H12-723 Practice Exam Questions with Answers Huawei Certified ICT Professional - Constructing Terminal Security System Certification

Brute force

Crowd attack

DoS Denial of service attack

Weak IV attack

Straight forward to return authentication failure information.

Discard user information.

User 91 Information sent to AD The server performs verification.

Synchronize the database again.

Exemption from approval

Administrator approval

Receptionist approval

Self-approved by visitors

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

The biggest difference between the two is MAC Bypass authentication belongs to 802 1X Certification, while MAC Certification does not belong to 802 1X Certification.

If a network can connect to dumb terminals(printer,IP telephone), The text may be connected to a portable computer, please use MAC Bypass authentication:First try 802 1X Authentication, try again if authentication fails MAC Certification

If a network will only connect to dumb terminals(printer,IP telephone),please use MAC Certification in order to shorten the certification time.

MAC Authentication MAC One more bypass authentication 802 In the instrument certification process, the open time is longer than MAC The bypass authentication time is long.

Local account authentication

Anonymous authentication

AD Account Verification

MAC Certification

right

wrong

right

wrong

Provide unified and secure access to enterprise mobile applications on mobile terminals.

The tunnel is dedicated and cannot be penetrated by viruses.

Applications are quickly integrated and can be extended.

It can be quickly integrated and docked with the enterprise application cloud platform.

Virus

Worm

Spam

DOS

A What is configured on the device is MAC Bypass authentication

B What is configured on the device is MAC Bypass authentication o

A On the device 2GE1/01 Can access PC Can also access dumb terminal equipment

B On the device GE1/0/1 Can access PC It can also access dumb terminal equipment. Upper

right

wrong

right

wrong

right

wrong

The AAA server saves information such as usernames and passwords for authentication of access users.

The Web server saves information such as user names and passwords for authentication of access users.

The AAA server is used to push the Portal authentication page to the user.

The web server is used to push the Portal authentication page to the user.

Basic networking includes deploying one SM Server, one SC Server, one DB and a AE server.

AE In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SC server.

SC In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SM server.

DB In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup DB..

8021X Certification

SACG Certification p2-

Bypass authentication

Portal Certification

MAC Certification

82.1 Certification

Portal Certification

MAC(prioritized

Set IPS work mode in the IPS global parameters for alarm

did not select the correct domain

did not configure corresponding IPS strategy

configure Firewall running mode for Firewall mode

Press "0U" to synchronize

AO Synchronize by "group", "0U describes the organizational structure

AO Press "Group" "Synchronize," "Group" Jida organization structure

LDAP synchronization by "group"

The mobile office platform is safe and reliable and goes online quickly.

Users can access the network safely and quickly.

Unified terminal management and fine control.

Network gateway deployment

Access control

safety certificate

Authentication

System Management

Page customization stage

Account application stage

User authentication phase

Audit and cancellation stage

If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.

If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.

If end users are scattered in different geographical locations, a distributed deployment solution is recommended.

If end users are scattered in different regions, a centralized deployment solution is recommended.

right

wrong

exist Any Office When logging in with an account for the first time, the terminal host is automatically bound to the current account, but the automatic binding process requires administrator approval

When other accounts need to be authenticated on the bound terminal host, there is no need to find the asset owner who is bound for the first time to authorize themselves.

Binding terminal hosts and accounts is only applicable to terminal users through Any Office Scenarios for authentication, Not applicable Web Agent Plugins and Web The scenario where the client authenticates.

There are only consoles in the account binding terminal host, which cannot be configured by the administrator.

Centralized deployment

Distributed deployment

Hierarchical deployment

Both centralized deployment and distributed deployment are possible

feature detection to identify the different applications by matching message feature and Knowledge Base feature set

reduces the maximum number of packets detection threshold, can reduce the sas module identification number of packets, thus improve the recognition rate agreement

There are some protocol packets are carried in other agreements, enable sa whole packet inspection can better detect such messages

Configure SA associated protocol identification is mainly used for the same data stream signaling channel and data channel associated with the identification , and thus identify protocol

TRUE

FALSE

worms using application software loophole to spread wantonly, consume network bandwidth and destroy important data.

hackers, malicious employee use loophole to attack or invade enterprise servers, business secrets were tampered, damaged and theft .

As long as the system software update in time for system loophole problems can be effectively solved.

The Internet has made application software loophole to spread rapidly, making loophole easier to become targets of attack.

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

TRUE

FALSE

User isolation between groups means that users in different groups cannot communicate, but internal users in the same group can communicate

Isolation within a user group means that users within the same group cannot communicate with each other.

The user isolation function is related to the same AP Layer 2 packets between all wireless users on the Internet cannot be forwarded to each other

Intra-group isolation and inter-group isolation cannot be used at the same time

NIP compare the data packet and application knowledge base, identify specific data flow

NIP support for specific IP network segment, in a specific time period, for strategy processing

NIP using leading hardware architecture, FPGA realization of the application layer acceleration, ESP achieve forward acceleration

NIP Manager supports mail alarm response mode

Visitor online and offline records

Force users to go offline

Account deactivation 1 reset Password

Send a warning message to the user

CAPWAP The data tunnel can be used DTLS Encrypted.

DTLS Support two authentication methods:Certificate authentication(out AC,AP Already brought)with PSK Password authentication.

DTLS Encryption can guarantee AC The issued control messages will not be eavesdropped on.

Use the certificate method to carry out DTLS Negotiation, the certificate is only used to generate the key, not right AP Perform authentication.

802.1X Authentication can only be initiated by the client.

802.1X Certification can only be done by certified equipment(like 802.1X switch)Initiate

8021X The client can trigger authentication through multicast or broadcast.

The authentication equipment department triggers authentication through multicast or unicast.

TRUE

FALSE

S5720HI Series Switch:

AR Series router

USG6000 Series firewall

SVN5600 series

Install the operating system

Install the database

Install antivirus software

Import License

User passed web The method can support two authentication types: local authentication and digital certificate authentication.

User passed web Agent The method can support two authentication types: digital certificate authentication and system authentication.

User passed Agent The method can support three authentication types: local authentication, digital certificate authentication and system authentication.

User passed web Agent The method can support two authentication types: digital certificate authentication and local authentication.

When adding accounts individually, you can choose to create them individually.

If there are a lot of users, you can choose to create in batches.

If there are many users, you can choose database synchronization

In order to facilitate management and improve user experience, self-registration can be used.

online upgrade

there are business flow being processed

local upgrade

install the factory default version

Terminal P address

Location information of the access device

Priority of guest accounts

Connected to the network SSID'

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

right

wrong

router

switch

Firewall

IPS

Common_ user Users can access Internet www H.

VIP Users can access Internet w H.

VIP Can visit Mail Server H.

Common user Users can access Mail_ Sever resource.

Visitors can use their mobile phone number to quickly register an account

The administrator can assign different permissions to each visitor

Reception staff cannot create guest accounts

There is a violation of the guest account, and the administrator cannot retrospectively

technology

Process

organization

plan

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

Enable Guest VLAN so that users can obtain the installation package in Guest VLAN

Configure Free-rule and web push functions on the switch to push the installation package to users.

Copy the installation packages to each other via U disk.

Installed by the administrator for each user.

The user domain is generally composed of various terminal users. The terminals in this area have the characteristics of large numbers, wide distribution, and strong mobility.

The business domain is a platform for the heavy load of business flows. According to the needs of the enterprise, security technology is used to logically divide the business to realize the security of the network.

The network domain is the most concerned security protection area of various enterprises, and it carries the important and core information assets of the enterprise.

The service domain is the area that provides security services for the corporate intranet. This area is generally composed of systems that provide security services such as antivirus servers, patch management servers, and terminal security servers.

Announcements can be issued by the security department

The terminal must have a proxy client installed to receive announcements.

If the system issues an announcement and the proxy client is not online, the announcement information will not be received after going online.

Announcements can be issued by account.

Create new account

Use existing social media accounts

No authentication, no account required

Scan public QR code