H12-722_V3.0 Practice Exam Questions with Answers HCIP-Security-CSSN V3.0 Certification

The file filtering module will compare the application type, file type, and transmission direction of the file identified by the previous module with the file filtering rules configured by the administrator.

Then the lookup table performs matching from top to bottom.

If all the parameters of Wenzhu can match all file filtering rules, then the module will execute the action of this file filtering rule.

There are two types of actions: warning and blocking.

If the file type is a compressed file, then after the file filtering check, the female file will be sent to the file decompression module for decompression and decompression.

Press out the original file. If the decompression fails, the file will not be re-filed.

The administrator has not set the time to vote every day from 9:00 to 18:00

The shopping website does not belong to the predefined shopping website category

The administrator did not submit the configuration after completing the configuration.

The administrator has not applied the URL pass-through configuration file to the security policy.

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

Computer is infected by U disk virus

Abnormal power interruption in the computer room

Tampering with Web pages

Copy/view sensitive data

TRUE

FALSE

True

155955cc-666171a2-20fac832-0c042c0414

False

True

False

Planting malware

Vulnerability attack

Web application attacks

Brute force

??

???

??

??

manager + controller + FTP + witness database, controller + master database + FTP, controller + mirror database+ FTP

manager + controller + FTP + master database, controller + FTP + witness database, controller + FTP

+ mirror database

manager + controller + FTP + mirror database, controller + FTP + witness database, controller + FTP +

master database

manager + controller + FTP, controller + FTP + witness databases, controller + FTP + master database

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

POST operation

Browse the web

Acting online

File upload and download

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

sec. huawei. com.

support.huaver: com

www. huawei. com

security.. huawei. com

example

www. abc. example. com

www.abc. example

example. com

2-3-4-1

1-2-4-3

1-4-2-3

2-1-4-3

The drainage task needs to be configured on the management center, and when an attack is discovered, it will be issued to the cleaning center.

It is necessary to configure the protection object on the management center to guide the abnormal access flow in etpa

Port mirroring needs to be configured on the management center to monitor abnormal traffic.

155955cc-666171a2-20fac832-0c042c0411

The reinjection strategy needs to be configured on the management center to guide the flow after cleaning. Q:

400.

404

200

503

Cannot control the number of received email attachments

When the spam processing action is an alert, the email will be blocked and an alert will be generated

You can control the size of the attachment of the received mail

Cannot perform keyword filtering on incoming mail

Long-term latency and collection of key data.

Leak the acquired key data information to a third party of interest

155955cc-666171a2-20fac832-0c042c044

Through phishing emails, attachments with 0day vulnerabilities are carried, causing the user's terminal to become a springboard for attacks.

The attacker sends a C&C attack or other remote commands to the infected host to spread the attack horizontally on the intranet.

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Disclosure of personal information

Threats to the internal network

Leaking corporate information

Increasing the cost of enterprise network operation and maintenance

Virtual patch

Mail detection

SSL traffic detection

Application identification and control

Configuration plane

Business plane

Log plane

Data forwarding plane

True

False

(1)(2)(3)(4)(5)

155955cc-666171a2-20fac832-0c042c049

(1)(4)(2)(3)(5)

(1)(2)(4)(3)(5)

(1)(3)(2)(4)(5)

Fraggle and Smurt

Land and Smurf

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

Teardrop and Land35

True

False

Confidentiality

Integrity

Availability

Recoverability

Data preprocessing

Threat determination

Distributed storage

Distributed index

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

lAE's content security detection functions include application identification and perception, intrusion prevention, and Web application security.

Full English name: intelligent Awareness Engine.

The core of C.IAE is to organically centralize all content security-related detection functions.

The security detection of the IAE engine is parallel, using a message-based file processing mechanism, which can receive file fragments and perform security checks.

abcde

abcdde

abclde

abc+de

Policy routing back annotation,

GRE back note:

MPLS LSP back injection

BGP back-annotation

?????

?????

?????

?????

Local reputation MD5 cache only has static cache, which needs to be updated regularly

File reputation database can only be upgraded by manual upgrade

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

File reputation database update and upgrade can only be achieved through linkage with sandbox

True

False

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

Users can visit www.videobt.com website.

The user can visit the www.bt.com website, but the administrator will receive a warning message.

User cannot access all the sites ending with bt com.

When users visit www.bt. com, they will be blocked.

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

It is mainly used for real-time monitoring of the information of the critical path of the network, listening to all packets on the network, collecting data, and analyzing suspicious objects

Use the newly received network packet as the data source;

Real-time monitoring through the network adapter, and analysis of all communication services through the network;

Used to monitor network traffic, and can be deployed independently.

True

155955cc-666171a2-20fac832-0c042c0433

False

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

True

False

Text

Regular expressions

Community word

Custom keywords

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

DF bit is 0, and Fragment Offset + Length> 65535.

The DF bit is 1, and Fragment Ofset + Length <65535.

The detection rate is higher than the flow scanning method

System overhead will be relatively small

Cache all files through the gateway's own protocol stack

More advanced operations such as decompression, shelling, etc. can be performed

NAC Agent support MAC account login.

Web page login for authentication and can perform checks Strategy.

Web Agent login for identity certification and security certification.

NAC Agent cannot be installed on Windows Vista operating system.