When is an IPSec SA built on the Teleworker Router?()A、when the router is booted upB、when the router administratively does a no shutdown" on the IPSec SA C、when traffic matches a line of the access-list tied into the crypto-map in the router configuration, and that particular IPSec SA is not already up D、when the ISAKMP SA completes negotiation of all IPSec SAs (one per access-list line in the crypto ACL), it will be brought up immediately
When is an IPSec SA built on the Teleworker Router?()
- A、when the router is booted up
- B、when the router administratively does a no shutdown" on the IPSec SA
- C、when traffic matches a line of the access-list tied into the crypto-map in the router configuration, and that particular IPSec SA is not already up
- D、when the ISAKMP SA completes negotiation of all IPSec SAs (one per access-list line in the crypto ACL), it will be brought up immediately
相关考题:
以下关于入侵防护系统(IPS)的说法不正确的是() A.入侵防护系统(IPS)可以检测网络攻击行为B.入侵防护系统(IPS)可以保护一个网络C.入侵防护系统(IPS)可以阻断检测出的攻击行为D.入侵防护系统(IPS)可以对计算机病毒进行检测
When enabling IPS on an ISR using the Cisco SDM IPS Wizard, in what location can the SDF be placed?()A、On the RAM of the ISRB、On the USB memory stick of the ISRC、On the NVRAM of the ISRD、On the IPS Module of the ISRE、On the Flash memory of the ISR
下列关于IPS的说法中,错误的是()。A、IPS一般以在线方式部署在网络关键路径B、IPS是一种基于应用层检测的设备C、IPS区别于IDS的重要一点是IPS可以主动防御攻击D、IPS天然可以防范所有大的攻击,不需要升级特征库
关于IPS产品的升级,下列说法正确的是()。A、升级H3C IPS的AV病毒库时,不需要重启设备就能生效B、升级H3C IPS的IPS漏洞库时,需要重启设备才能生效C、升级H3C IPS的系统版本时,不需要重启设备就能生效D、H3C IPS的AC库、IPS漏洞库和系统软件版本升级后均不需要重启设备就能生效
下列关于IPS的产品说法不正确的是?()A、IPS的定义是入侵防御系统B、IPS可以针对深入七层的数据流攻击特征检测,可检测蠕虫、木马、病毒等C、IPS主要采取旁路部署的方式,实时阻断检测到的攻击D、IPS可以替代IDS对网络进行保护
IPS与IDC的主要区别是()A、IPS可以检测网络攻击,但是不能发出警告B、IPS可以检测网络攻击并发布警告C、IPS可以通过阻止流量并重新连接来回应网络攻击D、IPS是在线的并可以监控流量
Cisco IOS IPS sends IPS alert messages using which two protocols? ()A、 SDEEB、 LDAPC、 SYSLOGD、 FTPE、 SNMPF、 SMTP
Which statement about an IPS is true?()A、The IPS is in the traffic path.B、Only one active interface is required.C、Full benefit of an IPS will not be realized unless deployed in conjunction with an IDS.D、When malicious traffic is detected,the IPS will only send an alert to a management station.
Which of these is mandatory when configuring Cisco IOS Firewall? ()A、Cisco IOS IPS enabled on the untrusted interfaceB、NBAR enabled to perform protocol discovery and deep packet inspectionC、a route map to define the trusted outgoing trafficD、a route map to define the application inspection rulesE、an inbound extended ACL applied to the untrusted interface
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
单选题When enabling IPS on an ISR using the Cisco SDM IPS Wizard, in what location can the SDF be placed?()AOn the RAM of the ISRBOn the USB memory stick of the ISRCOn the NVRAM of the ISRDOn the IPS Module of the ISREOn the Flash memory of the ISR
单选题Which statement about an IPS is true?()AThe IPS is in the traffic path.BOnly one active interface is required.CFull benefit of an IPS will not be realized unless deployed in conjunction with an IDS.DWhen malicious traffic is detected,the IPS will only send an alert to a management station.
单选题Examine the following options ,when editing global IPS settings, which one determines if the IOS- basedIPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for thatengine is being compiled?()AEnable Signature DefaultBEnable Engine Fail ClosedCEnable Default IOS Signature ActualTests.comDEnable Fail Opened
单选题What does Cisco recommend when you are enabling Cisco IOS IPS?()ADo not enable all the signatures at the same time.BDo not enable the ICMP signature.CDisable the Zone-Based Policy Firewall because it is not compatible with Cisco IOS IPS.DDisable CEF because it is not compatible with Cisco IOS IPS. .
多选题Cisco IOS IPS sends IPS alert messages using which two protocols? ()ASDEEBLDAPCSYSLOGDFTPESNMPFSMTP
单选题What host-based IPS solution provides threat-protection capabilities for server and desktop computing systems?()A Cisco IPS AIMB Cisco IOS IPSC Cisco IPS NMED Cisco Security AgentE Cisco IDSM-2
单选题Which of these is mandatory when configuring Cisco IOS Firewall? ()ACisco IOS IPS enabled on the untrusted interfaceBNBAR enabled to perform protocol discovery and deep packet inspectionCa route map to define the trusted outgoing trafficDa route map to define the application inspection rulesEan inbound extended ACL applied to the untrusted interface
单选题Which is the main difference between host-based and network-based intrusion prevention?()AHost-based IPS can work in promiscuous mode or inline mode.BNetwork-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.CNetwork-based IPS is better suited for inspection of SSL and TLS encrypted data flows.DHost-based IPS deployment requires less planning than network-based IPS.
多选题IDS和IPS技术使用()部署方式A基于防火墙的IPS部署B基于软件的IPS部署C基于网络的IPS部署D基于主机的IPS部署