填空题20. Digital signatures are commonly used by many authentication protocols for traffic running over ______ networks. 当流量在______网络上传输时,许多认证协议通常都使用数字签名对流量的真实性和完整性进行保护。
填空题16. The URL filter feature provides the ability to ______, ______, or ______ the traffic whose URL matches the configured characteristics. 对于URL与配置条件相互匹配的流量,URL过滤特性可以对其实施______、______或______行为。
填空题 VTIs support native IPsec tunneling
填空题18. Reducing ______ on group members is recommended to reduce the load on the key server. 推荐减少组成员的______,从而降低密钥服务器的资源消耗。
填空题 When configuring fail-open policies
填空题13. ______ will automatically detect peer failures and path failures and then automatically reroute around the failure if redundant paths and devices are in place. ______可以自动检测对等体的故障和路径的失效,同时在冗余路径和设备已经就位的情况下,它还能够自动收敛并绕过当前的故障点。
填空题 GET VPNs are based on GDOI
填空题13. The ______ feature provides the ability for a host to gain some network access even after failing authentication. 被划分到______中的主机即使认证失败,也可以访问部分网络资源。
填空题9. One major benefit of using IPsec VTIs is that it is no longer required to apply a ______ to a physical interface. IPSec VTI的一个主要优点是无需将______应用到物理接口。
填空题6. The Cisco IOS Software ______ command can be used to verify that the 802.1X authentication is functioning properly. 管理员可以使用命令______测试请求方、认证方与认证服务器的状态。
填空题13. Many of the ______ interface options that can be applied to physical interfaces can beapplied to the IPsec virtual tunnel interface. 不少应用在物理接口的______接口特性也可以应用在IPSec VTI。
填空题19. Cisco Integrated Services Routers(ISR) differ from the Catalyst switches in that the security features are handled by the ______ in the router as opposed to specialized ASICs. Cisco集成多业务路由器与Cisco Catalyst交换机的不同之处在于,前者的安全功能通过______而非专用ASIC实现。
填空题11. Zone pairs can be set up to protect the control and management planes by using the ______. 通过配置______,区域对可以保护控制面与管理面的安全。
填空题 To provide ______, the SCF defines the identify
填空题10. ______ requires administrative privileges because it changes the local host's file. ______需要获取远程客户端操作系统的管理员特权,因为该特性需要修改本地主机的系统文件。
填空题 By default
填空题3. The NHRP network ID must be the same on the NHRP ______ and its NHRP ______. NHRP ______和NHRP ______上的NHRP网络ID必须一致。
填空题 IPsec VTIs support ______
填空题15. An interior routing protocol will view a ______ as either point-to-multipoint (for strict hub-and-spoke DMVPNs) or as a broadcast network (partial or full mesh DMVPNs). 动态路由协议将把______看作一个点到多点网络(严格的中心到分支模型的DMVPN)或广播网络(部分互连或全互连模型的DMVPN)。
填空题4. ______ VPNs require VPN client software to be installed on the remote computer or dedicated VPN devices (hardware clients) to enable full routed IP access to internal resources. ______VPN需要在远程计算机或专用VPN设备(硬件客户端)上安装VPN客户端软件,从而启用去往内部资源的完全路由的IP访问。