思科认证
The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network admi
题目
The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
A.SWEzonexam1(config-if)# switchport port-security maximum 1
B.SWEzonexam1(config)# mac-address-table secure
C.SWEzonexam1(config)# access-list 10 permit ip host
D.SWEzonexam1(config-if)# switchport port-security violation shutdown
E.SWEzonexam1(config-if)# ip access-group 10
参考答案和解析
解析:ExplanationCatalystswitchesoffertheportsecurityfeaturetocontrolportaccessbasedonMACaddresses.Toconfigureportsecurityonanaccesslayerswitchport,beginbyenablingitwiththefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityNext,youmustidentifyasetofallowedMACaddressessothattheportcangrantthemaccess.Youcanexplicitlyconfigureaddressesortheycanbedynamicallylearnedfromporttraffic.Oneachinterfacethatusesportsecurity,specifythemaximumnumberofMACaddressesthatwillbeallowedaccessusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securitymaximummax-addrFinally,youmustdefinehoweachinterfaceusingportsecurityshouldreactifaMACaddressisinviolationbyusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityviolation{shutdown|restrict|protect}AviolationoccursifmorethanthemaximumnumberofMACaddressesarelearned,orifanunknown(notstaticallydefined)MACaddressattemptstotransmitontheport.Theswitchporttakesoneofthefollowingconfiguredactionswhenaviolationisdetected:shutdown-Theportisimmediatelyputintotheerrdisablestate,whicheffectivelyshutsitdown.Itmustbere-enabledmanuallyorthrougherrdisablerecoverytobeusedagain.restrict-Theportisallowedtostayup,butallpacketsfromviolatingMACaddressesaredropped.TheswitchkeepsarunningcountofthenumberofviolatingpacketsandcansendanSNMPtrapandasyslogmessageasanalertoftheviolation.protect-Theportisallowedtostayup,asintherestrictmode.Althoughpacketsfromviolatingaddressesaredropped,norecordoftheviolationiskept.
相似问题和答案
第1题:
第2题:
A. Traffic is permitted from the trust zone to the untrust zone.
B. Intrazone traffic in the trust zone is permitted.
C. All traffic through the device is denied.
D. The policy is matched only when no other matching policies are found.
第3题:
A、network configuration
B、host systems
C、routers
D、softwares
第4题:
A. host security
B. perimeter security
C. security monitoring
D. policy management
第5题:
A. Telnet is not being permitted by self policy.
B. Telnet is not being permitted by security policy.
C. Telnet is not allowed because it is not considered secure.
D. Telnet is not enabled as a host-inbound service on the zone.
第6题:
Your security policy requires that users authenticating to the Junos Pulse Access Control Service are connecting from a domain member endpoint on the internal corporate network.Which set of role access restrictions must you configure to enforce this security policy?()
A. Source IP and browser
B. Source IP and certificate
C. Certificate and Host Checker
D. Host Checker and source IP
第7题:
Host A opens a Telnet connection to Host B. Host A then opens another Telnet connection to Host B. These connections are the only communication between Host A and Host B. The security policy configuration permits both connections.How many sessions exist between Host A and Host B?()
A.1
B.2
C.3
D.4
第8题:
A、firewall
B、patent
C、ERP
D、intranet
第9题:
You are the domain administrator for Ezonexam.com. The network contains a Windows 2000 domain and two Windows NT domains. The Windows 2000 domain trusts each of the Windows NT domains, and the Windows NT domains trust the Windows 2000 domain.
You are required to configure one of the Windows 2000 domain controllers named Ezonexam4 to support several legacy applications that are not Windows 2000 certified.
What should you do? (Select two. Each answer specifies a complete solution).
A. On Ezonexam4, type secedit /configure /db secedit.sdb /cfg
C:\winnt\security\templates\hisecdc.inf /overwrite.
B. On Ezonexam4, type secedit /configure /db secedit.sdb /cfg
C:\winnt\security\templatescompatws.inf /overwrite.
C. On Ezonexam4, use the Security Configuration and Analysis snap-in to apply the Compatws.inf security template.
D. On Ezonexam4, use the Security Configuration and Analysis snap-in to apply the Hisecdc.inf
E. On Ezonexam4, use the Security Templates snap-in to open the Compatws.inf security template.
F. On Ezonexam4, use the Security Templates snap-in to open the Hisecdc.inf security template.
B,C 解析:Explanation: The Compatws template removes all users from the Power Users group and relaxes the default permissions for members of the Users group. This setting allows members of the Users group to run certain applications that aren't properly designed for Windows security, without granting them the additional administrative privileges (such as the ability to create user accounts) granted to Power Users. Options B and C will support several non-Windows 2000 certified legacy applications.
Incorrect answers:
A: The hisecdc.inf template is applied in this fashion, but it is too restrictive.
D: The hisecdc.inf template is too restrictive.
E: This option only suggests that you open the template and not apply it.
F: Firstly, the hisecdc.inf template will not allow the applications to run and secondly it has to be applied.
第10题:
Which OSPF network type is ideal for partially meshed NBMA networks because it is easy to configure(requires no configuration of neighbor commands), consumes only one IP subnet, and requires no designated router election?
正确答案:Point-to-multipoint.