H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Which of the following protocols can be used to construct attack messages for special control message attacks? (multiple choice)

A ICMP protocol

B. UDP protocol

C. CIP protocol

D. FTP protocol

Which of the following are typical intrusions? "Multiple choice)

Regarding the sequence of the mail transmission process, which of the following is correct?

1. The sender PC sends the mail to the designated SMTP Server.

2. The sender SMTP Server encapsulates the mail information in an SMTP message and sends it to the receiver SMTP Server according to the destination address of the mail

3. The sender SMTP Server encapsulates the mail information in an SMTP message according to the destination address of the mail and sends it to the receiver POP3/MAP Senver

4. The recipient sends an email.

For special message attacks, which of the following option descriptions is correct?

A Special control packet attack is a potential attack and does not have direct destructive behavior

B. The attacker probes the network structure by sending special control messages to launch a real attack.

C. Special control message attacks do not have the ability to detect the network structure. Only scanning attacks can detect the network.

D. Special control message items can only use ICMP to construct attack messages.

Which of the following threats cannot be detected by IPS?

File filtering technology can filter files based on the application of the file, the file transfer direction, the file type and the file extension.

Which of the following descriptions about viruses and Trojans are correct? (multiple choices)

Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

① WAF uses the pages in the cache to return to the client;

②WAF compares the watermark of the server page content with the page content in the cache

③Store the content of the page in the cache after learning

④ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user's visit to the website;

For the ordering of these steps, which of the following options is correct?

Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system

If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

If a company wants to detect image files, Shellcode code files and PDF files, which of the following types of sandboxes can be used? (More

155955cc-666171a2-20fac832-0c042c0420

select)

In the following options, which of the two attacks use similar attack methods, they will generate a large number of useless response packets, occupying network bandwidth,

Consume equipment resources?

Part of the reason why the APT attack becomes difficult to defend is that it uses the vulnerabilities to attack. This kind of zero-day hole usually requires flowers

A lot of time to research and analyze and produce corresponding defense methods.

When the device recognizes a keyword during content filtering detection, which response actions can the device perform? (multiple choice)

​​SQl injection attacks generally have the following steps:

①Elevate the right

②Get the data in the database

③Determine whether there are loopholes in the webpage

④ Determine the database type

For the ordering of these steps, which of the following options is correct?

When using the two-way SSL function to decrypt HTTPS packets, the value of the reverse proxy level represents the number of times the packet can be decrypted.

The whitelist rule of the firewall anti-virus module is configured as ("*example*, which of the following matching methods is used in this configuration?

Regarding firewall and IDS, which of the following statements is correct?

Which of the following options is not a special message attack?

The process of a browser carrying a cookie to request resources from a server is shown in the following figure. Which of the following steps contains SessionID information in the message?

Content filtering is a security mechanism for filtering the content of files or applications through Huawei USCG00 products. Focus on the flow through deep recognition

Contains content, the device can block or alert traffic containing specific keywords.

In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed

In the high-performance engine. Which of the following is not the content security detection function supported by this product?

Based on the anti-virus gateway of streaming scan, which of the following descriptions is wrong?