多項(xiàng)選擇題Which three statements are true about Cisco IOS Firewall?()

A.It can be configured to block Java traffic.
B.It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.
C.It can only examine network layer and transport layer information.
D.It can only examine transport layer and application layer information.
E.The inspection rules can be used to set timeout values for specified protocols.
F.The ip inspect cbac-name command must be configured in global configuration mode.


您可能感興趣的試卷

你可能感興趣的試題

1.多項(xiàng)選擇題Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()

A.allows dynamic routing over the tunnel
B.supports multi-protocol (non-IP) traffic over the tunnel
C.reduces IPsec headers overhead since tunnel mode is used
D.simplifies the ACL used in the crypto map
E.uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

2.多項(xiàng)選擇題What are three objectives that the no ip inspect command achieves?()

A.removes the entire CBAC configuration
B.removes all associated static ACLs
C.turns off the automatic audit feature in SDM
D.denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E.resets all global timeouts and thresholds to the defaults
F.deletes all existing sessions

3.多項(xiàng)選擇題

Refer to the exhibit. On the basis of the information that is provided, which two statements are true?()

A.An IPS policy can be edited by choosing the Edit button.
B.Right-clicking on an interface will display a shortcut menu with options to edit an action or to set severity levels.
C.The Edit IPS window is currently in Global Settings view.
D.The Edit IPS window is currently in IPS Policies view.
E.The Edit IPS window is currently in Signatures view.
F.To enable an IPS policy on an interface, click on the interface and deselect Disable.

4.多項(xiàng)選擇題

Refer to the exhibit. On the basis of the information in the exhibit,which two statements are true?()

A.Any traffic matching signature 1107 will generate an alarm, reset the connection,and be dropped.
B.Signature 1102 has been modified, but the changes have not been applied to the router.
C.Signature 1102 has been triggered because of matching traffic.
D.The Edit IPS window is currently displaying the Global Settings information.
E.The Edit IPS window is currently displaying the signatures in Details view.
F.The Edit IPS window is currently displaying the signatures in Summary view.

5.多項(xiàng)選擇題

Refer to the exhibit. Which two statements about the AAA configuration are true?()

A.A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B.If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C.If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D.The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E.To increase security, group radius should be used instead of group tacacs+.
F.Two authentication options are prescribed by the displayed aaa authentication command.

6.多項(xiàng)選擇題

Refer to the exhibit. Which two statements about the SDF Locations window of the IPS Rule wizard are true?()

A.An HTTP SDF file location can be specified by clicking the Add button.
B.If all specified SDF locations fail to load, the signature file that is named default.sdf will be loaded.
C.The Autosave feature automatically saves the SDF alarms if the router crashes.
D.The Autosave feature is automatically enabled for the default built-in signature file.
E.The name of the built-in signature file is default.sdf.
F.The Use Built-In Signatures (as backup) check box is selected by default.

最新試題

Which two statements about an IDS are true?()

題型:多項(xiàng)選擇題

When configuring the Cisco VPN Client,what action is required prior to installing Mutual Group Authentication?()

題型:?jiǎn)雾?xiàng)選擇題

Which three techniques should be used to secure management protocols?()

題型:多項(xiàng)選擇題

If an edge Label Switch Router (LSR) is properly configured,which three combinations are possible?()

題型:多項(xiàng)選擇題

Refer to the exhibit.Which three statements describe the steps that are required to configure an IPsec site-to-site VPN using a GRE tunnel?()

題型:多項(xiàng)選擇題

Which statement is true about a worm attack?()

題型:?jiǎn)雾?xiàng)選擇題

What are the four fields in an MPLS label?()

題型:多項(xiàng)選擇題

Refer to the exhibit. MPLS has been configured on all routers in the domain. In order for R2 and R3 to forward frames between them with label headers, what additional configuration will be required on devices that are attached to the LAN segment?()

題型:?jiǎn)雾?xiàng)選擇題

Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration.Which command needs to be applied to the SOHO77 to complete the configuration?()

題型:?jiǎn)雾?xiàng)選擇題

Which statement about an IPS is true?()

題型:?jiǎn)雾?xiàng)選擇題