconfigurationthatissetupontheactivedevicemustbeduplicatedonthestandbydevice.D. OnlytheIPsecconfigurationthatissetupont
17、heactivedevicemustbeduplicatedonthestandbydevice;theIKEconfigurationiscopiedautomatically.E. TheactiveandstandbydevicesmustrunthesameversionoftheCiscoIOSsoftwareandmustbethesametypeofdevice.CorrectAnswer:BCSection:(none)ExplanationExpIanationZReference:Reference:mtsec-vpn-availability-15-mt-booksec-
18、state-fail-ipsec.htmlQUESTION13WhenwebpoliciesareconfiguredinCiscoUmbrella,whatprovidestheabilitytoensurethatdomainsareblockedwhentheyhostmalware,commandandcontrol,phishing,andmorethreats?A. ApplicationControlB. SecurityCategoryBlockingC. ContentCategoryBlockingD. FileAnalysisCorrectAnswer:BSection:
19、(none)ExplanationExpIanationZReference:Reference:CategoriesQUESTION14WhattwomechanismsareusedtoredirectuserstoawebportaltoauthenticatetoISEforguestservices?(Choosetwo.)A. TACACS+B. centralwebauthC. singlesign-onD. multiplefactorauthE. localwebauthCorrectAnswer:BESection:(none)ExplanationExpIanationZ
20、Reference:Reference:2/b_ise_admin_guide_22_chapter_01110.htmlQUESTION15WhichflawdoesanattackerleveragewhenexploitingSQLinjectionvulnerabilities?A. userinputvalidationinawebpageorwebapplicationB. 1.inuxandWindowsoperatingsystemsC. databaseD. webpageimagesCorrectAnswer:CSection:(none)ExplanationExpIan
21、ationZReference:Reference:QUESTION16Whichdeploymentmodelisthemostsecurewhenconsideringriskstocloudadoption?A. publiccloudB. hybridcloudC. communitycloudD. privatecloudCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION17WhatdoestheCloudlockAppsFirewalldotomitigatesecurityconcernsf
22、romanapplicationperspective?A. Itallowstheadministratortoquarantinemaliciousfilessothattheapplicationcanfunction,justnotmaliciously.B. Itdiscoversandcontrolscloudappsthatareconnectedtoacompanyscorporateenvironment.C. Itdeletesanyapplicationthatdoesnotbelonginthenetwork.D. Itsendstheapplicationinform
23、ationtoanadministratortoacton.CorrectAnSWe匚BSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/products/security/cloudlock/index.html#-featuresQUESTION18WhichexfiltrationmethoddoesanattackerusetohideandencodedatainsideDNSrequestsandqueries?A. DNStunnelingB. DNSCryp
24、tC. DNSsecurityD. DNSSECCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:https:/learn-QUESTION19Whichalgorithmprovidesencryptionandauthenticationfordataplanecommunication?A. AES-GCMB. SHA-96C.AES-256D.SHA-384CorrectAnSWe匚ASection:(none)ExplanationExpIanationZReference:QUESTION
25、20Whichtechnologyreducesdatalossbyidentifyingsensitiveinformationstoredinpubliccomputingenvironments?A. CiscoSDAB. CiscoFirepowerC. CiscoHyperFIexD. CiscoCloudlockCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION21snmp-servergroupSNMPv3authaccess15Refertotheexhibit.Wha
26、tdoesthenumber15representinthisconfiguration?A. privilegelevelforanauthorizedusertothisrouterB. accesslistthatidentifiestheSNMPdevicesthatcanaccesstherouterC. intervalinsecondsbetweenSNMPv3authenticationattemptsD. numberofpossiblefailedattemptsuntiltheSNMPv3userislockedoutCorrectAnSWe匚BSection:(none
27、)ExplanationExpIanationZReference:QUESTION22Whichnetworkmonitoringsolutionusesstreamsandpushesoperationaldatatoprovideanearreal-timeviewofactivity?A. SNMPB. SMTPC. syslogD. model-driventelemetryCorrectAnswer:DSection:(none)ExplanationExpIanationZReference:Reference:QUESTION23Whatistheresultofrunning
28、thecryptoisakmpkeyciscXXXXXXXXaddress172.16.0.0command?A. authenticatestheIKEv2peersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXB. authenticatestheIPaddressofthe172.16.0.0/32peerbyusingthekeyciscXXXXXXXXC. authenticatestheIKEvlpeersinthe172.16.0.0/16rangebyusingthekeyciscXXXXXXXXD. securesallthe
29、certificatesintheIKEexchangebyusingthekeyciscXXXXXXXXCorrectAnswer:BSection:(none)ExplanationExpIanationZReference:Reference:QUESTION24WhichtwoprobesareconfiguredtogatherattributesofconnectedendpointsusingCiscoIdentityServicesEngine?(Choosetwo.)A. RADIUSB. TACACS+C. DHCPD. sFlowE. SMTPCorrectAnswer:
30、ACSection:(none)ExplanationExpIanationZReference:Reference:https:/www.cisco.eom/en/US/docs/security/ise/l.0/user_guide/iselO_prof_pol.htmlQUESTION25DRAGDROPDraganddroptheFirepowerNextGenerationIntrustionPreventionSystemdetectorsfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAns
31、wer:Section:(none)ExplanationExpIanationZReference:Reference:-config-guide-v64/detecting_specific_threats.htmlQUESTION26Whichsolutionprotectshybridclouddeploymentworkloadswithapplicationvisibilityandsegmentation?A. NexusB. StealthwatchC. FirepowerD. TetrationCorrectAnswer:DSection:(none)ExplanationE
32、xpIanationZReference:Reference:solution/index.html#-productsQUESTION27Whatarethetwomostcommonlyusedauthenticationfactorsinmultifactorauthentication?(Choosetwo.)A. biometricfactorB. timefactorC. confidentialityfactorD. knowledgefactorE. encryptionfactorCorrectAnswer:ADSection:(none)ExplanationExpIana
33、tionZReference:QUESTION28DRAGDROPDraganddropthecapabilitiesfromtheleftontothecorrecttechnologiesontheright.SelectandPlace:CorrectAnswer:Section:(none)ExplanationExpIanationZReference:QUESTION29WhichtwokeyandblocksizesarevalidforAES?(Choosetwo.)A. 64-bitblocksize,112-bitkeylengthB. 64-bitblocksize,16
34、8-bitkeylengthC. 128-bitblocksize,192-bitkeyIengthD.128-bitblocksize,256-bitkeylengthE.192-bitblocksize,256-bitkeylengthCorrectAnswer:CDSection:(none)ExplanationExpIanationZReference:Reference:https:/en.wikipedia.org/wiki/Advanced_Encryption_StandardQUESTION30HowdoesCiscoUmbrellaarchivelogstoanenter
35、prise-ownedstorage?A. byusingtheApplicationProgrammingInterfacetofetchthelogsB. bysendinglogsviasyslogtoanon-premisesorcloud-basedsyslogserverC. bythesystemadministratordownloadingthelogsfromtheCiscoUmbrellawebportalD. bybeingconfiguredtosendlogstoaself-managedAWSS3bucketCorrectAnswer:DSection:(none
36、)ExplanationExpIanationZReference:Reference:QUESTION31InwhichcloudservicesmodelisthetenantresponsibleforvirtualmachineOSpatching?A. IaaSB. UCaaSC. PaaSD. SaaSCorrectAnswer:ASection:(none)ExplanationExpIanationZReference:Reference:QUESTION32WhichtwodescriptionsofAESencryptionaretrue?(Choosetwo.)A. AE
37、Sislesssecurethan3DES.B. AESismoresecurethan3DES.C. AEScanusea168-bitkeyforencryption.D. AEScanusea256-bitkeyforencryption.E. AESencryptsanddecryptsakeythreetimesinsequence.CorrectAnswer:BDSection:(none)ExplanationExpIanationZReference:Reference:https:/gpdb.docs.pivotal.io/43190/admin_guide/topics/i
38、psec.htmlQUESTION33Whichtechnologyisusedtoimprovewebtrafficperformancebyproxycaching?A. WSAB. FirepowerC. FireSIGHTD. ASACorrectAnswer:ASection:(none)ExplanationExpIanationZReference:QUESTION34WhichstatementabouttheconfigurationofCiscoASANetFIowv9SecureEventLoggingistrue?A. ToviewbandwidthusageforNe
39、tFIowrecords,theQoSfeaturemustbeenabled.B. AsysoptcommandcanbeusedtoenableNSELonaspecificinterface.C. NSELcanbeusedwithoutacollectorconfigured.D. Aflow-exporteventtypemustbedefinedunderapolicy.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION35Whichbenefitdoesendpointsecuritypro
40、videtheoverallsecuritypostureofanorganization?A. Itstreamlinestheincidentresponseprocesstoautomaticallyperformdigitalforensicsontheendpoint.B. Itallowstheorganizationtomitigateweb-basedattacksaslongastheuserisactiveinthedomain.C. Itallowstheorganizationtodetectandrespondtothreatsattheedgeofthenetwor
41、k.D. Itallowstheorganizationtodetectandmitigatethreatsthattheperimetersecuritydevicesdonotdetect.CorrectAnswer:DSection:(none)ExplanationExpIanationZReference:QUESTION36AnengineerconfiguredanewnetworkidentityinCiscoUmbrellabutmustverifythattrafficisbeingroutedthroughtheCiscoUmbrellanetwork.Whichactionteststherouting?A. Ensurethattheclientcomputersarepointingtotheon-premisesDNSservers.B. EnabletheIntelligentProxytovalidatethattrafficisbeingroutedcorrectly.C. AddthepublicIPaddressthattheclientcomputersarebehindtoaCoreIdentity.D. BrowsetoCorrectAnswer
