1.  Which of the following are potential limitations of using NAT?以下哪些属于NAT的不足?

• A.Embedding address complications嵌入地址并发问题
• B.Private address support complications私有地址支持问题
• C.Logging complications日志并发问题
• D.Overlapping address complications地址重叠问题

2.  Which of the following are valid NAT interface types?以下哪些属于合法的NAT接口类型?

• A.Inside内部接口
• B.Internet互联网接口
• C.Outside外部接口
• D.Broadcast广播接口

3.  Which of the following NAT address types displays the address of the internal hostas seen by external hosts?从外部主机的角度观察，内部主机地址显示为以下哪种NAT地址?

• A.Outside global address外部全局地址
• B.Inside local address内部本地地址
• C.Outside local address外部本地地址
• D.Inside global address内部全局地址

4.  Which of the following NAT types has a one-to-one relationship without a specificexternal address?以下哪种NAT为一对一映射且不存在指定的外部地址?

• A.Static静态NAT
• B.Dynamic动态NAT
• C.Overloaded过载NAT
• D.Overlapping NAT复用

5.  Which command is used to configure static NAT?哪条命令用于配置静态NAT?

• A.ipnat inside source static local-ip remote-ip
• B.ipnat inside source static remote-ip local-ip
• C.ipnat inside static source local-ip remote-ip
• D.ipnat inside static source remote-ip local-ip

6.  Which command is used to configure a NAT pool?哪条命令用于配置NAT地址池?

• A.ip nat pool pool-name ip-address [netmask mask | prefix-length prefix-length]
• B.nat pool pool-name start-ip end-ip [netmask mask | prefix-length prefix-length]
• C.nat pool pool-name ip-address [netmask mask | prefix-length prefix-length]
• D.ipnat pool pool-name start-ip end-ip [netmask mask | prefix-length prefix-length]

7.  Which of the following can be used as an alternative name for Port Address Translation?端口地址转换又被称为：

• A.Dynamic NAT动态NAT
• B.Static NA T静态NAT
• C.Overloaded NAT过载NAT
• D.Overlapping NAT NAT复用

8.  What is the default translation timeout when using dynamic NAT?动态NAT的默认转换条目有效期是多少?

• A.60 minutes 60分钟
• B.24 hours 24小时
• C.5 minutes 5分钟
• D.10 minutes 10分钟

9.  Which command is used to configure an overlapping NAT configuration?哪条命令用于配置NAT复用?

• A.ip nat outside source static local-ip remote-ip
• B.ip nat inside source static local-ip remote-ip
• C.ip nat outside source static remote-ip local-ip
• D.ip nat inside source static remote-ip local-ip

10.  The Context-Based Access Control (CBAC) applies policies using which of the following?基于上下文的访问控制(CBAC)采用以下哪些策略?

• A.inspect statements检测声明
• B.CBAC-policy statements CBAC策略声明
• C.ACLs on interfaces在接口应用ACL
• D.ACLs on zones在区域应用ACL

11.  ZBPFW applies using which of the following? ZPF采用以下哪种特性?

• A.MQC
• B.AIC
• C.ACLs
• D.C3PL

12.  Traffic between zones is only permitted when?仅在何种情况下，流量才能在区域之间传输?

• A.A zone pair is configured. 配置区域对时
• B.The zone is configured. 配置区域时
• C.The zone is assigned to an interface. 区域被分配到接V1时
• D.The ZBPFW feature is enabled. 启用ZPF特性时

13.  Trafficthatis sourced anddestinedwithinthe samezone canbeconfiguredwhenusingatleastwhich IOS version? 从哪种IOS版本开始，Cisco支持源地址与目标地址在同一区域内的流量?

• A.12.4.24T
• B.15.1.0M
• C.15.0.1M
• D.12.3.10

14.  A parameter map is applied inside which of the following?参数图应用在以下哪种特性中?

• A.Class map类型映射
• B.Service map服务映射
• C.Interface接口
• D.Policy map策略映射

15.  Which of the following are valid methods for matching traffic with a class map?采用类型图匹配流量时，以下哪些命令是合法的?

• A.match-all
• B.match-same
• C.match-any
• D.match-none

16.  Which of the following are valid inspect policy map actions?以下哪些属于合法的检测型策略图行为?

• A.police监控
• B.ignore忽I咯
• C.inspect检测
• D.deny拒绝

17.  To configure the ZBPFW for management and control plane traffic, which of the following zones is used?配置ZPF保护管理面与控制面流量时采用以下哪种区域?

• A.Manage管理区域
• B.Self自区域
• C.Router路由区域
• D.Entity实体区域

18.  Which of the following are supposed AIC protocols? 以下哪些属于AIC支持的协议?

• A.AOL Instant Messenger AOL即时通信
• B.TFTP普通文件传输协议
• C.MGCP媒体网关控制协议
• D.H.323

19.  Which of the following parameter map types is used along with HTTP inspection? HTTP检测使用以下哪种参数图类型?

• A.GLOB
• B.Shell外壳
• C.regex正则表达式
• D.inspect检测

20.  What types of security controls are capable of monitoring traffic to detect problems in the network?哪种安全控制机制通过监控流量的行为以发现网络中可能存在的威胁?

• A.Intrusion prevention systems(IPS)入侵防御系统(IPS)
• B.Protocol analyzers协议分析仪
• C.Intrusion detection systems(IDS)入侵防御系统(IDS)
• D.Security policy安全策略

21.  What security controls are capable of monitoring traffic to detect and prevent problems in the network?哪种安全控制机制通过监控流量的行为以发现并阻止网络中可能存在的威胁?

• A.Intrusion detection systems(IDS)入侵防御系统(IDS)
• B.Wireless sniffers无线嗅探器
• C.Intrusion prevention systems(IPS)入侵防御系统(IPS)
• D.None of these answers are correct以上答案均不正确

22.  The software-based IPS can support which of the same analysis features as the hardware IPS appliances?与硬件IPS设备相比，软件IPS具备前者的哪些分析功能?

• A.Some某些功能
• B.All全部功能
• C.None不具备
• D.Most大部分功能

23.  It is highly recommended to deploy all selected signatures initially without putting which type of action in place to permit tuning the sensor for a particular environment to minimize falsepositive and false negative events?强烈建议在初始阶段部署所有签名，但不要为它们设置哪种行为，以便根据不同的环境调节传感器，从而最大程度减少误报和漏报?

• A.Remote远程行为
• B.Passive被动行为
• C.Preventative预防性行为
• D.All of these answers are correct以上答案均不正确

24.  What is an indication of confidence in a signature's performance given the environmentin which it is deployed?哪种指标表示给定网络中所部署签名的可信程度?

• A.Attack Seventy Rating(ASR)攻击严重性评级(ASR)
• B.Signature Fidelity Rating(SFR)签名真实性评级(SFR)
• C.Target Value Rating(TVR)目标值评级(TVR)
• D.Event Risk Rating(ERR)事件风险评级(ERR)

25.  If a license on a router expires, it will no longer be able to do what after the licenseexpiration date?如果许可过期，路由器将无法使用许可截止日期之后的哪种功能?

• A.Apply any signatures created应用任何创建的签名
• B.Analyze traffic分析流量
• C.Take preventative action when a signature is matched在签名匹配时实施预防性行为
• D.None of these answers are correct以上答案均不正确

26.  SDEE uses what kind of communication model for event messages? SDEE采用何种模型处理事件消息?

• A.Pull拉模型
• B.Push推模型
• C.Manual人工模型
• D.None of these answers are correct以上答案均不正确

27.  What is one of the common issues found when deploying Cisco IOS Software IPS sensors to accommodate the signature database?部署软件IOS IPS传感器时，哪种情况会导致无法加载签名数据库?

• A.Lack of router memory路由器内存不足
• B.Insufficient router processor speed路由器CPU性能不足
• C.Insufficient interface throughput接口吞吐量不足
• D.None of these answers are correct以上答案均不正确

1.  A typical NAT implementation includes a single ______ stub host that requires translation to a(n) ______ network. NAT通常用于将单一一个______末端主机地址转换为______网络地址。

2.  Three different types of NAT can be configured: ______, ______, and ______. NAT包括______、______与______等3种类型。

3.  ______ has a many-to-one relationship with traffic conversations being differentiated by port number. ______为多对一映射，每个会话被分配给一个指定端口。

4.  The configuration of ______ requires a local address that will be translated and an external address that will be used in place of this local address on the external network. 配置______时，内部地址被转换为外部地址，后者供外部网络通信使用。

5.  With dynamic NAT, the source address(es) is/are identified through the use of a ______. 在动态NAT中，源地址通过______加以标识。

6.  By default, the translation entry timeout is ______ with dynamic NAT. 默认情况下，动态NAT的转换条目有效期为______。

7.  In a typical NAT configuration，the internal network hosts see the external host address ______. 在典型的NAT配置中，从内部主机的角度观察，外部主机地址______。

8.  A firewall is used to enforce an access policy between ______. 防火墙在______之间执行访问策略。

9.  In IOS versions before 15.0.1M, intrazone traffic was ______ by default. 在Cisco IOS软件版本15.0.1M之前，区域内流量默认被______。

10.  Traffic policy is applied ______ between zones using zone pairs. 通过使用区域对，流量策略在区域之间是______应用的。

11.  Zone pairs can be set up to protect the control and management planes by using the ______. 通过配置______，区域对可以保护控制面与管理面的安全。

12.  The PAM feature is used to map ______ onto ______. PAM特性用于将______映射到______。

13.  With Layer 3/4 traffic, the class map type is always the ______. 三层/四层流量总是使用______类型映射。

14.  When using the inspect type policy map, the creation of a parameter map is ______. 使用检测型策略映射时，参数映射的创建是______。

15.  If no zone pair is defined, traffic will ______ between zones. 如果没有定义区域对，流量将______在区域之间传输。

16.  The URL filter feature provides the ability to ______, ______, or ______ the traffic whose URL matches the configured characteristics. 对于URL与配置条件相互匹配的流量，URL过滤特性可以对其实施______、______或______行为。

17.  When a signature is matched, the Cisco IOS IPS sensors can ______, ______, or ______.一旦签名匹配，Cisco IOS IPS传感器将采取以下3种措施：______、______或______。

18.  A ______ signature is present in router memory and can be enabled without recompiling the signature database. ______ 签名加载在路由器内存中，无需对签名数据库进行重编译就能启用这种签名。

19.  SDEE uses a pull mechanism to pull alerts from IPS sensors over a/an ______ connection. SDEE采用拉模型(pull model)经由 ______ 连接将IPS传感器产生的告警信息“拉”出来。

20.  The signature update license is configured on the router using the ______ command. 通过命令______为路由器配置签名更新许可。

21.  When Cisco SDEE notification is enabled, by default, ______ events can be stored in the local event store. This number can be increased to hold a maximum of ______. 启用Cisco SDEE通告后，本地事件库默认可以保存______个事件，上限为______。

22.  The ______ command can be used to view the events that are written to the local SDEE event store. 命令______显示了保存在本地SDEE事件库中的事件信息。

23.  The ______ command displays all interfaces on which IPS is enabled. 命令______显示所有启用IPS的接口信息。

24.  The Cisco IOS IPS router can send IPS alerts through ______ and can have the ______ feature enabled at the same time. Cisco IOS IPS路由器具备同时通过______发送IPS告警并启用______的能力。