單項(xiàng)選擇題Which feature is a potential security weakness of a traditional stateful firewall?()

A.It cannot support UDP flows.
B.It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
C.It cannot detect application-layer attacks.
D.The status of TCP sessions is retained in the state table after the sessions terminate.


您可能感興趣的試卷

你可能感興趣的試題

1.單項(xiàng)選擇題Which statement best describes Cisco IOS Zone-Based Policy Firewall?()

A.A router interface can belong to multiple zones.
B.Policy maps are used to classify traffic into different traffic classes, and class maps are used to assignaction to the traffic classes.
C.The pass action works in only one direction
D.A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.

3.單項(xiàng)選擇題As a candidate for CCNA examination, when you are familiar with the basic commands, if you input thecommand "enable secret level 5 password" in the global mode , what does it indicate?()

A.Set the enable secret command to privilege level 5
B.The enable secret password is hashed using MD5
C.The enable secret password is for accessing exec privilege level 5
D.The enable secret password is hashed using SHA
E.The enable secret password is encrypted using Cisco proprietary level 5 encryption

6.單項(xiàng)選擇題Which description about asymmetric encryption algorithms is correct?()

A.They use the same key for encryption and decryption of data.
B.They use different keys for decryption but the same key for encryption of data.
C.They use different keys for encryption and decryption of data.
D.They use the same key for decryption but different keys for encryption of data.

7.單項(xiàng)選擇題For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?()

A.pre-shared key
B.integrity check value
C.XAUTH
D.Diffie-Hellman Nonce

8.單項(xiàng)選擇題

Which description is correct based on the exhibit and partial configuration?()

A.All traffic destined for network 172.16.150.0 will be denied due to the implicit denyall.
B.All traffic from network 10.0.0.0 will be permitted.
C.Access-list 101 will prevent address spoofing from interface E0.
D.This ACL will prevent any host on the Internet from spoofing the inside network address as the sourceaddress for packets coming into the router from the Internet.

9.單項(xiàng)選擇題In a brute-force attack, what percentage of the keyspace must an attacker generally search through until heor she finds the key that decrypts the data?()

A.Roughly 50 percent
B.Roughly 66 percent  ActualTests.com
C.Roughly 75 percent
D.Roughly 10 percent

最新試題

Which two actions can be configured to allow traffic to traverse an interface when zone-based security isbeing employed?()

題型:多項(xiàng)選擇題

For the following options, which feature is the foundation of Cisco Self-Defending Network technology?()

題型:?jiǎn)雾?xiàng)選擇題

Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate?()

題型:?jiǎn)雾?xiàng)選擇題

A standard access control list has been configured on a router and applied to interface Serial 0 in anoutbound direction. No ACL is applied to Interface Serial 1 on the same router. What will happen whentraffic being filtered by the access list does not match the configured ACL statements for Serial 0?()

題型:?jiǎn)雾?xiàng)選擇題

How do you define the authentication method that will be used with AAA?()

題型:?jiǎn)雾?xiàng)選擇題

Which type of MAC address is dynamically learned by a switch port and then added to the switch’s runningconfiguration?()

題型:?jiǎn)雾?xiàng)選擇題

What are two characteristics of the SDM Security Audit wizard?()

題型:多項(xiàng)選擇題

Refer to the exhibit. Based on the VPN connection shown, which statement is true?()

題型:?jiǎn)雾?xiàng)選擇題

Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?()

題型:?jiǎn)雾?xiàng)選擇題

What is the objective of Diffie-Hellman?()

題型:?jiǎn)雾?xiàng)選擇題