New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Huawei H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Exam Practice Test

Page: 1 / 18
Total 177 questions

Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

In the following options, which of the two attacks use similar attack methods, they will generate a large number of useless response packets, occupying network bandwidth,

Consume equipment resources?

Options:

A.

Fraggle and Smurt

B.

Land and Smurf

C.

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

D.

Teardrop and Land35

Question 2

Due to differences in network environment and system security strategies, intrusion detection systems are also different in specific implementation. From the perspective of system composition, the main

Which four major components are included?

Options:

A.

Event extraction, intrusion analysis, reverse intrusion and remote management.

B.

Incident extraction, intrusion analysis, intrusion response and on-site management.

C.

Incident recording, intrusion analysis, intrusion response and remote management.

D.

Incident extraction, intrusion analysis, intrusion response and remote management.

Question 3

Which of the following threats cannot be detected by IPS?

Options:

A.

Virus

B.

Worms

C.

Spam

D.

DoS

Question 4

Which of the following options belong to the upgrade method of the anti-virus signature database of Huawei USG6000 products? (multiple choice)

Options:

A.

Local upgrade

B.

Manual upgrade

C.

Online upgrade

D.

Automatic upgrade

Question 5

If the processing strategy for SMTP virus files is set to alert, which of the following options is correct?

Options:

A.

Generate logs and discard

B.

Generate logs and forward them

C.

Delete the content of the email attachment

D.

Add announcement and generate log

Question 6

Which of the following options is correct for the description of the Anti DDoS system configuration?

Options:

A.

Configure drainage and re-injection on the testing equipment.

B.

Configure port mirroring on the cleaning device.

C.

Add protection objects on the management center.

D.

Configure drainage and re-injection on the management center.

Question 7

Which of the following options are the possible reasons why a certain signature is not included after the IPS policy configuration is completed? (multiple choice)

Options:

A.

Direction is not enabled

B.

The direction is turned on, but no specific direction is selected

C.

The severity level of the configuration is too high

D.

The protocol selection technique is correct

Question 8

In the anti-virus policy configuration of Huawei USG6000 product, what are the response methods of HTTP protocol? (multiple choice)

Options:

A.

Warning

B.

Block and push the page

C.

A warning dialog box pops up

D.

All access to the client is prohibited

Question 9

The user needs of a university are as follows:

1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

3. At the same time, some pornographic websites in the student area are prohibited.

The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

155955cc-666171a2-20fac832-0c042c0415

Options:

A.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

B.

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

C.

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

D.

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

Question 10

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

Options:

A.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

B.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

C.

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

D.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Question 11

Which of the following options describes the IntelliSense engine IAE incorrectly?

Options:

A.

lAE's content security detection functions include application identification and perception, intrusion prevention, and Web application security.

B.

Full English name: intelligent Awareness Engine.

C.

The core of C.IAE is to organically centralize all content security-related detection functions.

D.

The security detection of the IAE engine is parallel, using a message-based file processing mechanism, which can receive file fragments and perform security checks.

Question 12

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

① WAF uses the pages in the cache to return to the client;

②WAF compares the watermark of the server page content with the page content in the cache

③Store the content of the page in the cache after learning

④ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user's visit to the website;

For the ordering of these steps, which of the following options is correct?

Options:

A.

③④②⑤①

B.

⑤①②④③

C.

②④①⑤③

D.

⑤③④②①

Question 13

Regarding Huawei's anti-virus technology, which of the following statements is wrong?

Options:

A.

The virus detection system cannot directly detect compressed files

B.

The anti-virus engine can detect the file type through the file extension

C.

Gateway antivirus default file maximum decompression layer is 3 layers

D.

The implementation of gateway antivirus is based on proxy scanning and stream scanning

Question 14

Cloud sandbox refers to deploying the sandbox in the cloud and providing remote detection services for tenants. The process includes:

1. Report suspicious files

2. Retrospective attack

3. Firewall linkage defense

4. Prosecution in the cloud sandbox

For the ordering of the process, which of the following options is correct?

Options:

A.

1-3-4-2

B.

1-4-2-3

C.

1-4-3-2

D.

3-1-4-2:

Question 15

Since the sandbox can provide a virtual execution environment to detect files in the network, the sandbox can be substituted when deploying security equipment

Anti-Virus, IPS, spam detection and other equipment.

Options:

A.

True

155955cc-666171a2-20fac832-0c042c0414

B.

False

Question 16

For the description of the Anti DDOS system, which of the following options is correct? C

Options:

A.

The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.

User network, send to the real destination.

B.

The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.

View in categories and generate reports.

C.

The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to

The management center makes a judgment.

D.

The firewall can only be used for inspection equipment

Question 17

The application behavior control configuration file takes effect immediately after being referenced, without configuration submission.

Options:

A.

True

B.

False

Question 18

Intrusion detection is a network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following

What is the content of the intrusion detection knowledge base?

Options:

A.

Complete virus sample

B.

Complete Trojan Horse

C.

Specific behavior patterns

D.

Security Policy

Question 19

An enterprise administrator configures the Web reputation system as shown in the figure. Regarding the configuration, which of the following statements is correct?

Options:

A.

The content in No. 2 must be configured.

B.

In addition to this page configuration, you also need to enable the firewall and sandbox linkage, otherwise the page configuration is invalid

C.

The content in No. 4 must be configured.

D.

After the configuration is completed, you need to submit the configuration to take effect.

Question 20

Which of the following options is not a special message attack?

Options:

A.

ICMP redirect message attack) 0l

B.

Oversized ICMP packet attack

C.

Tracert packet attack

D.

IP fragment message item

Question 21

Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?

1. The Netflow analysis device samples the current network flow;

2. Send a drainage command to the cleaning center;

3. Discover the DDoS attack stream;

4.Netior: analysis equipment sends alarms to ATIC management center

5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;

6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage

7. The cleaning log is sent to the management center to generate a report;

8. The cleaned traffic is sent to the original destination server.

Options:

A.

1-3-4-2-5-6-7-8

B.

1-3-2-4-6-5-7-8

C.

1-3-4-2-6-5-8-7

D.

1-3-24-6-5-8-7

Question 22

The whitelist rule of the firewall anti-virus module is configured as ("*example*, which of the following matching methods is used in this configuration?

Options:

A.

Prefix matching

B.

Suffix matching

155955cc-666171a2-20fac832-0c042c043

C.

Keyword matching

D.

Exact match

Question 23

Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices

Options:

A.

Enhanced mode refers to the authentication method using verification code.

B.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

C.

The enhanced mode is superior to the basic mode in terms of user experience.

D.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Question 24

Which of the following statements about IPS is wrong?

Options:

A.

The priority of the coverage signature is higher than that of the signature in the signature set.

B.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

C.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

D.

The signature set can contain either predefined signatures or custom signatures. 832335

Question 25

The processing flow of IPS has the following steps;

1. Reorganize application data

2. Match the signature

3. Message processing

4. Protocol identification

Which of the following is the correct order of the processing flow?

Options:

A.

4-1-2-3

B.

1-4-2-3

C.

1-3-2-4

D.

2-4-1-3:

Question 26

Regarding intrusion detection I defense equipment, which of the following statements are correct? (multiple choice)

Options:

A.

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

B.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

C.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

D.

Ability to quickly adapt to threat changes

Page: 1 / 18
Total 177 questions