8. Which of the following parts of SAFE defines security mechanisms that secure thenetwork infrastructure itself? SAFE架构在哪一部分定义了保护网络基础设施自身的安全机制?
A.Security Control Framework(SCF)安全控制架构
B.Network Foundation Protection (NFP)网络基础保护
C.Network core blueprint网络核心蓝图
D.Integrated Security Protection(ISP)集成安全保护
E.Infrastructure Foundation Protection(IFP)基础设施基础保护
A B C D E
B
9. Which of the following are valid design blueprints defined in SAFE?以下哪些属于SAFE架构定义的设计蓝图?
A.Enterprise Internet edge企业互联网边界
B.External WAN edge外部广域网边界
C.Intranet data center内联网数据中心
D.Enterprise core企业网核心层
E.Internet branch互联网分支
F.ISP connection ISP连接
A B C D E F
ACD
10. A good rule of thumb for "strong" passwords is that they follow which of the following guidelines? 高强度密码的设置规则包括:
A.Should be uppercase and lowercase, numbers, and special characters 由大小写字母、数字以及特殊字符构成
B.Should be complex and documented someplace足够复杂并将其记录在某个地方
C.Should be common words all strung together全部由常见词汇构成
D.Should be documented so that you can reference them将其记录下来以便记忆
E.All of these answers are correct. 以上答案均正确
A B C D E
A
11. Which of the following are the main reasons why security attacks occur?以下哪些是导致网络攻击的主要原因?
A.Lack of effective network security policy缺乏有效的网络安全策略
B.Insecure physical premises物理边界存在漏洞
C.Network configuration weaknesses网络配置存在缺陷
D.Technology weaknesses技术存在缺陷
E.Improperly documented changes未能正确记录参数的变化
A B C D E
ACD
12. Which of the following are the main categories of threats?安全威胁主要分为哪几类?
A.Categorized分类
B.Structured结构化
C.Open开放式
D.Closed封闭式
E.Unstructured非结构化
F.Uncategorized未分类
A B C D E F
BE
13. Which of the following are major network attack types?以下哪些属于主要的网络攻击?
A.Reconnaissance侦察攻击
B.Access访问攻击
C.Distributed分布式攻击
D.Aggressive挑衅攻击
E.DoS拒绝服务攻击
A B C D E
ABE
14. Which of the following are considered to be intruders on a computer system?以下哪类人群属于计算机系统的入侵者?
A.Crackers骇客
B.Hackers黑客
C.Phreakers飞客
D.Script kiddies脚本小子
E.All of these answers are correct. 以上答案均正确
A B C D E
E
15. An intruder who enjoys the challenge of being able to bypass security measures is considered intruding for which of the following reasons?某些入侵者乐于享受突破安全系统时所经历的挑战,他们的动机是什么?
A.Curiosity好奇心
B.Fun and pride乐趣与成就感
C.Revenge报复
D.Profit利益
E.Political purpose政治目的
F.None of these answers are correct. 以上答案均不正确
A B C D E F
B
16. Which of the following areas of the network are the most susceptible to configuration errors affecting security?以下哪种配置错误最容易影响到网络安全?
A.Firewall settings防火墙设置
B.DHCP settings DHCP设置
C.SNMP settings SMNP设置
D.IPS/IDS rules IPS/IDS规则
E.IP assignment settings IP分配设置
A B C D E
ACD
17. Which of the following are methods for performing a fabrication access attack?以下哪些要素可以用于实施捏造访问攻击?
A.Virus病毒
B.DoS拒绝服务
C.Worm蠕虫
D.Spoofing欺骗
E.Trojan horse木马
A B C D E
ACE
18. Which of the following is the functional device plane that provides the ability to allownetwork administrators to connect to the device to execute configuration commands?哪种功能面允许网络管理员接入设备以执行配置命令?
A.Data plane数据面
B.Control plane控制面
C.Management plane管理面
D.Router plane路由器面
A B C D
C
19. Which functional device plane is responsible for building the necessary information that is required to forward data properly?哪种功能面负责提供正确转发数据所需的信息?
A.Control plane控制面
B.Management plane管理而
C.Data plane数据面
D.Backplane背面
A B C D
A
20. Which of the following functional planes forwards data through the device and canapply services such as security or QoS to the data as well?哪种功能面负责设备之间的数据转发与服务执行(如安全或QoS)?
A.Management plane管理而
B.Control plane控制面
C.Data plane数据面
D.Router plane路由器面
A B C D
C
21. Which are the three functional planes on Cisco IOS devices?3种Cisco IOS设备功能面包括:
A.Data plane数据而
B.Control plane控制面
C.Switch backplane交换机背面
D.Management plane管理面
A B C D
ABD
22. Which of the following security controls are found in the core layer of the enterprisedeployment model?企业部署模型核心层采用以下哪些安全控制方式?
A.802.1X user authentication 802.X用户认证
B.VLAN segmentation VLAN分段
C.Device hardening设备加固
D.Routing protocol authentication路由协议认证
A B C D
CD
23. What three Network Foundation Protection deployment models are discussed in this chapter?本章介绍了哪3种NFP部署模型?
A.Enterprise model企业模型
B.SMB model中小企业模型
C.Branch model分支模型
D.Service provider model服务提供商模型
E.Data center model数据中心模型
A B C D E
ABD
24. What tool provides the ability to configure and monitor Cisco Integrated Services Routers through a simple GUI interface and includes many configuration wizards?配置并监控Cisco集成多业务路由器时,可以采用一种具备简单GUI接口与丰富配置向导的软件(或硬件)。这种软件(或硬件)是:
A.Cisco Security Device Manager Cisco安全设备管理器(SDM)
B.Cisco Secure Access Control Server Cisco安全访问控制服务器(Cisco ACS)
C.Cisco IPS Manager Express
D.Cisco Configuration Professional Cisco配置专家(Cisco CP)
A B C D
D
25. What application allows the management of Cisco security devices in very largeenvironmentsand includes policy-based management?哪种应用具备在超大型网络环境中管理Cisco安全设备的能力,并提供基于策略的管理功能?
A.Cisco MARS Cisco监控、分析与响应系统(Cisco MARS)
B.Cisco IOS Certificate Server Cisco IOS证书服务器
C.Cisco Security Manager Cisco安全管理器(CSM)
D.Cisco Secure Access Control Server Cisco安全访问控制服务器(Cisco ACS)
A B C D
C
26. Which management application provides authentication, authorization, and accountingservices and integrates with virtually every area of your environment?哪种管理应用提供认证、授权与结算服务,并能与现有网络实现无缝整合?
A.Cisco MARS Cisco监控、分析与响应系统(Cisco MARS)
B.Cisco IOS Certificate Server Cisco IOS证书服务器
C.Cisco Security Manager Cisco安全管理器(CSM)
D.Cisco Secure Access Control Server Cisco安全访问控制服务器(Cisco ACS)
A B C D
D
27. Which of the following are valid steps in the SAFE architectural lifecycle? SAFE架构寿命周期包括以下哪些阶段?
A.Design设计
B.Optimize优化
C.Operate运行
D.Implement实施
E.All of these answers are correct. 以上答案均正确
A B C D E
E
二、填空题
1. The ______ Security aspect protects network data from being altered in transit. ______可以保护数据在传输过程中不被篡改。
完整性
2. The ______ ensures network and service availability. ______用于确保网络与服务的可用性。
安全控制架构
3. The SCF model defines the harden, isolate, and ______ actions to obtain completecontrol. SCF模型定义了加固、隔离、______等3种行为以实现对数据的完全控制。
执行
4. To provide ______, the SCF defines the identify, monitor, and correlate actions. SCF模型定义了识别、监控、关联等3种行为以实现______。
完全可见性
5. The Network Time Protocol (NTP)is typically used with the ______ SCF action. 网络时间协议(NTP)通常与SCF定义的______行为配合使用。
correlation 关联
6. The design blueprints have been designed around various PINs in a network; PINstands for ______. 设计蓝图中定义了各种PIN,PIN是______的缩写。
网上邻居
7. The SAFE design principle ______ was developed to make sure that designs were easilycapable of meeting industry benchmarks. SAFE架构定义的______设计原则旨在确保网络设计符合行业标准。
执行标准和行业标准
8. The security focuses of service availability, DoS/DDoS protection, data confidentiality/ integrity, and server protection are used most in the ______ design blueprint. 服务可用性、DoS/DDoS保护、数据机密性与完整性、服务器保护主要在______设计蓝图中实现。
内联网数据中心
9. The part of the network that typically connects to end users that all exist within similargeographic areas is defined in the ______ design blueprint. 用于连接某一地理区域内的终端用户的网络定义在______设计蓝图中。
企业园区网
10. The management design blueprint is defined to increase security through the use of the ______ security focuses. 管理设计蓝图采用______以提高网络的安全系数。
网络访问控制,数据机密性及完整性
11. Politics within an organization can cause a lack of ______ within the security policies. 企业或组织内部的争斗倾轧可能导致安全策略缺乏______。
连续性。
12. A good disaster recovery plan must include contingencies for both ______ and ______ security breaches. 一份完备的灾难恢复计划必须同时考虑______与______两个方面的安全突发事件。
物理 虚拟
13. Unauthorized network access is made easier when ______ are implemented on thenetwork. ______会在一定程度上降低攻击者入侵网络的难度。
糟糕的访问控制
14. ______ are individuals who have extensive knowledge of telephone networks and switching equipment. ______是精通电话网与交换设备的一类人群。
飞客(phreaker)
15. Hackers with malicious intent are referred to as ______. 心怀鬼胎的黑客被称为______。
骇客
16. ______ scans scan the service ports of a single host and request different services ateach port. ______扫描是对一台主机的不同端口以及每个端口的不同服务进行扫描。
垂直
17. The most effective way to protect your sensitive data is to save it in a(an) ______ formator to send it through a(an) ______ connection. 保护敏感数据最有效的方法是将它们______保存、______传输。
加密 加密
18. The five core reasons for intruding on a system or network include ______. 导致网络入侵的5个主要原因是______。
好奇心、乐趣与成就、报复、利益和政治目的。
19. Cisco Integrated Services Routers(ISR) differ from the Catalyst switches in that the security features are handled by the ______ in the router as opposed to specialized ASICs. Cisco集成多业务路由器与Cisco Catalyst交换机的不同之处在于,前者的安全功能通过______而非专用ASIC实现。
中央CPU
20. The Cisco Configuration Professional (Cisco CP) is a GUI device-management application for ______. Cisco配置专家(Cisco CP)是一种用于配置______的GUI设备管理软件。
Cisco集成多业务路由器(ISR)
21. ______ is an application from Cisco that can be used to deploy and manage security features on Cisco devices. ______是一种部署并管理Cisco设备安全功能的软件。
Cisco安全管理器
22. ______ is the process of determining that a user is who he says he is. ______ 是验证用户身份的过程。
认证
23. Ensuring that a user can only execute commands for which he has the proper privilegelevel is called ______. ______ 是给予用户执行与自身权限相符的命令的过程。
授权
24. ______ scans scan the service ports of a single host and request different services ateach port. ______扫描是对一台主机的所有端口以及每个端口的不同服务进行扫描。
垂直
25. ______ is a free event-monitoring solution for Cisco IPS events, including the IPS functionality provided by Cisco IOS Software running on a Cisco ISR. ______是一种免费的Cisco IPS事件监控解决方案,包括Cisco集成多业务路由器的IPS功能。
Cisco IPS快速管理器
26. Availability of security features on the Cisco IOS Software Catalyst switch is very ______ dependent. Cisco Catalyst交换机安全功能的可用性与______密切相关。
深色:已答题 浅色:未答题