网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()
- A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
- B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.
- C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
- D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.
- E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
参考答案
更多 “ The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.” 相关考题
考题
Click the Exhibit button.Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? ()(Choose two.)A. DNS traffic is denied.B. HTTP traffic is denied.C. FTP traffic is permitted.D. SMTP traffic is permitted.
考题
Which of the following is NOT true of security attacks?[A] Employees will keep up with security polices and awareness if they are highly-trained.[B] The rate of security attacks appears faster than the growth of the Internet.[C] One's computer system will never be secure.[D] Vulnerabilities can go through phones, wireless devices, and network appliances
考题
Which two network attack statements are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.C、DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.D、DoS attacks can consist of IP spoofing and DDoS attacks.E、IP spoofing can be reduced through the use of policy-based routing.F、IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
考题
The Company security administrator wants to prevent DHCP spoofing. Which statement is true about DHCP spoofing operation?()A、 DHCP spoofing and SPAN cannot be used on the same port of a switch.B、 To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packet.C、 To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry pointing towards the DHCP server.D、 DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.E、 None of the other alternatives apply.
考题
A hacker on the Company network is attempting to hop onto a different VLAN. Which two statements about VLAN hopping are true? ()A、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.B、 Configuring an interface with the "switchport mode dynamic" command will prevent VLAN hopping.C、 Attacks are prevented by utilizing the port-security feature.D、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.E、 An end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.
考题
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.
考题
Which two statements are true about L2TP tunnels?() (Choose two.)A、Traffic is clear textB、Traffic is encryptedC、They are initiated by the LNSD、They are initiated by the LAC
考题
Which three statements are true regarding IDP?()A、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.B、IDP inspects traffic up to the Application layer.C、IDP searches the data stream for specific attack patterns.D、IDP inspects traffic up to the Presentation layer.E、IDP can drop packets, close sessions, prevent future sessions, and log attacks for review by network administrators when an attack is detected.
考题
You are responsible for increasing the security within the Company LAN. Of the following choices listed below, which is true regarding layer 2 security and mitigation techniques? ()A、 Enable root guard to mitigate ARP address spoofing attacks.B、 Configure DHCP spoofing to mitigate ARP address spoofing attacks.C、 Configure PVLANs to mitigate MAC address flooding attacks.D、 Enable root guard to mitigate DHCP spoofing attacks.E、 Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.F、 Configure port security to mitigate MAC address flooding G、 None of the other alternatives apply
考题
The Company security administrator wants to prevent VLAN hopping on the network. What is one method that can be used to do this? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
考题
Which two statements about common network attacks are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.C、Access attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.D、Reconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.E、Reconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.F、Reconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
考题
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
考题
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
考题
Which two statements are true about trust boundaries?()A、Classifying and marking traffic should be done as close to the traffic source as possible. B、Classifying and marking traffic should be done at the distribution layer.C、Traffic is classified and marked as it travels through the network.D、If untrusted traffic enters a switch, it can be marked with a new QoS value appropriate for the policy in place.E、The trust boundary moves depending on the type of traffic entering the network.
考题
Which three statements are true about Cisco IOS Firewall?()A、It can be configured to block Java traffic.B、It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.C、It can only examine network layer and transport layer information.D、It can only examine transport layer and application layer information.E、The inspection rules can be used to set timeout values for specified protocols.F、The ip inspect cbac-name command must be configured in global configuration mode.
考题
Which two statements describe the purpose of a security policy?()A、It enables traffic counting and logging.B、It enforces a set of rules for transit traffic.C、It controls host inbound services on a zone.D、It controls administrator rights to access the device.
考题
Which two statements are true regarding IDP?()A、IDP can be used in conjunction with other JUNOS Software security features such as SCREEN options,zones, and security policy.B、IDP cannot be used in conjunction with other JUNOS Software security features such as SCREEN options, zones, and security policy.C、IDP inspects traffic up to the Presentation layer.D、IDP inspects traffic up to the Application layer.
考题
You are a database administrator for your company. The company runs a popular database-driven Web site against a SQL Server 2005 computer named SQL2. You need to ensure a quick response time and appropriate audit trail in the event that SQL2 experiences excessive traffic due to denial-of-service (DoS) attacks. Which two actions should you perform?()A、Create a new performance alert to monitor the Current Bandwidth counter.B、Create a new performance alert to monitor the Bytes Total/sec counter.C、Configure the new performance alert to start a SQL Server Profiler trace.D、Configure the new performance alert to start a Network Monitor capture.
考题
单选题The Company security administrator wants to prevent DHCP spoofing. Which statement is true about DHCP spoofing operation?()A
DHCP spoofing and SPAN cannot be used on the same port of a switch.B
To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packet.C
To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry pointing towards the DHCP server.D
DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.E
None of the other alternatives apply.
考题
多选题The Company security administrator wants to prevent VLAN hopping on the network. What is one method that can be used to do this? ()AAttacks are prevented by utilizing the port-security feature.BAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.CConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.DAn end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.EConfiguring an interface with the switchport mode access command will prevent VLAN hopping.
考题
多选题The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()AARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.BARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.CMAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.DARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.EMAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
考题
多选题The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()AAttacks are prevented by utilizing the port-security feature.BAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.CConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.DAn end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.EConfiguring an interface with the switchport mode access command will prevent VLAN hopping.
考题
多选题Which three statements are true about Cisco IOS Firewall?()AIt can be configured to block Java traffic.BIt can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.CIt can only examine network layer and transport layer information.DIt can only examine transport layer and application layer information.EThe inspection rules can be used to set timeout values for specified protocols.FThe ip inspect cbac-name command must be configured in global configuration mode.
考题
多选题A hacker on the Company network is attempting to hop onto a different VLAN. Which two statements about VLAN hopping are true? ()AAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.BConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.CAttacks are prevented by utilizing the port-security feature.DConfiguring an interface with the switchport mode access command will prevent VLAN hopping.EAn end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.
考题
单选题The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A
MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B
Port scanners are the most effective defense against dynamic ARP inspection.C
MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D
Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E
DHCP snooping sends unauthorized replies to DHCP queries.F
ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G
None of the other alternatives apply.
考题
多选题Which two statements are true about trust boundaries?()AClassifying and marking traffic should be done as close to the traffic source as possible.BClassifying and marking traffic should be done at the distribution layer.CTraffic is classified and marked as it travels through the network.DIf untrusted traffic enters a switch, it can be marked with a new QoS value appropriate for the policy in place.EThe trust boundary moves depending on the type of traffic entering the network.
考题
多选题Which two statements describe the purpose of a security policy?()AIt enables traffic counting and logging.BIt enforces a set of rules for transit traffic.CIt controls host inbound services on a zone.DIt controls administrator rights to access the device.
热门标签
最新试卷