单选题Context-Based Access Control (CBAC) is the algorithm of the Cisco IOS firewall feature. How does CBAC improve Teleworker security?()AInbound packets are permitted only if they are part of a legitimate data flow initiated by a device on the Teleworker home network.BAll packets are checked for integrity by analyzing their checksum.CEvery packet is checked to see if it was sent through the VPN tunnel.DEvery packet is inspected to see if any disallowed URLs are included. URLs are forwarded to the security cache engine for authorization.
单选题
Context-Based Access Control (CBAC) is the algorithm of the Cisco IOS firewall feature. How does CBAC improve Teleworker security?()
A
Inbound packets are permitted only if they are part of a legitimate data flow initiated by a device on the Teleworker home network.
B
All packets are checked for integrity by analyzing their checksum.
C
Every packet is checked to see if it was sent through the VPN tunnel.
D
Every packet is inspected to see if any disallowed URLs are included. URLs are forwarded to the security cache engine for authorization.
参考解析
解析:
暂无解析
相关考题:
A firewall is an approach to security; it helps implement a larger security policy that defines the services and access to be permitted.
What are two benefits of integrating Junos Pulse Access Control Service with Security Threat Response Manager (STRM)?() A. The ability to detect and prevent malicious traffic.B. The ability to associate security breaches with a specific user.C. Converged management of network and security events, network flow data, and identity information.D. Consistent device management across administrative realms.
TheLAN-sideoftheTeleworkerrouterisassignedprivateIPaddressspace(RFC1918),andtheVPNtopologyisIPSec-only(noGREprotocol).WhenisitrequiredtoconfigureNAT/pNATontheTeleworkerrouter?() A.whenallaccesstotheInternetisthroughtheIPSectunnelB.whenthereisdirectInternetaccessviasplit-tunnelingC.whenthereisnoInternetaccessconfiguredthroughtheTeleworkerrouterD.wheneveryouhaveIOS-Firewall(CBAC)configured
A customer wants to TFTP a new image from the corporate network to Flash on the Teleworker router through the IPSec tunnel. How should you configure the Teleworker router?()A、No additional steps are required. B、Add the appropriate source-interface command. C、The router cannot access a server in the Enterprise Campus network. D、The Teleworker Router does not have any client applications; therefore this type of request is not possible.
A customer wants to deploy the Cisco Business Ready Teleworker solution, but is currently using a traditional (non-IP) PBX for voice services. What would you recommend to this customer?()A、Deployment of Business Ready Teleworker with VoIP is not recommended.B、The customer’s existing PBX must first be replaced with Cisco IP Telephony solution.C、Business Ready Teleworker and Cisco IP Telephony can be deployed in parallel to the existing PBX, integrating the two with trunking.D、Deployment is recommended only for full-time Teleworkers who have no other corporate phone.
Which Cisco product family can simultaneously implement firewall, VPN, content security, network access control, virtualization, anD content filtering?()A、catalyst switchesB、adaptive security appliancesC、intrusion prevention systemsD、protect link gateway
Which Cisco product is a software component that blocks unwanted connections and provides other gateway security functions for small business?()A、Cisco Firewall Services Module (FWSM)B、Cisco Secure Access Control Server (ACS)C、Cisco Private Internet Exchange (PIX) FirewallD、Cisco Internetwork Operating System (IOS) Firewall
Context-Based Access Control (CBAC) is the algorithm of the Cisco IOS firewall feature. How does CBAC improve Teleworker security?()A、Inbound packets are permitted only if they are part of a legitimate data flow initiated by a device on the Teleworker home network.B、All packets are checked for integrity by analyzing their checksum.C、Every packet is checked to see if it was sent through the VPN tunnel.D、Every packet is inspected to see if any disallowed URLs are included. URLs are forwarded to the security cache engine for authorization.
What are two security features of the Cisco Secure Router 500 Series? ()A、Cisco Intrusion Prevention SystemB、Cisco IOS Software FirewallC、Cisco IOS Easy VPND、Cisco Unified Wireless NetworkingE、Cisco ASA Hardware Firewall
Cisco Unified Communications 500 Series for Small Business, a critical part of the Cisco Smart Business Communications System, is a unified communications solution for small businesses that provides voice, data, voicemail. Which three features does the Cisco UC520 support?()A、 distributed routingB、 Cisco Unity ExpressC、 security, firewall and VPND、 analog devices
The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?()A、when all access to the Internet is through the IPSec tunnelB、when there is direct Internet access via split-tunnelingC、when there is no Internet access configured through the Teleworker routerD、whenever you have IOS-Firewall (CBAC) configured
Which three statements about IOS Firewall configurations are true?()A、The IP inspection rule can be applied in the inbound direction on the secured interface.B、The IP inspection rule can be applied in the outbound direction on the unsecured interface.C、The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.D、The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.E、For temporary openings to be created dynamically by Cisco IOS Firewall,the access-list for thereturning traffic must be a standard ACL.F、For temporary openings to be created dynamically by Cisco IOS Firewall,the IP inspection rule must be applied to the secured interface.
Which three statements accurately describe IOS Firewall configurations?()A、The IP inspection rule can be applied in the inbound direction on the secured interfaceB、The IP inspection rule can be applied in the outbound direction on the unsecured interfaceC、The ACL applied in the inbound direction on the unsecured interface should be an extendedACL.D、For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for thereturning traffic must be a standard ACL
When configuring IOS firewall (CBAC) operations on Cisco routers, the "inspection rule" could be applied at which two locations? ()A、 at the untrusted interfacein the inbound directionB、 atthe untrusted interface in theoutbounddirectionC、 at thetrusted interface inthe inbound directionD、 at the trusted interface in the outbound directionE、 at the trusted and untrusted interfaces in the inbound directionF、 at the trusted and untrusted interfaces in the outbounddirection
When implementing 802.1X on Teleworker routers and using separate DHCP address pools for Teleworker and Home-user devices, traffic between devices can be restricted. How can you best accomplish this?()A、Access Lists between the inside interface and loopback interfaceB、Context Based Access ControlC、Dynamic Host Configuration ProtocolD、Network Address translation
You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()A、You must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.B、No security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.C、You must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.D、You must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
单选题Which integrated security feature is not provided by the Cisco Business Ready Teleworker solution?()AStateful Inspection FirewallBIntrusion Detection SystemCSpam Filtering D802.1-based AuthenticationEProxy AuthenticationFURL Filtering
单选题Which Cisco product family can simultaneously implement firewall, VPN, content security, network access control, virtualization, anD content filtering?()Aintrusion prevention systemsBcatalyst switchesCadaptive security appliancesDprotect link gateway
单选题A customer wants to deploy the Cisco Business Ready Teleworker solution, but is currently using a traditional (non-IP) PBX for voice services. What would you recommend to this customer?()ADeployment of Business Ready Teleworker with VoIP is not recommended.BThe customer’s existing PBX must first be replaced with Cisco IP Telephony solution.CBusiness Ready Teleworker and Cisco IP Telephony can be deployed in parallel to the existing PBX, integrating the two with trunking.DDeployment is recommended only for full-time Teleworkers who have no other corporate phone.
单选题The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?()Awhen all access to the Internet is through the IPSec tunnelBwhen there is direct Internet access via split-tunnelingCwhen there is no Internet access configured through the Teleworker routerDwhenever you have IOS-Firewall (CBAC) configured
多选题When configuring IOS firewall (CBAC) operations on Cisco routers, the "inspection rule" could be applied at which two locations? ()Aat the untrusted interfacein the inbound directionBatthe untrusted interface in theoutbounddirectionCat thetrusted interface inthe inbound directionDat the trusted interface in the outbound directionEat the trusted and untrusted interfaces in the inbound directionFat the trusted and untrusted interfaces in the outbounddirection
单选题In a Teleworker deployment with a single IP phone connected to a Cisco 831 router, select the true statement regarding Call Admission Control.()ARSVP is a required configuration to support conference calls without voice packet loss. BThe QoS configuration on the 831 router must always provision sufficient bandwidth for two RTP streams. CCall admission control is an issue only when using hardware DSP resources. DWhen using the conference call features on a 7960 IP phone, only one RTP stream is present regardless of how many extensions are on the conference.
单选题You are installing a MAG Series device for access control using an SRX Series device as the firewall enforcer. The MAG Series device resides in the same security zone as users. However, the users reside in different subnets and use the SRX Series device as an IP gateway.Which statement is true?()AYou must configure a security policy on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.BNo security policy is necessary on the SRX Series device to allow traffic to flow from the user devices to the MAG Series device.CYou must configure host-inbound traffic on the SRX Series device to allow SSL traffic between the MAG Series device and the user devices.DYou must configure host-inbound traffic on the SRX Series device to allow EAP traffic between the MAG Series device and the user devices.
单选题Context-Based Access Control (CBAC) is the algorithm of the Cisco IOS firewall feature. How does CBAC improve Teleworker security?()AInbound packets are permitted only if they are part of a legitimate data flow initiated by a device on the Teleworker home network.BAll packets are checked for integrity by analyzing their checksum.CEvery packet is checked to see if it was sent through the VPN tunnel.DEvery packet is inspected to see if any disallowed URLs are included. URLs are forwarded to the security cache engine for authorization.
单选题Which Cisco product is a software component that blocks unwanted connections and provides other gateway security functions for small business?()ACisco Internetwork Operating System (IOS) FirewallBCisco Secure Access Control Server (ACS)CCisco Firewall Services Module (FWSM)DCisco Private Internet Exchange (PIX) Firewall
多选题Which three statements accurately describe IOS Firewall configurations?()AThe IP inspection rule can be applied in the inbound direction on the secured interfaceBThe IP inspection rule can be applied in the outbound direction on the unsecured interfaceCThe ACL applied in the inbound direction on the unsecured interface should be an extendedACL.DFor temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for thereturning traffic must be a standard ACL
多选题What are two benefits of integrating Junos Pulse Access Control Service with Security Threat Response Manager (STRM)?()AThe ability to detect and prevent malicious traffic.BThe ability to associate security breaches with a specific user.CConverged management of network and security events, network flow data, and identity information.DConsistent device management across administrative realms.
单选题A customer wants to TFTP a new image from the corporate network to Flash on the Teleworker router through the IPSec tunnel. How should you configure the Teleworker router?()ANo additional steps are required. BAdd the appropriate source-interface command. CThe router cannot access a server in the Enterprise Campus network. DThe Teleworker Router does not have any client applications; therefore this type of request is not possible.