A.network-based application recognition (NBAR)
B.authentication proxy
C.stateful packet filtering
D.AAA services
E.proxy server
F.IPS
您可能感興趣的試卷
你可能感興趣的試題
A.The IP inspection rule can be applied in the inbound direction on the secured interface.
B.The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C.The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
D.The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
E.For temporary openings to be created dynamically by Cisco IOS Firewall,the access-list for thereturning traffic must be a standard ACL.
F.For temporary openings to be created dynamically by Cisco IOS Firewall,the IP inspection rule must be applied to the secured interface.
Refer to the exhibit. MPLS has been configured on all routers in the domain. In order for R2 and R3 to forward frames between them with label headers, what additional configuration will be required on devices that are attached to the LAN segment?()
A.Decrease the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
B.Increase the maximum MTU requirements on all router interfaces that are attached to the LAN segment.
C.No additional configuration is required. Interface MTU size will be automatically adjusted to accommodate the larger size frames.
D.No additional configuration is required. Frames with larger MTU size will be automatically fragmented and forwarded on all LAN segments.
Refer to the exhibit. The show mpls interfaces detail command has been used to display information about the interfaces on router R1 that have been configured for label switching. Which statement is true about the MPLS edge router R1?()
A.Packets can be labeled and forwarded out interface Fa0/1 because of the MPLS operational status of the interface.
B.Because LSP tunnel labeling has not been enabled on interface Fa0/1, packets cannot be labeled and forwarded out interface Fa0/1.
C.Packets can be labeled and forwarded out interface Fa1/1 because MPLS has been enabled on this interface.
D.Because the MTU size is increased above the size limit, packets cannot be labeled and forwarded out interface Fa1/1.
A.MPLS eliminates the need of an IGP in the core.
B.MPLS reduces the required number of BGP-enabled devices in the core.
C.Reduces routing table lookup since only the MPLS core routers perform routing table lookups.
D.MPLS eliminates the need for fully meshed connections between BGP enabled devices.
A.reset the connection
B.forward the packet
C.check the packet against an ACL
D.drop the packet
A.A static route that points towards the Cisco Easy VPN server is created on the remote client.
B.A static route is created on the Cisco Easy VPN server for the internal IP address of each VPN client.
C.A default route is injected into the route table of the remote client.
D.A default route is injected into the route table of the Cisco Easy VPN server.
A.Configure SNMP with only read-only community strings.
B.Encrypt TFTP and syslog traffic in an IPSec tunnel.
C.Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D.Synchronize the NTP master clock with an Internet atomic clock.
E.Use SNMP version 2.
F.Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.
A.A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B.An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C.There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D.A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E.A received labeled IP packet is forwarded based upon both the label and the IP address.
F.A received labeled packet is forwarded based on the label. After the label is swapped,the newly labeled packet is sent.
A.contain,inoculate,quarantine,and treat
B.inoculate,contain,quarantine,and treat
C.quarantine,contain,inoculate,and treat
D.preparation,identification,traceback,and postmortem
E.preparation,classification,reaction,and treat
F.identification,inoculation,postmortem,and reaction
A.Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.
B.Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.
C.DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.
D.DoS attacks can consist of IP spoofing and DDoS attacks.
E.IP spoofing can be reduced through the use of policy-based routing.
F.IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
最新試題
Which two statements about an IDS are true?()
What are two steps that must be taken when mitigating a worm attack?()
Which two statements are true about broadband cable (HFC) systems?()
When configuring the Cisco VPN Client,what action is required prior to installing Mutual Group Authentication?()
Which two mechanisms can be used to detect IPsec GRE tunnel failures?()
Which two statements about the Cisco AutoSecure feature are true?()
Refer to the exhibit, which shows a PPPoA diagram and partial SOHO77 configuration.Which command needs to be applied to the SOHO77 to complete the configuration?()
Refer to the exhibit. Which statement about the authentication process is true?()
What are three features of the Cisco IOS Firewall feature set?()
Which statement is true about a worm attack?()