H12-724 HCIP-Security (Fast track) V1.0 Questions and Answers

Office Windows System host

For testing Linux System host

Mobile client, such as smart phone, etc

Network printer 232335

True

False

True

False

Set local blacklist and whitelist: Both blacklist and whitelist can be configured at the same time, or only one of them can be configured.

In the "Whitelist" text box, enter the P address and mask of the SMTP Server to be added to the whitelist. You can enter multiple IP addresses, one IP address

Address one line. v

Enter the IP address and mask of the SMITP Server to be added to the blacklist in the "Blacklist" text box, you can enter multiple IP addresses, one IP

Address one line.

The priority of the blacklist is higher than that of the whitelist.

True

False

True

False

Resource pool mechanism

weighting mechanism

load balancing

Hot Standby

Prefix matching

Suffix matching

155955cc-666171a2-20fac832-0c042c043

Keyword matching

Exact match

The firewall is a bypass device, used for fine-grained detection

IDS is a straight line equipment and cannot be used for in-depth inspection

The firewall cannot detect malicious operations or misoperations by insiders

IDS cannot be linked with firewall

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

Users can visit www.videobt.com website.

The user can visit the www.bt.com website, but the administrator will receive a warning message.

User cannot access all the sites ending with bt com.

When users visit www.bt. com, they will be blocked.

Deployment Management Center MC Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

Terminal P address

Location information of the access device

Priority of guest accounts

Connected to the network SSID'

all Ad-hoc The device will be directly judged as an illegal device

Not this AC Access AP Is illegal AP

Not this AC Access STA Is illegal STA

Not this AC Access STA,Also need to check access AP Does it contain law

172.18.11.221 It is the server of the isolation domain.

The escape route was opened.

172.18.11.223 It is a post-domain server.

The terminal host stream is the default ACL Blocked.

Complete virus sample

Complete Trojan Horse

Specific behavior patterns

Security Policy

2-3-4-1

1-2-4-3

1-4-2-3

2-1-4-3

Data preprocessing

Threat determination

Distributed storage

Distributed index

When the file source is an internal data source, when distributing software, the business manager will only send the path of the data source of the software to be distributed to Any Office

When the file source is an external data source, Any 0fce will obtain the software to be distributed.

External data sources cannot distribute files from FTP-type file servers.

The Microsoft Windows file sharing server uses the UNC (Universal Naming Conversion) path (beginning with "\\") to provide waiting. The path to distribute the software.

When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.

When the terminal NAC Agent uninstall, the scanner can send alarm information.

the scanner by the SNMP protocol to obtain network equipment resources information.

scanner and Policy Center controller linkage scan tasks.

Create new account

Use existing social media accounts

No authentication, no account required

Scan public QR code

The files obtained by users from website A and website B will be sent to the inspection node for inspection.

When a user visits website B, although the firewall will extract the file and send it to the detection node, the user can still access normally during the detection process

Site B.

After the detection node detects the suspicious file, it not only informs the firewall in the figure of the result, but also informs other network devices connected to it.

Assuming that website A is an unknown website, the administrator cannot detect the traffic file of this website sC

Teardrop attack

Ping of Death attack

IP Spoofng attack

Land attack

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

True

False

True

False

Software and Patch

sharing information and system account information

System Log

processes, services and startup

Straight forward to return authentication failure information.

Discard user information.

User 91 Information sent to AD The server performs verification.

Synchronize the database again.

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

The system starts traffic statistics.

System related configuration application, fingerprint learning.

The system starts attack prevention.

The system performs preventive actions.

Text

Regular expressions

Community word

Custom keywords

True

False

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

View in task manager TMCSever Whether the service is started.

View in task manager TMCServerDaemon Whether the service is started.

View in task manager TMCServer with TMCSeverDaemon Whether the service is started.

Select on the server"Start>all programs> Huawei> Agile Cortroler> Sever rtrller",an examination MC Whether the status is"run".

True

False

True

False

Announcements can be issued by the security department

The terminal must have a proxy client installed to receive announcements.

If the system issues an announcement and the proxy client is not online, the announcement information will not be received after going online.

Announcements can be issued by account.

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

Generate logs and discard

Generate logs and forward them

Delete the content of the email attachment

Add announcement and generate log

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

True

155955cc-666171a2-20fac832-0c042c0414

False

Basic networking includes deploying one SM Server, one SC Server, one DB and a AE server.

AE In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SC server.

SC In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SM server.

DB In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup DB..

If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.

If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.

If end users are scattered in different geographical locations, a distributed deployment solution is recommended.

If end users are scattered in different regions, a centralized deployment solution is recommended.

Rely on state detection technology and protocol analysis technology

The performance is higher than the agent-based method

The cost is smaller than the agent-based approach

The detection rate is higher than the proxy-based scanning method

True

False

③②⑦⑥④⑤①

③②④⑤⑦⑥①

③②④⑥⑤⑦①

155955cc-666171a2-20fac832-0c042c0428

⑧②⑤⑦④⑥①

Configure drainage and re-injection on the testing equipment.

Configure port mirroring on the cleaning device.

Add protection objects on the management center.

Configure drainage and re-injection on the management center.

③④

①③④

⑤⑥

②④

Portal The certification process is only used in Web Certification

Server for a terminal Portal Certification will only give one Portal Device sends authentication message

Switch received Portal Online message, will give Radius Server send Radius Certification request

Portal The authentication message will not carry the result of the security check

You can check whether there is a weak password.

You can check whether the account has joined a specific group.

It cannot be repaired automatically._

It is not possible to check whether the password length meets the requirements.

manager + controller + FTP + witness database, controller + master database + FTP, controller + mirror database+ FTP

manager + controller + FTP + master database, controller + FTP + witness database, controller + FTP

+ mirror database

manager + controller + FTP + mirror database, controller + FTP + witness database, controller + FTP +

master database

manager + controller + FTP, controller + FTP + witness databases, controller + FTP + master database