H12-723_V3.0 Practice Exam Questions with Answers HCIP-Security-CTSS V3.0 Certification

True

False

The AAA server saves information such as usernames and passwords for authentication of access users.

The Web server saves informationsuch as user names and passwords for authentication of access users.

The AAA server is used to push the Portal authentication page to the user.

The web server is used to push the Portal authentication page to the user.

True

False

True

False

You can check whether the screen saver is enabled on the terminal

You can check whether the screen saver password is enabled

Only supports Windows operating system

Screen saver settings cannot be automatically repaired

True

False

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

The automatic account lock and manual account lock functions cannot be activated at the same time.

For automatically locked accounts, if the number of incorrect passwords entered by the terminal user during authenticationexceeds the limited number of times within a limited time, the account will be automatically locked.

For manually locked accounts, the administrator needs to manually add the account to the locked account list.

Manually lock the account anddelete it from the list, the lock of the account will be released.

Terminal P address

Location information of the access device

Priority of guest accounts

Connected to the network SSID'

True

False

WLAN Is to adopt 80211 Technical WiFi

WLAN There are two basic architectures: FAT AP with AC+FIT AP

AC+FATAP The architecture is suitable for medium andlarge use scenarios

AC+FITAP Autonomous network architecture

Users can use Any Office Perform authentication.

User can't use web Way to authenticate.

Users can use Web Agent Perform authentication.

Users can use their own 802. 1X The client authenticates.

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control andpolicy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

exist Any Office When logging in with an account for the first time, the terminal host is automatically bound to the current account, but the automatic binding process requires administrator approval

When other accounts need to be authenticated on the bound terminal host, there is no need to find the asset owner who is bound for the first time to authorize themselves.

Binding terminal hosts and accounts is onlyapplicable to terminal users through Any Office Scenarios for authentication, Not applicable Web Agent Plugins and Web The scenario where the client authenticates.

There are only consoles in the account binding terminal host, which cannot be configuredby the administrator.

ARP Message

DHCP Message P

DHCPv6 Message

ICMP Message

Page customization stage

Account application stage

User authentication phase

Audit and cancellation stage

Short message

E-mail

Web Print

Voicemail

True

False

True

False

bandwidth

Forwarding priority

Authority

Strategy

Assign to user

Assigned to account

Assign to terminal IP Address range

Assigned to places

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

After user 1 is authenticated, user 2 can access network resources without authentication

User 1 and User 2 must be individually authenticated before they can access networkresources

GE0/0/1 does not need to enable dot1X

Neither user 1 nor user 2 can pass the authentication and access network resources.

Visitors can use their mobilephone number to quickly register an account

The administrator can assign different permissions to each visitor

Reception staff cannot create guest accounts

There is a violation of the guest account, and the administrator cannot retrospectively

True

False

CAPWAP The data tunnelcan be used DTLS Encrypted.

DTLS Support two authentication methods:Certificate authentication(out AC,AP Already brought)with PSK Password authentication.

DTLS Encryption can guarantee AC The issued control messages will not be eavesdropped on.

Use the certificate method to carry out DTLS Negotiation, the certificate is only used to generate the key, not right AP Perform authentication.

Deployment Management Center MC Time, support HA,Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

The user domain is generally composed of various terminal users. The terminals in this area have the characteristics of large numbers, wide distribution, and strong mobility.

The business domain is a platform for the heavy load of business flows. According to the needs of the enterprise, security technology is used to logically divide the business to realize thesecurity of the network.

The network domain is the most concerned security protection area of various enterprises, and it carries the important and core information assets of the enterprise.

The service domain is the area that provides security services for the corporate intranet. This area is generally composed of systems that provide security services such as antivirus servers, patch management servers, and terminal security servers.

MAC Certification

82.1 Certification

Portal Certification

MAC(prioritized

S5720HI Series Switch:

AR Series router

USG6000 Series firewall

SVN5600 series

The mobile office platform is safe and reliable and goes online quickly.

Users can access the networksafely and quickly.

Unified terminal management and fine control.

Network gateway deployment

Deploy the main DB

Deployimage DBO

Deploy witness DB

Deploy MC and SM dual machine backup

True

False

The registry does not contain the mandatory requirements of thepolicy"Subkeys and key values".

The registry contains the mandatory requirements of the policy"Subkeys and key values",

The registry contains the prohibited"Subkeys and key values"W

The registry does not contain any prohibited by this policy"Subkeys and key values"

True

False

Through the entire authentication process, the terminal passes EAP The messageexchanges information with the server.

Terminal and 802.1X Switch EAP Message interaction,802.1X Switch and server use Radius Message exchange information

802.1X Authentication does not require security policy checks.

use MD5 The algorithm checksthe information.

True

False

DHCP

ARP

CAPWAP

802.11MAC

True

False

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

True

False

Straight forward to return authentication failure information.

Discard user information.

User 91 Information sent to AD The server performs verification.

Synchronize the database again.

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

SACG Authentication is generally used in scenarios where a stable network performs wired admission control.

SACG Authentication is generally used in scenarios where new networks are used for wireless admission control.

SACG It is generally deployed in a bypass mode without changing the original network topology.

SACG Essentially through 802.1X Technology controls access users.

Directly discard data sent by devices that do not comply withregulations

Certification of non-compliant equipment.

Check for non-compliant terminals, Prohibit unsafe devices from accessing the network.

Send alarm information to notify the administrator to deal with it.