CCSP,642-504,642-533,最新题库
电力调度自动化维护员习题库含参考答案
电力调度自动化维护员习题库含参考答案一、单选题(共38题,每题1分,共38分)1.在Linux中,系统管理员root状态下的提示符是:()。
A、>B、#C、%D、$正确答案:B2.有载调压变压器通过调节()调节变压器变比。
A、分接头位置B、低压侧电压C、高压侧电压D、中压侧电压正确答案:A3.计算机指令一般包括( )和地址码两部分。
A、操作码B、接口地址C、内存地址D、寄存器正确答案:A4.DL/T719-2000、DL/T65101-2002传输规约分别是()。
A、基本远动任务配套标准、电力系统电能累计量传输配套标准B、电力系统电能累计量传输配套标准、基本远动任务配套标准C、配电网自动化系统远方终端标准、基本远动任务配套标准D、电力系统电能累计量传输配套标准、基本远动任务配套标准的网络协议正确答案:B5.电力生产与电网运行应遵循( )的原则。
A、连续、优质、稳定B、连续、优质、可靠C、安全、优质、经济D、安全、稳定、经济正确答案:C6.UPS电源所配的电池一般为( )。
A、开放型液体铅酸电池B、锂电池C、铬镍电池D、免维护阀控铅酸电池正确答案:D7.用电压表测得的交流电压是( )。
A、平均值B、最大值C、有效值D、绝对值正确答案:C8.扩展名为DLL的动态链接文件的特点是( )。
A、可以自由地插入到其他的源程序中使用B、本身不能独立运行,但可以供其他程序在运行时调用C、本身可以独立运行,也可以供其他程序在运行时调用D、本身是一个数据文件,可以与其他程序动态地链接使用正确答案:B9.按《电力监控系统安全防护评估规范》要求,电力监控系统生命周期包含五个基本阶段:规划阶段、设计阶段、()、运行维护阶段和废弃阶段。
A、开发阶段B、实施阶段C、测试阶段D、评估阶段正确答案:B10.状态估计中如果排除( )厂站,潮流分布和实际差异较大,运行方式被人为改变,这种情况下的潮流模拟,没有什么参考价值。
A、降压B、升压C、枢纽D、末端正确答案:C11.将二进制数11011011转化成十进制数应为( )。
Testpassport最新CCDP 642-873题库分享
TThe safer , easier way to help you pass any IT exams.Exam : 642-873Title :Version : DemoDesigning Cisco network Service Architectures(ARCH)The safer , easier way to help you pass any IT exams.1. Which of these Layer 2 access designs does not support VLAN extensions?A. FlexLinksB. loop-free UC. looped squareD. looped triangleE. loop-free inverted UAnswer: B2. Which of these is a Layer 2 transport architecture that provides packet-based transmission optimized for data based on a dual (counter-rotating) ring topology?A. DTPB. RPRC. SDHD. CWDME. DWDMAnswer: B3. Which three of these are elements of the Cisco Unified Wireless Network architecture? (Choose three)A. cell phonesB. remote accessC. mobility servicesD. network managementE. network unificationF. network decentralizationAnswer: CDE4. Refer to the exhibit. Which two of these are correct regarding the recommended practice for distribution layer design? (Choose two.)The safer , easier way to help you pass any IT exams.A. use a redundant link to the coreB. use a Layer 2 link between distribution switchesC. never use a redundant link to the core because of convergence issuesD. use a Layer 3 link between distribution switches with route summarizationE. use a Layer 3 link between distribution switches without route summarizationAnswer: AD5. Which of these terms refers to call issues that cause variations in timing or time of arrival?A. queuingB. jitterC. packet lossD. digitized samplingE. signal-to-noise ratio ratioAnswer: B6. Which two of these are characteristics of an IDS sensor? (Choose two.)A. passively listens to network trafficB. is an active device in the traffic pathC. has a permissive interface that is used to monitor networksD. traffic arrives on one IDS interface and exits on anotherE. has a promiscuous interface that is used to monitor the networkAnswer: AE7. In base e-Commerce module designs, where should firewall perimeters be placed?A. core layerB. Internet boundaryC. aggregation layerD. aggregation and core layersE. access and aggregation layersAnswer: A8. In which two locations in an enterprise network can an IPS sensor be placed? (Choose two.)A. bridging VLANs on two switchesB. bridging two VLANs on one switchC. between two Layer 2 devices with trunkingD. between two Layer 2 devices without trunkingE. between a Layer 2 device and a Layer 3 device with trunkingAnswer: CD9. What is a virtual firewall?A. another name for a firewall deployed in routed modeB. another name for a firewall deployed in transparent modeC. a separation of multiple firewall security contexts on a single firewallD. a firewall that, when deployed in routed mode, can support up to 1000 VLANs per contextE. a firewall that has multiple contexts, all of which share the same policies (such as NAT and ACLs) Answer: C10. In a VoWLAN deployment, what is the recommended separation between cells with the same channel?A. 19 dBmB. 7 dBmC. 10 dBmD. 6 dBmE. 5 dbm to 10 dBmAnswer: A11. Why is STP required when VLANs span access layer switches?A. to ensure a loop-free topologyB. to protect against user-side loopsC. in order to support business applicationsD. because of the risk of lost connectivity without STPE. for the most deterministic and highly available network topologyAnswer: B12. Which site-to-site VPN solution allows Cisco routers, PIX Firewalls, and Cisco hardware clients to act as remote VPN clients in order to receive predefined security policies and configuration parameters from the VPN headend at the central site?A. Easy VPNB. GRE tunnelingC. Virtual Tunnel InterfacesD. Dynamic Multipoint VPNE. Group Encrypted Transport VPNAnswer: A13. Which two design concerns must be addressed when designing a multicast implementation? (Choose two.)A. only the low-order 23 bits of the MAC address are used to map IP addressesB. only the low-order 24 bits of the MAC address are used to map IP addressesC. only the high-order 23 bits of the MAC address are used to map IP addressesD. only the low-order 23 bits of the IP address are used to map MAC addressesE. the 0x01004f MAC address prefix is used for mapping IP addresses to MAC addressesF. the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses Answer: AF14. Which two of these are recommended practices with trunks? (Choose two.)A. use ISL encapsulationB. use 802.1q encapsulationC. set ISL to desirable and auto with encapsulation negotiate to support ILS protocol negotiationD. use VTP server mode to support dynamic propagation of VLAN information across the networkE. set DTP to desirable and desirable with encapsulation negotiate to support DTP protocol negotiation. Answer: BE15. For acceptable voice calls, the packet error rate should be no higher than what value?A. 0.1%B. 1%C. 2.5%D. 25%Answer: B16. Which of these statements is true of clientless end-user devices?A. They do not receive unique IP addresses.B. RADIUS or LDAP is required in order to assign IP addresses.C. They are assigned addresses from the internal DHCP pool.D. Their traffic appears to originate from the originating host network.Answer: A17. Which statement is correct regarding NBAR and NetFlow?A. NetFlow uses five key fields for the flow.B. NBAR examines data in Layers 3 and 4.C. NetFlow examines data in Layers 3 and 4.D. NBAR examines data in Layers 2 through 4.E. NetFlow examines data in Layers 2 through 4.Answer: B18. What is meant by the term "firewall sandwich"?A. multiple layers of firewallingB. a method of operating firewalls from multiple vendorsC. firewall connections in either an active or standby stateD. an architecture in which all traffic between firewalls goes through application-specific serversE. an architecture in which all traffic between firewalls goes through application-specific gateways Answer: A19. When BGP tuning is used, how is packet flow into the e-commerce module controlled?A. by tracking the status of objects along the path to the e-commerce moduleB. by detecting undesirable conditions along the path to the e-commerce moduleC. by using the MED to communicate the site preferences for traffic to multiple ISPsD. by communicating the available prefixes, routing policies, and preferences of each site to its ISPE. by moving the SLB to a position where selected traffic to and from the servers does not go through the SLBAnswer: D20. Which three Layer 2 access designs have all of their uplinks in an active state? (Choose three.)A. Flex LinksB. loop-free UC. looped squareD. looped triangleE. loop-free inverted UAnswer: BCE。
网络优化专业业务知识试题
网络优化专业考试复习大纲一、单项选择题部分1、在MSC中及周期性位置更新时间T3212相对应的参数是。
A、GTDMB、BTDMC、BDTMD、GDTM答案:(B)2、通过指令可以看到指定小区当前ICMBAND值,从而判断小区可能受到上行干扰。
A、RLIMPB、RLBDPC、RLCRPD、RLSBP答案:(C)3、在缺省情况下,及训练序列码(TSC)相等的代码是。
A、NDCB、BCCC、NCCD、TAC答案:(B)4、使用LAPD信令压缩,好处是减少了和间的物理链路,从而优化传输方案,节约传输资金投入。
A、MSC MSCB、MSC BSCC、BSC BSCD、BSC BTS答案:(D)5、在手机通话过程中,用来传递切换命令消息的逻辑信道是。
A、SACCHB、SDCCHC、SCHD、FACCH答案:(D)6、全速率业务信道和半速率业务信道传送数据最快速度为和。
A、13kbit/s、6.5 kbit/sB、9.6kbit/s、4.8 kbit/sC、4.8kbit/s、2.4 kbit/sD、11.2kbit/s、5.6 kbit/s答案:(B)7、使用GPS配合TEMS测试,GPS选项设置为时,才能正常记录经纬度信息。
A、SH888B、CF688D、NMEA答案:(D)8、在BSC终端上用指令,可以看到指定硬件是否有告警(Fault Code Class xx)以及可能更换的部件(Replace Unit)。
A、RXMSPB、RXMFPC、RXELPD、ALLIP答案:(B)9、同一小区中,每个Channel Group中最多可以容纳个频率。
A、8B、10C、12D、16答案:(D)10、发生Intra-cell切换的可能原因为。
A、服务小区信号强度突然降低B、服务小区信号质量急剧恶化C、服务小区信号质量差而信号强度较强D、服务小区信号质量和强度同时恶化答案:(C)11、当一个小区参数BCCHTYPE=NCOMB,SDCCH=2时,该小区SDCCH的定义数为:A、2B、16C、19D、20答案:(B)12、下面哪个参数对小区重选不产生影响:A、PTB、MFRMSC、ACCMIND、TO答案:(B)13、在BSC终端上提取即时统计文件的指令是::rptid=xxx,int=1;。
网络工程师要考取的证书介绍
考试是:先考CCNA,在考CCNA的安全方向642-553,最后在考4门:642-504、524、533、515
CCIE需要有雄厚的财力和丰富的工作经验,笔试+机试+面试,机试和面试只有到北京或香港才能考;
微软认证,MCITP
MCITP是微软最新推出的认证体系,他的技术含量比以往的认证含金量都要高。而且现在考这个证书的人还不是很多。他主要是学Windows 2008域的建立与维护;域用户和组的建立及相应权限的分配;域文件服务器的管理等等。MCITP针对的是windows 2008的系统,网络,活动目录,应用服务,客户端管理的技术。备份规划,硬件排错,dns的配置和排错,设计tcp/ip服务,进行iis调优以及性能提升。他主要是学四个方面的内容。
CCSP是思科认证安全工程师。可以去金银代理商,系统集成商,网络集成商,大型的网络管理员,安全设计师工作。总共5门课。上课内容: secur网络安全, 思科高级pix防火墙, 思科安全入侵检测系统, 思科安全vpn,思科safe实现。(通俗:网络边界中的路由器以及防火墙技术,为远程访问用户建立vpn,如何配置和管理系统,如何是入侵检测系统在暗中保护网络等技术)
一:规划和管理windows server 2008服务器,二:windows server 2008网络架构,三:windows server 2008 目录服务,四:windows server 2008应用服务。
考试:分两个方向
企业级管理员:70-640、642、620、647、646 windows的系统、网络、活动目录、应用服务、客户端管理的技术
服务器级管理员:70-640、642、643 windows 2008的系统、网络、活动目录的技术
思科认证体系
CCNA课程目标CCNA(思科认证的网络从业人员)认证是Cisco售后工程师认证体系的初级认证,它表示通过此认证的人员已掌握网络的基本知识,并能初步安装、配置和操作Cisco路由器、交换机及简单的局域网和广域网;表示通过此认证的人员已具有为中小型办公室/家庭办公室(SOHO)联网的基本技术和相关知识,可以在中小型网络中安装、配置和运行局域网、广域网以及各种宽带接入业务。
最新的2008版本比2006版增加了一倍的知识量,覆盖最新的IPV6,无线,VPN技术,安全技术和初级的语音技术CCNA适合人群略具有个人电脑基本使用着皆可,具有网络操作系统基础者尤佳。
对网络设备操作管理有兴趣,希望投入网络领域职场者。
有兴趣报考CCNA CCNP CCIP CCSP CCIE者CCNA课程内容(考试代号:640-802)使用可用的配置工具完成设备初始化配置;根据新需求,能够通过增删改等方式实现新功能;使用命令行界面确定网络性能和状态;根据给定的需求,实现接入层交换机配置;使用命令行,实现VLAN、VTP、IEEEE802.1Q、ISL配置;叙述静态和动态路由协议(RIP、OSPF、IGRP、EIGRP)的功能和操作;使用SHOW、DEBUG命令确定路由协议的异常;能够配置标准和扩展的访问列表;使用命令行接口配置串行接口(PPP、HDLC)CCNA课时学习周期为1个月;理论课时36小时。
未来可以从事的职业客户服务工程师,网络工程师,系统工程师,系统集成工程师,网络管理工程师,研发工程师,网络技术总监,系统集成总经理。
CCNPCCNP课程目标了解可伸缩性互联网;根据远程访问控制需求制定Cisco解决方案,使用Cisco 请求连接到中心站点;掌握流量管理和访问控制,配置可伸缩的路由协议;配置拨号连接,集成不路由的网络服务,构建中大型企业网络并管理网络流量;综合运用各种cisco课程的知识;学习解决cisco网络中出现的故障和优化配置。
泰克网络实验室---cisco认证和ccie职业发展走向
泰克实验室------Cisco认证和CCIE的职业发展走向参加认证考试是相当多的人寻求职业发展的必经之路。
对于绝大多数人来说,没有证书,是“万万不能”的。
在国外,每增加一个认证证书都会带来薪水的提高。
国内的薪资水平虽然没有国外那么高,但是相比较国内其他行业,也十分可观。
如果能够合理地规划好认证证书的学习与考试,就既能学到全面系统的知识,又容易找到适合自己发挥特长的工作环境。
但市场上的证书多如牛毛,你该参加哪一个?本文Cisco认证为有志于在网络管理与设计方面发展的人做了一个认证道路规划,让你全面了解Cisco认证,对各位颇有借鉴意义。
此文为泰克实验室搜集整理,具体内容归原作者所有。
认证篇哪些人需要获得Cisco认证A. 大学生面对激烈竞争,每个大学生都在为使自己在人才市场上脱颖而出而努力,多一张国际通行证无疑是为他们在就业及其他竞争中在同学中脱颖而出的法宝。
B. 欲转行网络业者重新择业欲进入网络业,CISCO认证是互联网界具有极大声望的网络技能认证,获得CISCO认证无疑是入行网络业的敲门砖。
C. 出国留学移民者在华人在欧美普遍不好找工作的情况下,Cisco认证是进入国外高薪行业IT业的法宝,而在国内学考Cisco认证,培训费、考试费都比国外便宜几倍,还避免了到国外参加培训计算机技术和语言的双重障碍D. 网络专业技术人员在中国, Cisco认证被恰当地称为“获得高技术,高薪水的头等舱船票”。
Cisco认证之路怎么走?第一步:拿下CCNA 展开网络全面接触CCNA——(Cisco Certified Network Associate)Cisco认证网络支持工程师考试号:640-802费用:250美金认证难度:★★☆☆☆参加CCNA认证考试。
考试内容只有一门课程,如果工作中有机会,可以多接触一下Cisco 路由器的具体操作。
实在没有把握,可以参加一些实验室环境比较好的培训,多看一些英文资料,在相关论坛上多交流,都有利于准备好这个认证的考试。
PLC试题题库精简版
PLC试题一、判断题(正确的请在括号内打“√”,错误的请在括号内打“×”,每题1分,共30分)1.>F系列可编程序控制器的输出继电器输出指令用OUT38表示。
()2.>安装前熟悉电气原理图和PLC及有关资料,检查电动机、电气元器件,准备好仪器、仪表、工具和安装材料。
并根据电气原理图安装电气管路。
()3.>交磁电机扩大机是一种具有很高放大倍数、较小惯性、高性能、特殊构造的直流发电机。
(√)4.>阳极不发射电子只吸收来自阴极的电子,管内抽成真空。
(√)5.>与整流装置并联的其他负载切断时,或整流装置直流侧快速开关跳闸时,电流上升率变化极大,因而整流变压器产生感应电动势造成的过电压。
这种过电压是尖峰电压,常用阻容吸收电路加以保护。
(√)6.>晶闸管触发电路的触发信号可以是交流、直流信号,也可以是脉冲信号。
(√)7.>无源逆变器的电源电压是交流。
()8.>整流状态时整流器将交流电能变成直流电能供给电动机。
(√)9.>来自三块KC04触发器13号端子的触发脉冲信号,分别送入KC42的2、4、12端。
V1、V2、V3构成与非门电路。
只要任何一个触发器有输出,S点就是低电平,V4截止,使V5、V6、V8组成的环形振荡器停振。
()10.>分立元件组成的触发电路,线路复杂且使用元件多。
(√)11.>由三极管组成的放大电路,主要作用是将微弱的电信号(电压、电流)放大成为所需要的较强的电信号。
(√)12.>电伤伤害是造成触电死亡的主要原因,是最严重的触电事故。
()13.>电动机是使用最普遍的电气设备之一,一般在70%-95%额定负载下运行时,效率最低,功率因数大。
()14.>交流电压的量程有10V,100V,500V,三档。
用毕应将万用表的转换开关转到高电压档,以免下次使用不慎而损坏电表。
(√)15.>读图的基本步骤有:图样说明,看电路图,看安装接线图。
CCIP介绍
CCIP认证简介CCIP证书表明拥有管理运营商基础架构网络的高级知识和技能,主要包含路由、BGP、QoS和MPLS等四个方面的网络技术,适合运营商级别网络的网络管理人员。
CCIP认证必备条件必须具备CCNA证书。
CCIP认证考试和培训课程(4门课程)(1)考试号:642-902 ROUTE课程:Implementing Cisco IP Routing (路由) v1.0(2)考试号:642-642 QOS课程:Implementing Cisco Quality of Service (QoS)(3)考试号:642-661 BGP课程:Configuring BGP on Cisco Routers (BGP)(4)考试号:642-611 MPLS课程:Implementing Cisco MPLS (MPLS)CCIP重认证CCIP证书的有效期为三年,在过期之前通过任何一门642系列(CCNP/CCIP/CCSP/CCVP等)的考试或者任何方向的CCIE笔试,证书有效期将自动延期三年。
CCIP培训课程介绍(1)路由V1.0 课程课时:5天程度:中级课程描述《路由V1.0 》课程主要针对已经具备相当于思科CCNA网络技术基础并准备在高级路由技术方面进一步提高的学员,该课程将学习使用各种路由协议规划、配置和校验企业局域网和广域网。
课程目标1.针对企业网络进行各种路由协议的规划、配置、校验和优化。
2.掌握EIGRP路由协议的原理与大型网络部署和实现。
3.掌握OSPF路由协议的原理与大型网络部署和实现。
4.掌握EIGRP路由协议的原理与大型网络部署和实现。
5.掌握多路由协议环境的重分发、路由过滤与选路控制。
6.评估常见的网络性能问题,使用三层选路控制工具控制流量转发路径。
7.使用BGP路由协议实现企业网络到运营商网络的连接。
课程内容1.规划路由服务2.实现EIGRP方案3.实现OSPF可扩展、多区域方案4.实现路由重分发5.实现路由选路控制6.连接企业网络到运营商网络(2)Quality of Service (QoS)课时:5天程度:中级课程描述:《QoS》课程为学员提供IP QOS需求的深入知识和标准的QOS模型:Differentiated Services (DiffServ), Integrated Services (IntServ) and Best Effort (over provisioning)的概念,以及在交换机和路由器平台的IP QOS实现。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Securing Networks with Cisco Routers and Switches QUESTION 1Which two technologies can secure the control plane of the Cisco router? (Choose two)A. BPDU protectionB. role-based access controlC. routing protocol authenticationD. CPPrAnswer: CDQUESTION 2Cisco Secure Access Control Server (ACS) is a highly scalable, high-performance access control server that provides a comprehensive identity networking solution. Which of these statements is correct regarding user setup on ACS 4.0?A. Users are assigned to the default group.B. A user can belong to more than one group.C. The username can contain characters such as "#" and "?".D. The settings at the group level override the settings configured at the user level Answer: AQUESTION 3Please study the exhibit carefully, and then answer the following question: ."Pass Any Exam. Any Time." - 3 Cisco 642-504: Practice Exam"Pass Any Exam. Any Time." - 4Cisco 642-504: Practice ExamRefer to the appropriate SDM screen(s), which two statements correctly describe the Cisco IOS Zone-Based Firewall configuration? (Choose two)A. The "reset" action is applied to any HTTP request sourced from the "in" zone and destined tothe "out" zone, which also has a request Uniform Resource Identifier (URI) that is greater than 500 bytes is length.B. The "inspect" action is applied to Internet Control Message Protocol (ICMP) traffic sourcedfrom the "in"zone and destined to the "out" zone.C. The "http-policy" inspection policy map is applied to all HTTP and HTTPS traffic sourced fromthe "in" zone and destined to the "out" zone.D. The "testpm" inspection polfcy map is applied to the r'inouf zone-pair. Answer: ADQUESTION 4Refer to the appropriate SDM screen(s), what is the User Datagram Protocol (UDP) idle time set for any HTTP traffic that is sourced from the "in" zone and destined to the "out" zone?"Pass Any Exam. Any Time." - 6 Cisco 642-504: Practice Exam"Pass Any Exam. Any Time." - 7 Cisco 642-504: Practice ExamA. 10 secondsB. 15 secondsC. 30 seconds"Pass Any Exam. Any Time." - 8 Cisco 642-504: Practice Exam D. 35 seconds Answer: DQUESTION 5 Refer to the appropriate SDM screen(s), what is the reason that outside hosts can't initiate Telnet (port 23) traffic to the 172.16.1.10 inside host? "Pass Any Exam. Any Time." - 9 Cisco 642-504: Practice Examv"Pass Any Exam. Any Time." - 10 Cisco 642-504: Practice ExamA. The implicit deny access control list (ACL) entry on the inbound ACL is applied to the outside interface.B. Static NAT is not correctly enabled to translate the 172.16.1.10 inside host address.C. There is no zone-based firewall policy applied to the traffic sourced from the "out" zone anddestined to the "in" zone.D. The implicit denyacces control list (ACL) entry on the inbound ACL is applied to the outsideinterface. Answer: C QUESTION 6 Which two categoiy types are associated with 5.x signature use in Cisco IOS IPS? (Choose two.)A. basicB. advancedC. attack-dropD. built-inAnswer: ABQUESTION 7Select two issues that you should consider when implementing IOS Firewall IDS. (Choose two)A. The memory usageB. The number of DMZsC. The signature coverageD. The number of router interfacesAnswer: ACQUESTION 8You are the Cisco Configuration Assistant in your company. Which command is used to support 802.lx guest VLAN functionality based on the following configuration?A. aaa authorization network default group radiusB. aaa authentication dotlx default group radiusC. aaa accounting dotlx default start-stop group radiusD. aaa accounting system default start-stop group radius Answer: AQUESTION 9You are in charge of Securing Networks Cisco Routers and Switches in your company. Why is the Cisco IOS Firewall authentication proxy not working based on the following configuration?aaa new modelaaa authentication login default group tacacsaaa authentication auth-proxy default group tacacs + aaa accounting auth-proxy default start-stop group tacacs+ enable password TeSt_123ip auto-proxy name pxy httpip auto-proxy auth-proxy-bannerinterface EthernetO/1ip address 192.168.1.1 255.255.255.0ip auto-proxy pxyno ip http servertacacs-server host 192.168.123.14tacacs-server key CiscolOutput omittedA. Theaaa authentication auth-proxy default group tacacs+ command is missingB. The router local username and password database is not configured.C. You forgot to enable HTTP server and AAA authenticationD. Cisco IOS authentication proxy not support TACACS+,Answer: CQUESTION 10Which advantage can be obtained by implementing the Cisco IOS Firewall feature?A. provides data leakage protection capabilitiesB. integrates multiprotocol routing with security policy enforcementC. is easily deployed and managed by the Cisco Adaptive Security Device ManagerD. acts primarily as a dedicated firewall device Answer: BQUESTION 11You are in charge of Securing Networks Cisco Routers and Switches in your company when troubleshooting site-to-site IPsec VPN, you see this console message:%CRYPT0-6-IKMP_SA_N0T_0FFERED: Remote peer %15i responded with attribute [chars] not offered or changed. Which configuration should you verify?A. the crypto ACLB. the crypto mapC. theIPsec transform setD. the ISAKMP policiesAnswer: DQUESTION 12Which three descriptions are true about the GET VPN policy management? (Choose three,)A. The key server and group member policy must match.B. A local policy is defined on each group member.C. A global policy is defined on the key server, and it is distributed to the group members.D. The group member appends the global policy to its local policy. Answer: BCDQUESTION 13When you enter the CK-S(config)#aaa authentication dotlx default group radius command on a Cisco Catalyst switch, the Cisco IOS parser returns with the "invalid input detected" error message. What can be the cause of this error?A. You must use thedotlx system - a uth- control command first to globally enable 802. lx.B. You must define the RADIUS server IP address first, using the CK-S(config)# radius-serverhost ip-address command.C. You must enter theaaa new-model command first.D. The local option is missing in the command, Answer: CQUESTION 14Please study the exhibit carefully, and then answer the following question: . What is the Fidenlity Rating of the DDoSTrinoo IPS signature (signature ID 4608,subsignature-id 3)?"Pass Any Exam. Any Time." - 15 Cisco 642-504: Practice ExamA. 0B. 50C. 100D. 150 Answer: C QUESTION 15 What is the value of the user defined variable used to indicate the criticality of the 10.10.10.99 host? This value is used in the Risk Rating calculations."Pass Any Exam. Any Time." - 17 Cisco 642-504: Practice ExamA. Low"Pass Any Exam. Any Time." - 18Cisco 642-504: Practice ExamB. MediumC. HighD. Mission CriticalAnswer: DQUESTION 16Which Signature Engine supports Cisco IPS Signature ID 9423?"Pass Any Exam. Any Time." - 19 Cisco 642-504: Practice Exam A. atomic-ip"Pass Any Exam. Any Time." - 20 Cisco 642-504: Practice ExamB. string-tcpC. service-httpD. string-udp Answer: B QUESTION 17 When you implement Cisco IOS WebVPN on a Cisco router using a self-signed certificate, you notice that the router is not generating a self-signed certificate, What should you check to troubleshootthis issue?A. Verify theip http server configuration.B. Verify theWebVPN group policy configuration.C. Verify the AAA authentication configuration.D. Verify that theWebVPN gateway is inservice. Answer: D QUESTION 18 Which item is correct about the relationship between the Cisco IOS SEAP feature and its description? Not all the features are used.1. Signature fidelity rating2. Alert severity rating3. Target value rating4. Risk rating 5. Event action filers6. Event action overridesA. 1-3, 11-5,111-6B. 1-3, 11-6,111-5C. 1-2, 11-5,111-6D. 1-2, 11-6,111-5 Answer: AQUESTION 19 Cisco IOS Intrusion Prevention System (IPS) is an inline, deep-packet inspection feature that effectively mitigates a wide range of network attacks .When verifying Cisco IOS IPS "Pass Any Exam. Any Time." - 21 Cisco 642-504: Practice Examoperations, when should you expect Cisco IOS IPS to start loading the signatures?A. After you configure theip ips sdf location flash:filename commandB. After you configure theip ips sdf builtin commandC. After you configure a Cisco IOS IPS rule in the global configurationD. when the first Cisco IOS IPS rule is enabled Answer: D QUESTION 20 Which router plane can be protected by the CPU and Memory Threshold Notifications of the Network Foundation Protection feature?A. data planeB. management planeC. network planeD. control plane Answer: B QUESTION 21A new Company switch has been installed and you wish to secure it. Which Cisco Catalyst IOS command can be used to mitigate a CAM table overflow attack?A. CK-S(config-if)# pott-security maximum 1B. CK-S(config)# switchport port-securityC. CK-S(config-if)# port-security D. CK-S(config-if)£ switchport port-security maximum 1 Answer: D QUESTION 22 Please match NFP feature to the correct description 1, Flexible Packet Matching2. Control Plane Protection3. Control Plane Policing(I) applies to all (caggregated) control-plane traffic (Il) applies to a control-plane sub-if,example,host or transit or cef-exception (Ill) applies to data plane trafficA. (I)-l (II)-2 (III)-3B. (I)-2 (II)-3 (III)-lC. (I)-3 (II)-l (III)-2D. (I)-3 (II)-2 (III)-1Answer: D QUESTION 23 Cisco IOS Flexible Packet Matching (FPM) uses flexible and granular Layer 2-7 pattern matching deep within the packet header or payload to provide a rapid first line of defense against network threats and notable worms and viruses, when configuring FPM, what should be the next step after the PHDFs have been loaded?A. Configure a class map of type "access-control" for classifying packets.B. Configure a traffic policy.C. Configure a service policy,D. Configure a stack of protocol headers,Answer: D QUESTION 24 When an active signature is detected, Cisco IOS IPS can take specific actions. Which option is correct about the relationship between the action and its correct definition?1. Deny Attacker Inline2. Deny Connection Inline3. Deny Packet Inline4. Produce Alert5. Reset TCP ConnectionA. I-3, II-5, III-2, IV-l, V-4B. I-3, II-5, III-2, IV-4, V-1C. I-3, II-5, III-l, IV-2, V-4D. I-3, II-5, III-l, IV-4, V-2 Answer: A"Pass Any Exam. Any Time." - 23 Cisco 642-504: Practice Exam QUESTION 25 You want to increase the security of a newly installed switch. Which Cisco Catalyst IOS command is used to mitigate a MAC spoofing attack?A. CK-S(config-if)# port-security mac-address OOOO.ffff.aaaaB. CK-S(config)# switchport port-security mac-address OOOO.ffff.aaaaC. CK-S(config-if)# switchport port-security mac-address OOOO.ffff.aaaaD. CK-S(config)£ port-security mac-address OOOO.ffff.aaaa Answer: C QUESTION 26 The NHRP process allows which requirement to be satisfied in DMVPN?A. dynamic physical interface IP address at the spoke routersB. dynamic spoke-to-spoke on-demand tunnels rC. dynamic routing over the DMVPND. dual DMVPN hub designs Answer: AQUESTION 27Based on the following configuration, which two statements are correct? (Choose two,)Ip ips name MYIPS!Interface GigabitEthernet 0/1Ip address 10.1.1.16 255.255.255.0Ip ip MYIPS IN!A. SDEE alert messages will be enabledB. The basic signatures will beusedl~~C. The built-in signatures will be used.D. Cisco IOS IPS will fail-open.Answer: CD本中心有这门最新题库,绝对保证一次性通,价格从优,考过确认付款,联系QQ:一0二0二二三一九八EMAIL:badutun@最新题库,保证一次性通过,欢迎加QQ或发EMAIL咨询CCSP 642-504 四月八号就停止考试的,需要考的朋友抓紧时间了,机会不可失,最后一次降价销售了。