网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
Which two network attack statements are true?()
- A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.
- B、Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.
- C、DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.
- D、DoS attacks can consist of IP spoofing and DDoS attacks.
- E、IP spoofing can be reduced through the use of policy-based routing.
- F、IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
参考答案
更多 “Which two network attack statements are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.C、DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.D、DoS attacks can consist of IP spoofing and DDoS attacks.E、IP spoofing can be reduced through the use of policy-based routing.F、IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.” 相关考题
考题
Most computer systems are(165)to two different groups of attacks: Insider attacks and outsider attacks. A system that is known to be(166)to an outsider attack by preventing(167)from outside can still be vulnerable to the insider attacks accomplished by abusive usage of(168)users. Detecting such abusive usage as well as attacks by outsides not only provides information on damage assessment, but also helps to prevent future attacks. These attacks are usually(169)by tools referred to as Intrusion Detection Systems.A.vulnerableB.weekC.sensitivelyD.helpless
考题
Most computer systems are (71) to two different groups of attacks:insider attacks and outsider attacks.A system that is known to be (72) to an outsider attack by preventing(73) from outside can still be vulnerable to the insider attacks accomplished by abusive usage of (74) users.Detecting such abusive usage as well as attacks by outsides not only provides information on damage assessment,but also helps to prevent future attacks.These attacks are usually (75) by tools referred to as Intrusion Detection Systems.(77)A.vulnerableB.weekC.helplessD.sensitively
考题
ICMP is often used in troubleshooting and verifying network. What statements are true regarding ICMP packets? (Choose two)A. They acknowledge receipt of TCP segments.B. They guarantee datagram delivery.C. They can provide hosts with information about network problems.D. They are encapsulated within IP datagrams.E. They are encapsulated within UDP datagrams.F. They are encapsulated within TCP datagrams.
考题
Which two statements regarding traceroute on JUNOS devices are correct?()
A.Traceroute transmits ICMP echo-request packets.B.Traceroute transmits UDP packets.C.Traceroute receives ICMP echo-reply packets.D.Traceroute receives ICMP port-unreachable packets.
考题
Which of the following is NOT true of security attacks?[A] Employees will keep up with security polices and awareness if they are highly-trained.[B] The rate of security attacks appears faster than the growth of the Internet.[C] One's computer system will never be secure.[D] Vulnerabilities can go through phones, wireless devices, and network appliances
考题
What are two methods of mitigating MAC address flooding attacks?()A、Place unused ports in a common VLAN.B、Implement private VLANs.C、Implement DHCP snooping.D、Implement port security.E、Implement VLAN access maps.
考题
Which of the following comparison of Control Plane Policing (CoPP) with Receive ACL(Racl) is correct?()A、CoPP protects against IP spoofing;Racl protects against DoS attacks.B、CoPP can not use named access lists;Racl can use named access listsC、CoPP applies to a dedicated control plane interface;Racl applies to all interfaces.D、CoPP needs a AAA server,Racl does not need a AAA serverE、CoPP supports rate limits;Racl does not support rate limits
考题
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.
考题
A network administrator needs to configure port security on a switch.which two statements are true?()A、The network administrator can apply port security to dynamic access portsB、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.D、The network administrator can apply port security to EtherChannels.E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
考题
You are responsible for increasing the security within the Company LAN. Of the following choices listed below, which is true regarding layer 2 security and mitigation techniques? ()A、 Enable root guard to mitigate ARP address spoofing attacks.B、 Configure DHCP spoofing to mitigate ARP address spoofing attacks.C、 Configure PVLANs to mitigate MAC address flooding attacks.D、 Enable root guard to mitigate DHCP spoofing attacks.E、 Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.F、 Configure port security to mitigate MAC address flooding G、 None of the other alternatives apply
考题
Because of the systems-level approach, Cisco security can defend against widespread attacks from hackers and viruses. What describes the Cisco network security strategy?()A、 Cisco Trust AgentB、 Cisco Self-Defending NetworkC、 Cisco Secure Access ControlD、 Cisco Network Admission Control
考题
Which two statements about common network attacks are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.C、Access attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.D、Reconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.E、Reconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.F、Reconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
考题
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
考题
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
考题
How doTCP SYN attacks take advantage ofTCPto prevent new connections from being established to a host under attack?()A、These attacks send multiple FIN segments forcing TCP connection release.B、These attacks fill up a hosts’ listen queue by failing to ACK partially openedTCPconnections.C、These attacks take advantage of the hosts transmit backoff algorithm by sending jam signals to the host.D、These attacks increment the ISN of each segment by a random number causing constant TCP retransmissions.E、These attacks send TCP RST segments in response toconnection SYN+ACK segments forcing SYN retransmissions.
考题
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
考题
Which three statements are true about Cisco IOS Firewall?()A、It can be configured to block Java traffic.B、It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.C、It can only examine network layer and transport layer information.D、It can only examine transport layer and application layer information.E、The inspection rules can be used to set timeout values for specified protocols.F、The ip inspect cbac-name command must be configured in global configuration mode.
考题
Observe the following options carefully, which two attacks focus on RSA? ()A、BPA attackB、Adaptive chosen ciphertext attackC、DDoS attackD、Man-in-the-middle attack
考题
Which firewall best practices can help mitigate worm and other automated attacks?()A、Segment security zonesB、Restrict access to firewallsC、Use logs and alertsD、Set connection limits
考题
单选题Because of the systems-level approach, Cisco security can defend against widespread attacks from hackers and viruses. What describes the Cisco network security strategy?()A
Cisco Trust AgentB
Cisco Self-Defending NetworkC
Cisco Secure Access ControlD
Cisco Network Admission Control
考题
多选题The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()AAttacks are prevented by utilizing the port-security feature.BAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.CConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.DAn end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.EConfiguring an interface with the switchport mode access command will prevent VLAN hopping.
考题
多选题Which three statements are true about Cisco IOS Firewall?()AIt can be configured to block Java traffic.BIt can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.CIt can only examine network layer and transport layer information.DIt can only examine transport layer and application layer information.EThe inspection rules can be used to set timeout values for specified protocols.FThe ip inspect cbac-name command must be configured in global configuration mode.
考题
多选题What are two methods of mitigating MAC address flooding attacks?()APlace unused ports in a common VLAN.BImplement private VLANs.CImplement DHCP snooping.DImplement port security.EImplement VLAN access maps.
考题
单选题How doTCP SYN attacks take advantage ofTCPto prevent new connections from being established to a host under attack?()A
These attacks send multiple FIN segments forcing TCP connection release.B
These attacks fill up a hosts’ listen queue by failing to ACK partially openedTCPconnections.C
These attacks take advantage of the hosts transmit backoff algorithm by sending jam signals to the host.D
These attacks increment the ISN of each segment by a random number causing constant TCP retransmissions.E
These attacks send TCP RST segments in response toconnection SYN+ACK segments forcing SYN retransmissions.
考题
多选题Which two network attack statements are true?()AAccess attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.BAccess attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.CDoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.DDoS attacks can consist of IP spoofing and DDoS attacks.EIP spoofing can be reduced through the use of policy-based routing.FIP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
考题
多选题Which two statements describe the functions and operations of IDS and IPS systems?()AA network administrator entering a wrong password would generate a true-negative alarm.BA false positive alarm is generated when an IDS/IPS signature is correctly identified.CAn IDS is significantly more advanced over IPS because of its ability to prevent network attacks.DCisco IDS works inline and stops attacks before they enter the network.ECisco IPS taps the network traffic and responds after an attack.FProfile-based intrusion detection is also known as anomaly detection.
考题
多选题Which two statements about common network attacks are true?()AAccess attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.BAccess attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.CAccess attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.DReconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.EReconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.FReconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
热门标签
最新试卷