H12-722 Practice Exam Questions with Answers Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Certification

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

The files obtained by users from website A and website B will be sent to the inspection node for inspection.

When a user visits website B, although the firewall will extract the file and send it to the detection node, the user can still access normally during the detection process

Site B.

After the detection node detects the suspicious file, it not only informs the firewall in the figure of the result, but also informs other network devices connected to it.

Assuming that website A is an unknown website, the administrator cannot detect the traffic file of this website sC

File content filtering

Voice content filtering

Apply content filtering..

The source of the video content

Text

Regular expressions

Community word

Custom keywords

Policy routing back annotation,

GRE back note:

MPLS LSP back injection

BGP back-annotation

Keywords are the content that the device needs to recognize during content filtering.

Keywords include predefined keywords and custom keywords.

The minimum length of the keyword that the text can match is 2 bytes. ,

Custom keywords can only be defined in text mode.

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

The priority of the coverage signature is higher than that of the signature in the signature set.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain either predefined signatures or custom signatures. 832335

File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.

When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type

Detection.

When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.

When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.

Warning

Block

Declare

Operate by weight

???????

???????

???????

155955cc-666171a2-20fac832-0c042c0428

???????

After the file decompression fails, the file will still be filtered. .

The application identification module can identify the type of application that carries the file.

Protocol decoding is responsible for analyzing the file data and file transmission direction in the data stream.

The file type recognition module is responsible for identifying the true type of the file and the file extension based on the file data

POST operation

Browse the web

Acting online

File upload and download

True

False

True

False

True

False

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

True

155955cc-666171a2-20fac832-0c042c0414

False

1->2->3

1->2->4,

1->3->2

1->4->3

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

www file

PE file

Picture file

Mail

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

True

False

display version av-sdb

display utm av version

display av utm version

display utm version

The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.

User network, send to the real destination.

The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.

View in categories and generate reports.

The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to

The management center makes a judgment.

The firewall can only be used for inspection equipment

Hacking

Weak personal safety awareness

Open company confidential files

Failure to update the virus database in time

abcde

abcdde

abclde

abc+de

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

Disclosure of personal information

Threats to the internal network

Leaking corporate information

Increasing the cost of enterprise network operation and maintenance

It is impossible to detect violations of security policies.

It can detect all kinds of authorized and unauthorized intrusions.

Unable to find traces of the system being attacked.

is an active and static security defense technology.

155955cc-666171a2-20fac832-0c042c0425

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

The drainage task needs to be configured on the management center, and when an attack is discovered, it will be issued to the cleaning center.

It is necessary to configure the protection object on the management center to guide the abnormal access flow in etpa

Port mirroring needs to be configured on the management center to monitor abnormal traffic.

155955cc-666171a2-20fac832-0c042c0411

The reinjection strategy needs to be configured on the management center to guide the flow after cleaning. Q:

Rely on state detection technology and protocol analysis technology

The performance is higher than the agent-based method

The cost is smaller than the agent-based approach

The detection rate is higher than the proxy-based scanning method

Configure drainage and re-injection on the testing equipment.

Configure port mirroring on the cleaning device.

Add protection objects on the management center.

Configure drainage and re-injection on the management center.

True

False

Web security protection

Global environment awareness

Sandbox and big data analysis

Intrusion prevention

POP3

IMAP

FTP

TFTP

True

False

Complete virus sample

Complete Trojan Horse

Specific behavior patterns

Security Policy

The firewall is a bypass device, used for fine-grained detection

IDS is a straight line equipment and cannot be used for in-depth inspection

The firewall cannot detect malicious operations or misoperations by insiders

IDS cannot be linked with firewall