思科网络工程师题库4.docx

上传人:p** 文档编号:701236 上传时间:2024-01-16 格式:DOCX 页数:80 大小:275.61KB
下载 相关 举报
思科网络工程师题库4.docx_第1页
第1页 / 共80页
思科网络工程师题库4.docx_第2页
第2页 / 共80页
思科网络工程师题库4.docx_第3页
第3页 / 共80页
思科网络工程师题库4.docx_第4页
第4页 / 共80页
思科网络工程师题库4.docx_第5页
第5页 / 共80页
思科网络工程师题库4.docx_第6页
第6页 / 共80页
思科网络工程师题库4.docx_第7页
第7页 / 共80页
思科网络工程师题库4.docx_第8页
第8页 / 共80页
思科网络工程师题库4.docx_第9页
第9页 / 共80页
思科网络工程师题库4.docx_第10页
第10页 / 共80页
亲,该文档总共80页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

《思科网络工程师题库4.docx》由会员分享,可在线阅读,更多相关《思科网络工程师题库4.docx(80页珍藏版)》请在第壹文秘上搜索。

1、思科网络工程师题库201-327Q201.AnorganizationisimplementingURLblockingusingCiscoUmbreIIA.Theusersareabletogotosomesitesbutothersitesarenotaccessibleduetoanerror.Whyistheerroroccurring?A. ClientcomputersdonothavetheCiscoUmbrellaRootCAcertificateinstalled.B. IP-LayerEnforcementisnotconfigured.C. Clientcomputers

2、donothaveanSSLcertificatedeployedfromaninternalCAserver.D. IntelligentproxyandSSLdecryptionisdisabledinthepolicy.Answer:AExplanation:OtherfeaturesaredependentonSSLDecryptionfunctionality,whichrequirestheCiscoUmbrellarootcertificate.HavingtheSSLDecryptionfeatureimproves:CustomURLBlocking-Requiredtobl

3、ocktheHTTPSversionofaURL.UmbrellasBlockPageandBlockPageBypassfeaturespresentanSSLcertificatetobrowsersthatmakeconnectionstoHTTPSsites.ThisSSLcertificatematchestherequestedsitebutwillbesignedbytheCiscoUmbrellacertificateauthority(CA).IftheCAisnottrustedbyyourbrowser,anerrorpagemaybedisplayed.Typicale

4、rrorsincludeThesecuritycertificatepresentedbythiswebsitewasnotissuedbyatrustedcertificateauthority(InternetExplorer),Thesitessecuritycertificateisnottrusted!(GoogleChrome)orThisConnectionisUntrusted(MozillaFirefox).Althoughtheerrorpageisexpected,themessagedisplayedcanbeconfusingandyoumaywishtopreven

5、titfromappearing.Toavoidtheseerrorpages,installtheCiscoUmbrellarootcertificateintoyourbrowserorthebrowsersofyourusers-ifyoureanetworkadmin.Reference:httpsdocs.umbrellA.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-informationQ202.WhichtwoaspectsofthecloudPaaSmodelaremanagedbythecusto

6、merbutnottheprovider?(Choosetwo)A. virtualizationB. middlewareC. operatingsystemsD.applicationsE.dataServiceprovidermanagesApplicatiRuntiMiddlewVirtualizaServeStoragNetworkAnswer:DEExplanation:PaaSDataO/SQ203.WhatisanattributeoftheDevSecOpsprocess?A. mandatedsecuritycontrolsandchecklistsB. securitys

7、canningandtheoreticalvulnerabilitiesC. developmentsecurityD. isolatedsecurityteamAnswer:CExplanation:DevSecOps(development,security,andoperations)isaconceptusedinrecentyearstodescribehowtomovesecurityactivitiestothestartofthedevelopmentlifecycleandhavebuilt-insecuritypracticesinthecontinuousintegrat

8、ion/continuousdeployment(CICD)pipeline.ThusminimizingvulnerabilitiesandbringingsecurityclosertoITandbusinessobjectives.ThreekeythingsmakearealDevSecOpsenvironment:+Securitytestingisdonebythedevelopmentteam.+Issuesfoundduringthattestingismanagedbythedevelopmentteam.+Fixingthoseissuesstayswithinthedev

9、elopmentteam.Q204.Anengineernoticestrafficinterruptiononthenetwork.Uponfurtherinvestigation,itislearnedthatbroadcastpacketshavebeenfloodingthenetwork.Whatmustbeconfigured,basedonapredefinedthreshold,toaddressthisissue?A. BridgeProtocolDataUnitguardB. embeddedeventmonitoringC. stormcontrolD. accessco

10、ntrollistsAnswer:CExplanation:StormcontrolpreventstrafficonaLANfrombeingdisruptedbyabroadcast,multicast,orunicaststormononeofthephysicalinterfaces.ALANstormoccurswhenpacketsfloodtheLAN,creatingexcessivetrafficanddegradingnetworkperformance.Errorsintheprotocol-stackimplementation,mistakesinnetworkcon

11、figurations,orusersissuingadenial-of-serviceattackcancauseastorm.Byusingthestorm-controlbroadcastlevelfalling-thresholdwecanlimitthebroadcasttrafficontheswitch.Q205.WhichtwocryptographicalgorithmsareusedwithIPsec?(Choosetwo)A. AES-BACB. AES-ABCC. HMAC-SHA1SHA2D. TripleAMC-CBCE. AES-CBCAnswer:CEExpla

12、nation:CryptographicalgorithmsdefinedforusewithIPsecinclude:+HMAC-SHA1SHA2forintegrityprotectionandauthenticity.+TripIeDES-CBCforconfidentiality+AES-CBCandAES-CTRforconfidentiality.+AES-GCMandChaCha20-Polyl305providingconfidentialityandauthenticationtogetherefficiently.Q206.lnwhichtypeofattackdoesth

13、eattackerinserttheirmachinebetweentwohoststhatarecommunicatingwitheachother?A. LDAPinjectionB. ma-i-the-middleC. cross-sitescriptingD. insecureAPIAnswer:BExplanation:NewQuestions(addedon2nd-Jan-2021)Q207.WhichDosattackusesfragmentedpacketstocrashatargetmachine?A. smurfB. MITMC. teardropD. LANDAnswer

14、:CExplanation:Ateardropattackisadenial-of-service(DoS)attackthatinvolvessendingfragmentedpacketstoatargetmachine.SincethemachinereceivingsuchpacketscannotreassemblethemduetoabuginTCP/IPfragmentationreassembly,thepacketsoverlaponeanother,crashingthetargetnetworkdevice.Thisgenerallyhappensonolderopera

15、tingsystemssuchasWindows3.lx,Windows95,WindowsNTandversionsoftheLinuxkernelpriorto2.1.63.Q208.Whyisitimportanttohavelogicalsecuritycontrolsonendpointseventhoughtheusersaretrainedtospotsecuritythreatsandthenetworkdevicesalreadyhelppreventthem?A.topreventtheftoftheendpointsB. becausedefense-in-depthstopsatthenetworkC. toexposetheendpointtomorethreatsD. becausehumanerrororinsiderthreatswillstillexistAnswer:DQ209.WhichtypeofAPIisbeingusedwhenasecurityapplicationnotifiesacontrollerwithinasoftware-definednetworkarchitectureabou

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 资格/认证考试 > 思科认证

copyright@ 2008-2023 1wenmi网站版权所有

经营许可证编号:宁ICP备2022001189号-1

本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。第壹文秘仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知第壹文秘网,我们立即给予删除!