Huawei H12-722_V3.0 HCIP-Security-CSSN V3.0 Exam Practice Test

Confidentiality

Integrity

Availability

Recoverability

Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so

Not vulnerable to attack.

The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes

Need a lot of monitors.

It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.

First package detection technology

Heuristic detection technology

Decryption technology

File reputation detection technology 5

The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.

User network, send to the real destination.

The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.

View in categories and generate reports.

The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to

The management center makes a judgment.

The firewall can only be used for inspection equipment

Prefix matching

Suffix matching

155955cc-666171a2-20fac832-0c042c043

Keyword matching

Exact match

the exception equipment IP is not in controlled network segment.

terminal in isolation domain can not access exception equipment .

only through security authentication terminals can access exception equipment.

through identity authentication terminals can access exception equipment.

2-3-4-1

1-2-4-3

1-4-2-3

2-1-4-3

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

The virus detection system cannot directly detect compressed files

The anti-virus engine can detect the file type through the file extension

Gateway antivirus default file maximum decompression layer is 3 layers

The implementation of gateway antivirus is based on proxy scanning and stream scanning

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

The firewall will first check the blacklist entries and then the whitelist entries.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

Warning

Block

Declare

Delete attachments

display version av-sdb

display utm av version

display av utm version

display utm version

It is impossible to detect violations of security policies.

It can detect all kinds of authorized and unauthorized intrusions.

Unable to find traces of the system being attacked.

is an active and static security defense technology.

155955cc-666171a2-20fac832-0c042c0425

True

False

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

The file filtering module will compare the application type, file type, and transmission direction of the file identified by the previous module with the file filtering rules configured by the administrator.

Then the lookup table performs matching from top to bottom.

If all the parameters of Wenzhu can match all file filtering rules, then the module will execute the action of this file filtering rule.

There are two types of actions: warning and blocking.

If the file type is a compressed file, then after the file filtering check, the female file will be sent to the file decompression module for decompression and decompression.

Press out the original file. If the decompression fails, the file will not be re-filed.

Warning

Block

Declare

Operate by weight

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

example

www. abc. example. com

www.abc. example

example. com

TCP packets

UDP packet

ICMP message

FTP message

True

False

POST operation

Browse the web

Acting online

File upload and download

IPS policy is not submitted for compilation

False Policy IDs are associated with IPS policy domains

The IPS function is not turned on

Bypass function is closed in IPS

lAE's content security detection functions include application identification and perception, intrusion prevention, and Web application security.

Full English name: intelligent Awareness Engine.

The core of C.IAE is to organically centralize all content security-related detection functions.

The security detection of the IAE engine is parallel, using a message-based file processing mechanism, which can receive file fragments and perform security checks.