What are two possible actions an IOS IPS can take if a packet in a session matches a signature？（）

单项选择题WhichstatementdescribesReverseRouteInjection（RRI）？（）

A.A static route that points towards the Cisco Easy VPN server is created on the remote client.
B.A static route is created on the Cisco Easy VPN server for the internal IP address of each VPN client.
C.A default route is injected into the route table of the remote client.
D.A default route is injected into the route table of the Cisco Easy VPN server.

多项选择题Whichthreetechniquesshouldbeusedtosecuremanagementprotocols？（）

A.Configure SNMP with only read-only community strings.
B.Encrypt TFTP and syslog traffic in an IPSec tunnel.
C.Implement RFC 3704 filtering at the perimeter router when allowing syslog access from devices on the outside of a firewall.
D.Synchronize the NTP master clock with an Internet atomic clock.
E.Use SNMP version 2.
F.Use TFTP version 3 or above because these versions support a cryptographic authentication mechanism between peers.

多项选择题IfanedgeLabelSwitchRouter（LSR）isproperlyconfigured，whichthreecombinationsarepossible？（）

A.A received IP packet is forwarded based on the IP destination address and the packet is sent as an IP packet.
B.An IP destination exists in the IP forwarding table. A received labeled packet is dropped because the label is not found in the LFIB table.
C.There is an MPLS label-switched path toward the destination. A received IP packet is dropped because the destination is not found in the IP forwarding table.
D.A received IP packet is forwarded based on the IP destination address and the packet is sent as a labeled packet.
E.A received labeled IP packet is forwarded based upon both the label and the IP address.
F.A received labeled packet is forwarded based on the label. After the label is swapped，the newly labeled packet is sent.

单项选择题Whatarethefoursteps，intheircorrectorder，tomitigateawormattack？（）

A.contain，inoculate，quarantine，and treat
B.inoculate，contain，quarantine，and treat
C.quarantine，contain，inoculate，and treat
D.preparation，identification，traceback，and postmortem
E.preparation，classification，reaction，and treat
F.identification，inoculation，postmortem，and reaction

多项选择题Whichtwonetworkattackstatementsaretrue？（）

A.Access attacks can consist of password attacks，trust exploitation，port redirection，and man-in-the-middle attacks.
B.Access attacks can consist of UDP and TCP SYN flooding，ICMP echo-request floods，and ICMP directed broadcasts.
C.DoS attacks can be reduced through the use of access control configuration，encryption，and RFC 2827 filtering.
D.DoS attacks can consist of IP spoofing and DDoS attacks.
E.IP spoofing can be reduced through the use of policy-based routing.
F.IP spoofing exploits known vulnerabilities in authentication services， FTP services，and web services to gain entry to web accounts，confidential databases，and other sensitive information.