H12-731_V2.0 HCIE-Security (Written) V2.0 Questions and Answers

The generation of anti-virus logs has nothing to do with license authorization

The generation of intrusion prevention logs has nothing to do with license authorization

The generation of audit logs has nothing to do with license authorization

Sandbox detection logs include local sandbox and cloud sandbox detection logs, and cloud sandbox detection requires license authorization

TRUE

FALSE

What do you have

What do you do

What you are

What do you know

Half

- years

2 years

Unauthorized access to business systems unrelated to their own work

The user copies the screen content, My Screen or copied by other unlawful means Download the data library.

Fake user identity query and obtain data resulting in data leakage 5JL

Accidental operation causes the O&M database to be deleted, Destruction.

Identification

Identity authentication

Billing

Authorization

Suga Center

Testing Center

Traffic Center

Cleaning center

Response

Plan

Protection

Recovery

BGP drainage

Second-layer drainage

GRE drainage

By deceiving network detection activities, fake resources are displayed, so that attackers cannot discover real system information and vulnerabilities

Interact with the attack campaign to confirm the intent and discover the attacker before the breach occurs

Trapping systems discover and block attacker attacks

Interference Attack Gathering System Information diaphragmatic weakness determination" process, inducing the attacker to expose the intention

run IIS Lockdown Wizzard

Install the latest operating system patches

Disable default and management of web sites

Disable network printing

Service identification is a reconnaissance technique that identifies the type of service provided by the server.

The SSH protocol will actively inform visitors of their version information.

An attacker can retrieve the relevant hole according to the service version and exploit it.

The identification of all services can be achieved through port scanning technology.

One machine deployment

Primary/standby dual-machine images

Dual machine load sharing

Hot standby for both active and standby machines

National Internet Emergency Response Center

Technical Committee on Information Technology Security Standardization

China Association for Work Safety (CAWS).

Network and Information Security Technical Working Committee of China Communications Standards Association (CCSA).

Sending API attacks generally requires the power of large organizations

API attacks follow the course of the cyber attack chain

API attacks are generally more invisible Hide attacks by encrypting channels, for example

Zero-day vulnerabilities are used in API attacks

Agile-controller DCN

FireHunter

VSCAN

SecoManager

TRUE

FALSE

Vulnerabilities

Data breach

Cyber attacks

Viruses

DDos

Malformed message attack

TCP port scanning

Oversized ICMP packet attack

Multi-tenant app environment Enable the virtual firewall to implement an independent port for administrative privileges

Network traffic isolation between VMs is not possible

VPN group and network environment Enable the virtual firewall for forward isolation

Isolation of different security areas of the campus network

in the file system Data at rest is protected on the database through storage technology

Check database backups regularly

Protection of data in use when using or processing data

Protect data in transit as it travels across the network

mailbox

Instant messaging

U disk

X

Network trapping technology can automatically sense APR-MISS and realize trapping.

Network trapping technology can automatically sense the non-existence of IP and realize trapping.

Network trapping technology can automatically sense the absence of MAC addresses and realize trapping.

Network trapping technology can automatically sense open ports and realize trapping.

Physicalization of attack methods

Complication of attack methods

The attack method changes little

Diversification of attack objectives

Data integrity verification

User authentication

Data encryption

Address assignment

TRUE

FALSE

Transmission security

Storage security

Destroy security

Collect security

Trapping needles support simulation services

The trapping technology scheme consists of two parts: trap and trapping probe

The trapping probe is a honeypot

The trapping probe is responsible for identifying the scanning behavior in the network and directing traffic to the trap

Installing threats against network weapons, network trapping defense technology, can use deception to make the attack execute special commands in the trapping system

In the face of viruses, worms, WebShell these weaponized attack methods, can use misleading methods to make the attack traffic be diverted to trap probe O

For the detection behavior in the early stage of the attack, you can use deception to burst into defense. By creating various traps to mislead the attacker. Cause attackers to misunderstand the network structure, attack targets, and vulnerabilities.

Network trapping technology can disguise the actual business and vulnerabilities to mislead the attacker, so that the attacker can infiltrate the trapping system.

TRUE

FALSE

TRUE

FALSE

Destination IP address

Port number

Feature library

Source IP address

Data reorganization, > characteristic matching, > application identification, > corresponding processing

Corresponding processing, data reorganization, > trait matching, application identification

Corresponding treatment, characteristics matching. Application identification, data reorganization

Data reorganization. App recognition. Trait matching. Deal accordingly

TRLE

FALSE

Keywords that users search for using search engines

Sending and receiving emails

User QQ account and its online and offline time

User profiles

The trapping probe has a business simulation function.

Firewalls and switch devices can act as trapping probes.

In networking mode where the trap and the trap probe are on the same firewall| CIS and SecoManager are not required for trapping Closed-loop threat linkage can be completed directly through FW.

The trapping system produces a unique fingerprint for each attacker Able to record hacker IP, operating system Information such as browser type, type of attack weapon, etC.