H12-731_V2.0 Practice Exam Questions with Answers HCIE-Security (Written) V2.0 Certification

In a networking environment where the packet return path is inconsistent, the content of the audit log record is not complete.

Only audit administrators can configure audit functions and view audit logs

In the security policy, traffic configured as deny will be processed by the audit policy.

The audit strategy includes two parts: conditions and actions By matching any of the conditions, a response action can be performed.

1

2

3

D. 4

Administrator decentralization and domain management mechanism

Anti-brute force mechanism

Protection mechanism for sensitive user information

Access channel control

Modify system files

Parasitic in macro files

Modify the memory signature

Modify the file signature

In this scenario, Fireproof will assign an IP address to the client

After the L2TF tunnel is established, the user cannot access the Internet normally

The parameters set by the client should match the parameters set on the firewall.

The client should initiate a dial-up connection to the virtual address of the dual machine.

Vulnerabilities

Data breach

Cyber attacks

Viruses

For FTP behavior, application behavior control can limit the size of upload/download files, but cannot control the upload/download line separately

For IM behavior You can set a black whitelist The priority relationship between the black and white list and the provincial action is: blacklist, white list, default action.

When creating a security strategy Application behavior control and yellow files can be combined with users, time periods, and other objects to achieve the purpose of application control for different users and different time periods.

D. For HTTP behavior The application behavior control function can be controlled by DET operation in POST.

TRUE

FALSE

Responsible for security vulnerability detection and protection.

Responsible for organizing the emergency handling of information security emergencies.

Responsible for formulating enterprise-level information security technology planning and technical architecture.

Responsible for organizing and carrying out information system security graded protection work

TRLE

FALSE

Data preprocessing

Flow data collection

Distributed storage

Distributed indexes

Stateful Detection Firewall

App Proxy Firewall

Packet filtering firewall

Web firewall

300

301

303

302

CTS full logs

Unified Authentication Service (IAM) full logs

Full volumes of Cloud Resolution Service (DNS) logs

Security Guard Device Logs

The classification of general safety requirements is more detailed.

The workflow of equal protection assessment is more detailed.

Added expansion requirements.

The security requirements of each level are more detailed.

Agent-based audit technology

Log-based estimation technology

Gateway-based audit technology

Audit technology based on network monitoring

The limiting method of limiting the number of TCP half-open connections can prevent SYN Flood political attacks

Through SYN Cookie technology, SYN Flood can be prevented

By purchasing inter-domain security policies, SYN Flood attacks can be prevented

The TCP new connection rate limiting method protects against SYN Flood attacks

BGP drainage

Second-layer drainage

GRE drainage

TRUE

FALSE

DDOS Anti-DDoS Pro IP services

Situational awareness services

SSL certificate management service

Security Expert Services

The IP address specified in the security policy should be the IP address of the real server

The IP address specified in the security policy should be the IP address of the virtual server

Modifying the destination IP address and destination port number of a packet occurs after querying the inter-domain security policy

Modifying the destination IP address and destination port number occurs before querying the inter-domain security policy

User files are corrupted

Illegal remote control of a computer

Personal accounts, passwords and other information are stolen

Cause the system to slow down or even freeze

Great impact on performance However, only HTTP/HTTPS access is controlled

The impact on performance is small And all services corresponding to the domain name can be controlled

Control in the domain name resolution stage, control the granularity Control can only be done down to the domain name level

Control is performed during the URL request phase of making HTTP/HTTPs Fine control granularity Can be controlled down to the directory and file level

TRUE

FALSE

Use planting load inspection

Use DNS dynamic mode

Use 302 redirect

Use CHAME

Application

Source IP

URL

File MD5

Storage media such as disk or tape It's all magnetic technology If it can destroy its magnetic structure The existing data no longer exists.

In addition to low-level formatting of disks and tapes, it can also be done in the form of physical rhetoric

Since tapes can be used repeatedly, data can be destroyed using overwrite. As long as the disk is overwritten once Data cannot be interpreted.

Destruction of the entity's storage media Make the data unreadable by the system It is also one of the ways to ensure the confidentiality and security of data.

Keywords that users search for using search engines

Sending and receiving emails

User QQ account and its online and offline time

User profiles

TRUE

FALSE

The DNS proxy function replaces the source address header in the DNS request packet.

After enabling the DNS transparent proxy function The DNS server address to replace is determined for the outgoing interface

In the case of NGFW as the exit network and the DNS server of the enterprise intranet The DNS transparent proxy function can still be implemented normally.

Two DNS requests for the same user in the case of DNS transparent proxies The replaced address may be different.

TRUE

FALSE

TRUE

FALSE