网络工程师题库4.pdf
《网络工程师题库4.pdf》由会员分享,可在线阅读,更多相关《网络工程师题库4.pdf(79页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、思科网络工程师题库201-327Q201.An organization is implementing URL blocking using Cisco UmbrellA.The users areable to go to some sites but other sites are not accessible due to an error.Why is the erroroccurring?A.Client computers do not have the Cisco Umbrella Root CA certificate installed.B.IP-Layer Enforce
2、ment is not configured.C.Client computers do not have an SSL certificate deployed from an internal CA server.D.Intelligent proxy and SSL decryption is disabled in the policy.Answer:AExplanation:Other features are dependent on SSL Decryption functionality,which requires the CiscoUmbrella root certifi
3、cate.Having the SSL Decryption feature improves:Custom URL Blocking-Required to block the HTTPS version of a URLUmbrellas Block Page and Block Page Bypass features present an SSL certificate to browsersthat make connections to HTTPS sites.This SSL certificate matches the requested site but willbe si
4、gned by the Cisco Umbrella certificate authority(CA).If the CA is not trusted by yourbrowser,an error page may be displayed.Typical errors include The security certificatepresented by this website was not issued by atrusted certificate authority(Internet Explorer),The sites security certificate is n
5、ot trusted!(Google Chrome)or This Connection isUntrusted(Mozilla Firefox).Although the error page is expected,the message displayed canbe confusing and you may wish to prevent it from appearing.To avoid these error pages,install the Cisco Umbrella root certificate into your browser or the browsers o
6、f your users-ifyoure a network admin.Reference:https:/docs.umbrellA.com/deployment-umbrella/docs/rebrand-cisco-certificate-import-informationQ202.Which two aspects of the cloud PaaS model are managed by the customer but not theprovider?(Choose two)A.virtualizationB.middlewareC.operating systemsD.app
7、licationsE.dataAnswer:DEExplanation:Service provider managesPa aSApplicatiDataRuntimMiddlewO/SVirtualizaServerStoragNetworkQ203.What is an attribute of the DevSecOps process?A.mandated security controls and check listsB.security scanning and theoretical vulnerabilitiesC.development securityD.isolate
8、d security teamAnswer:CExplanation:DevSecOps(development,security,and operations)is a concept used in recent years todescribe how to move security activities to the start of the development life cycle and havebuilt-in security practices in the continuous integration/continuous deployment(CI/CD)pipel
9、ine.Thus minimizing vulnerabilities and bringing security closer to IT and businessobjectives.Three key things make a real DevSecOps environment:+Security testing is done by the development team.+Issues found during that testing is managed by the development team.+Fixing those issues stays within th
10、e development team.Q204.An engineer notices traffic interruption on the network.Upon further investigation,itis learned that broadcast packets have been flooding the network.What must be configured,based on a predefined threshold,to address this issue?A.Bridge Protocol Data Unit guardB.embedded even
11、t monitoringC.storm controlD.access control listsAnswer:CExplanation:Storm control prevents traffic on a LAN from being disrupted by a broadcast,multicast,orunicast storm on one of the physical interfaces.A LAN storm occurs when packets flood theLAN,creating excessive traffic and degrading network p
12、erformance.Errors in the protocol-stack implementation,mistakes in network configurations,or users issuing a denial-of-serviceattack can cause a storm.By using the storm-control broadcast level falling-threshold wecan limit the broadcast traffic on the switch.Q205.Which two cryptographic algorithms
13、are used with IPsec?(Choose two)A.AES-BACB.AES-ABCC.HMAC-SHA1/SHA2D.Triple AMC-CBCE.AES-CBCAnswer:CEExplanation:Cryptographic algorithms defined for use with IPsec include:+HMAC-SHA1/SHA2 for integrity protection and authenticity.+TripleDES-CBC for confidentiality+AES-CBC and AES-CTR for confidentia
14、lity.+AES-GCM and ChaCha20-Polyl305 providing confidentiality and authentication togetherefficiently.Q206.ln which type of attack does the attacker insert their machine between two hosts thatare communicating with each other?A.LDAP injectionB.man-in-the-middleC.cross-site scriptingD.insecure APIAnsw
15、er:BExplanation:New Questions(added on 2nd-Jan-2021)Q207.Which Dos attack uses fragmented packets to crash a target machine?A.smurfB.MITMC.teardropD.LANDAnswer:CExplanation:A teardrop attack is a denial-of-service(DoS)attack that involves sending fragmentedpackets to a target machine.Since the machi
16、ne receiving such packets cannot reassemblethem due to a bug in TCP/IP fragmentation reassembly,the packets overlap one another,crashing the target network device.This generally happens on older operating systems suchas Windows 3.1x,Windows 95,Windows NT and versions of the Linux kernel prior to 2.1
17、.63.Q208.Why is it important to have logical security controls on endpoints even though theusers are trained to spot security threats and the network devices already help prevent them?A.to prevent theft of the endpointsB.because defense-in-depth stops at the networkC.to expose the endpoint to more t
18、hreatsD.because human error or insider threats will still existAnswer:DQ209,Which type of API is being used when a security application notifies a controller withina software-defined network architecture about a specific security threat?(Choose two)A.westbound APB.southbound APIC.northbound APID.eas
19、tbound APIAnswer:BCQ210.When planning a VPN deployment,for which reason does an engineer opt for anactive/active FlexVPN configuration as opposed to DMVPN?A.Multiple routers or VRFs are required.B.Traffic is distributed statically by default.C.Floating static routes are required.D.HSRP is used for f
20、ailover.Answer:BQ211,Which algorithm provides asymmetric encryption?A.RC4B.AESC.RSAD.3DESAnswer:CQ212.What are two functions of secret key cryptography?(Choose two)A.key selection without integer factorizationB.utilization of different keys for encryption and decryptionC.utilization of large prime n
21、umber iterationsD.provides the capability to only know the key on one sideE.utilization of less memoryAnswer:BDQ213.For Cisco IOS PKI,which two types of Servers are used as a distribution point for CRLs?(Choose two)A.SDPB.LDAPC.subordinate CAD.SCPE.HTTPAnswer:BEExplanation:Cisco IOS public key infra
22、structure(PKI)provides certificate management to support securityprotocols such as IP Security(IPSec),secure shell(SSH),and secure socket layer(SSL).Thismodule identifies and describes concepts that are needed to understand,plan for,andimplement a PKI.A PKI is composed of the following entities:A di
23、stribution mechanism(such as Lightweight Directory Access Protocol LDAP or HTTP)for certificate revocation lists(CRLs)Reference:https:/www.cisco.eom/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/15-mt/sec-pki-15-m t-book/sec-pki-overview.htmlQ214.Which attack type attempts to shut down a ma
24、chine or network so that users are notable to access it?A.smurfB.bluesnarfingC.MAC spoofingD.IP spoofingAnswer:AExplanation:Denial-of-service(DDoS)aims at shutting down a network or service,causing it to beinaccessible to its intended users.The Smurf attack is a DDoS attack in which large numbers of
25、 Internet Control MessageProtocol(ICMP)packets with the intended victims spoofed source IP are broadcast to acomputer network using an IP broadcast address.Q215.What is a difference between DMVPN and sVTI?A.DMVPN supports tunnel encryption,whereas sVTI does not.B.DMVPN supports dynamic tunnel establ
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络工程师 题库
限制150内