“网络设备安全”自我水平测试评估

“网络设备安全”自我水平测试评估

1. Which option is true about the HTTP server on the Cisco IOS Software? The HTTP server is on by default.

The HTTP server uses MD5 for authentication by default. The HTTP server supports port 80 and 443 by default.

HTTP server requires authentication to provide access to the router. 关于运行Cisco IOS软件的HTTP服务器，哪一个选项正确？

HTTP服务器在默认状态下被启用。

HTTP服务器默认状态下使用MD5进行身份认证。 HTTP服务器默认支持端口80和443。 HTTP服务器要求身份认证以支持接入路由器。

2. Which two places would be the most appropriate place to install your zone-based firewall? (Choose two.) between data center subnets

between the internal network and an external network such as the Internet

between intranet sites

between remote VPN users and the central site VPN server 哪两个地方是最适合安装基于区域的防火墙的位置？ （选择两项。）

数据中心子网之间

内部网络和外部网络（如互联网）之间 内联网站点之间

远程 VPN用户和中央站点VPN服务器之间

3. What command tells you the state of your connection to your IKE SA peer?

show crypto sa show sa peer ipsec show ipsec peer sa show crypto isakmpsa show crypto ipsecsa

哪一命令能够显示出与IKE SA对等体的连接状态？

show crypto sa show sa peer ipsec show ipsec peer sa show crypto isakmpsa show crypto ipsecsa

4. What is a potential security weakness of the traditional stateful firewall? cannot support non-TCP flows

retains the state of the user data packet and dynamically assigned ports

in the state table

cannot track the state of each connection setup to ensure that each connection follows a legitimate TCP three-way handshake cannot detect application-layer attacks 传统的状态防火墙存在哪些潜在的安全漏洞？

不能支持非TCP数据流

保留用户数据包状态和在状态表中动态分配端口

不能跟踪每一个连接设置的状态，以确保每一个连接都遵循合法的TCP三次握手协议。

不能检测到应用层攻击

5. Which option uses IP directed broadcasts to attack a router? smurf attack

TCP SYN flood attack buffer overflow attack MAC flood attack

哪一个选项使用了IP直接广播来攻击路由器？

Smurf攻击 TCP SYN泛洪攻击 缓冲区溢出攻击

MAC泛洪攻击

6. What is the best command for an administrator to use for troubleshooting packet-level authentication issues? debug authentication debug aaa authentication authentication debug aaa show authentication show aaa authentication

管理员在排除数据包一级身份认证问题时应采取的最有效命令是什 么？

debug authentication debug aaa authentication debug aaa authentication show authentication show aaa authentication

7. Your logs reveal that someone has attempted to gain access to an ASA as the administrator. What type of attack does this indicate? Reconnaissance unauthorized access denial of service

man-in-the-middle Smurf

您的日志显示曾有人试图以管理员的身份访问ASA。这一记录表 明出现哪类攻击？

侦察

未经授权的访问 拒绝服务 中间人 smurf

8. If you were asked to define the purpose of a firewall within your network, which option would be your best answer? Firewalls are devices that prevent access to your network. Firewalls are devices that permit access to your network. Firewalls are devices that control access to your network assets. Firewalls are devices that enforce a network access control list.

如果要定义防火墙在网络中的用途，您会选择哪一选项？

防火墙是用于防止接入您网络的设备。 防火墙是用于允许接入您网络的设备。 防火墙是用于控制接入您网络资产的设备。

本文来源：https://www.bwwdw.com/article/nkvt.html