Security English

鸿鹄论坛 -HCNA-Security ( H12-711 ) test bank V3.
0
Number: H12-711
Passing Score: 600
Time Limit: 120 min
File Version: 3.0
Huawei question database battle report group: 69117678
Huawei's latest question bank / latest battle report release
area: http://bbs.hh010.com/forum.php?gid=486
Download the official genuine question bank, watch the latest test report, please stay
tuned to the Hongjun Forum http://bbs.hh010.com
Cisco Huawei exam registration for national discount, please contact Hongjun
national customer service for registration
QQ 613523101
QQ 613523103
QQ 613523105
QQ 613523107
QQ 613523108
QQ 613523109
Hongjun Forum official Taobao shop: http://hh010.taobao.com/
Hongyi Forum official WeChat public number:
Page 2
Exam A
QUESTION 1
Regarding the description of the windows log event type, which options are
correct? (multiple choice)
A. A warning event is an event of a successful operation of an application, driver, or
service.
B. Error events usually refer to the loss of functionality and data. For example, if a
service cannot be loaded as a system boot, an error event will be generated.
C. When the disk space is insufficient, it will be recorded as an "information event"
D. A failed audit event is a failed audit security login attempt, such as a failure when
the user view accesses the network drive, and is logged as a failure.
Review the event.
Correct Answer: BCD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
Which of the following types of encryption technology can be divided into? (multiple
choice)
A. Symmetric encryption
B. Symmetric encryption
C. Fingerprint encryption
D. Data encryption
Correct Answer: AB
Section: (none)
Explanation
QUESTION 3
Which of the following is the status information that can be backed up by the Huawei
Redundancy Protocol (HRP)? (multiple choice)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 4
Which of the following is a core part of the P2DR model?
A. Policy strategy
B. Protection
C. Detection detection
D. Response response
Page 3
Correct Answer: A
Section: (none)
Explanation
QUESTION 5
Evidence identification needs to resolve the integrity verification of the evidence and
determine whether it meets the applicable standards. Which of the following is the
standard for the identification of the certificate?
correct?
A. Relevance criteria means that if the evidence is capable of materially affecting the
facts of the case to a certain extent, the court should determine that it has an
association.
Sex.
B. The objectivity standard refers to the fact that the acquisition, storage, and
submission of electronic evidence are legal, and the national interest, social welfare,
and personal privacy are used.
This right does not constitute a strict violation.
C. The legality standard is to ensure that the electronic evidence is not changed from
the initial acquisition and collection to the use of litigation evidence.
Chemical.
D. The fairness standard refers to the evidentiary material obtained by the legal entity
by lawful means.
Correct Answer: A
Section: (none)
Explanation
QUESTION 6
Data analysis technology is to find and match keywords or key phrases in the acquired
data stream or information flow, and analyze the correlation of time. the following
Which one is not an evidence analysis technique?
A. Password deciphering, data decryption technology
B. Document Digital Summary Analysis Technology
C. Techniques for discovering the connections between different evidences
D. Spam tracking technology
Correct Answer: D
Section: (none)
Explanation
QUESTION 7
Which of the following options are correct about the AH and ESP security
protocols? (multiple choice)
A. AH can provide encryption and verification functions
B. ESP can provide encryption and verification functions
C. The agreement number of AH is 51.
D. The ESP agreement number is 51.
Correct Answer: BC
Section: (none)
Explanation
Page 4
QUESTION 8
Which of the following types of attacks does a DDoS attack belong to?
A. Peep scan attack
B. Malformed message attack
C. Special packet attack
D. Traffic attack
Correct Answer: D
Section: (none)
Explanation
QUESTION 9
Regarding SSL VPN technology, which of the following options is wrong?
A. SSL VPN technology can be perfectly applied to NAT traversal scenarios
B. SSL VPN technology encryption only takes effect on the application layer
C. SSL VPN requires a dial-up client
D. SSL VPN technology extends the network scope of the enterprise
Correct Answer: C
Section: (none)
Explanation
QUESTION 10
Which of the following options can be used in the advanced settings of Windows
Firewall? (multiple choice)
A. Restore defaults
B. Change notification rules
C. Set connection security rules
D. Set up inbound rules
Correct Answer: ABCD
Section: (none)
Explanation
QUESTION 11
When the NAT server is configured on the USG series firewall, the server-map table
is generated. Which of the following does not belong to the content in the
performance?
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Page 5
Correct Answer: D
Section: (none)
Explanation
QUESTION 12
Which of the following attacks is not a special packet attack?
A. ICMP redirect packet attack
B. ICMP unreachable packet attack
C. IP address scanning attack
D. Large ICMP packet attack
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
Which of the following attacks is not a malformed message attack?
A. Teardrop attack
B. Smurf attack
C. TCP fragmentation attack
D. ICMP unreachable packet attack
Correct Answer: D
Section: (none)
Explanation
QUESTION 14
The "Caesar Password" is mainly used to encrypt data by using a stick of a specific
specification.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 15
Which of the following are remote authentication methods? (multiple choice)
A. RADIUS
B. Local
Page 6
C. HWTACACS
D. LLDP
Correct Answer: AC
Section: (none)
Explanation
QUESTION 16
When the firewall hard disk is in place, which of the following is correct for the
firewall log description?
A. Administrators can advertise content logs to view detection and defense records of
network threats
B. The administrator can use the threat log to understand the user's security risk
behavior and the reason for being alarmed or blocked.
C. The administrator knows the user's behavior, the keywords explored, and the
effective status of the audit policy configuration through the user activity log.
D. The administrator can learn the security policy of the traffic hit through the policy
hit log, and use it for fault location when the problem occurs.
Correct Answer: D
Section: (none)
Explanation
QUESTION 17
In the client-initiated VPN configuration, it is recommended to plan the address pool
and the headquarters network address as different network segments. Otherwise, you
need to use the gateway device.
Enable proxy forwarding.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 18
Which of the following is the encryption technology used in digital envelopes?
A. Symmetric encryption algorithm
B. Asymmetric encryption algorithm
C. Hash algorithm
D. Stream encryption algorithm
Correct Answer: B
Section: (none)
Explanation
Page 7
QUESTION 19
In addition to the built-in Portal authentication, the firewall also supports custom
Portal authentication. When using custom Portal authentication, you do not need to
deploy it separately.
External Portal server.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 20
NAPT technology can implement a public IP address for multiple private network
hosts.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 21
IPSec VPN technology does not support NAT traversal when encapsulated in ESP
security protocol because ESP encrypts the packet header.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 22
Which of the following is true about the description of SSL VPN?
A. Can be used without a client
B. The IP layer can be encrypted
C. There is a NAT traversal problem
D. No authentication required
Correct Answer: A
Section: (none)
Explanation
Page 8
QUESTION 23
Some applications, such as Oracle database applications, have a long-term no data
stream transmission, which interrupts the firewall session connection, resulting in
service interruption.
Which is the optimal solution?
A. Configure a service connection
B. Turn on ASPF function
C. Optimizing security policies
D. Turn on the slice cache
Correct Answer: A
Section: (none)
Explanation
QUESTION 24
"Implementation of security monitoring and management of information and
information systems to prevent the illegal use of information and information
systems" is to achieve which of the information security
Sex?
A. Confidentiality
B. Controllability
C. Non-repudiation
D. Integrity
Correct Answer: B
Section: (none)
Explanation
QUESTION 25
When configuring an IPSec policy, an IPSec policy can reference an address set or
configure multiple destination IP addresses.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 26
Which of the following options is not part of the 5-tuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Page 9
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
Regarding the Client-Initialized L2TP VPN, which of the following statements is
wrong?
A. After the remote user accesses the internet, the client software can directly initiate
an L2TP tunnel connection request to the remote LNS.
B. The LNS device receives the user L2TP connection request, and can authenticate
the user according to the user name and password.
C. LNS assigns a private IP address to the remote user.
D. Remote users do not need to install VPN client software
Correct Answer: D
Section: (none)
Explanation
QUESTION 28
Regarding the description of the vulnerability scan, which of the following is wrong?
A. Vulnerability scanning is a technology based on network remote monitoring of the
security vulnerability of the target network or host security, which can be used to
simulate attacks.
Inspection and safety audit.
B. Vulnerability scanning is used to detect whether there is a vulnerability in the
target host system. Generally, the target host is scanned for specific vulnerabilities.
C. Vulnerability scanning is a passive preventive measure that can effectively avoid
hacker attacks.
D. Vulnerability scanning based on the results of ping scans and port scans
Correct Answer: C
Section: (none)
Explanation
QUESTION 29
Regarding the firewall security policy, the following options are wrong?
A. If the security policy is permit, the discarded packets will not accumulate the
number of hits.
B. You cannot reuse the same name when configuring the security policy name.
C. Adjust the order of security policies without saving the configuration file.
D. Huawei USG series firewalls cannot exceed 128 security policy entries.
Correct Answer: A
Section: (none)
Explanation
QUESTION 30
Which of the following protection levels are included in the TCSEC
standard? (multiple choice)
Page 10
A. Verify the protection level
B. Forced protection level
C. Autonomous protection level
D. Passive protection level
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 31
Which of the following are part of the PKI architecture? (multiple choice)
A. End entity
B. Certificate Authority
C. Certificate Registration Authority
D. Certificate storage organization
Section: (none)
Explanation
QUESTION 32
“Being good at observation” and “keeping suspicion” can help us better identify
security threats in the online world.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 33
In the tunnel encapsulation mode. IPSec configuration does not need to have a route
to the destination private network segment because the data will be re-encapsulated
using the new IP.
Header lookup routing table.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 34
Which of the following options are correct about the description of Windows
Page 11
A. Windows Firewall can only allow or prohibit preset programs or functions and
programs installed on the system, and cannot be based on protocols or ports.
Number custom release rules
B. Windows Firewall not only allows or prohibits preset programs or functions and
programs installed on the system, but also supports itself according to the protocol or
the end.
Slogan custom release rules
C. If you are unable to access the Internet during the process of setting up the
Windows Firewall, you can use the Restore Defaults feature to quickly restore the
firewall to the initial state.
state
D. Windows Firewall can also change notification rules when it is off.
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 35
Which of the following is relevant to the investigation and evidence collection?
A. Evidence is not necessarily required during the investigation
B. Evidence obtained through eavesdropping is also valid
C. In all process of investigation and evidence collection, it is best to have law
enforcement agencies involved
D. Documentary evidence is required in computer crime
Correct Answer: C
Section: (none)
Explanation
QUESTION 36
Which of the following is wrong about the management of Internet users?
A. Each user group can include multiple users and user groups
B. Each user group can belong to multiple parent user groups
C. The system has a default user group by default, which is also the system default
authentication domain.
D. Each user belongs to at least one user group or multiple user groups
Correct Answer: B
Section: (none)
Explanation
QUESTION 37
Which of the following is not the method used in the Detection section of the P2DR
model?
A. Real-time monitoring
B. Testing
C. Alarm
D. Close the service
Correct Answer: C
Page 12
Section: (none)
Explanation
QUESTION 38
Which of the following is not part of the LINUX operating system?
A. CentOS
B. RedHat
C. Ubuntu
D. MAC OS
Correct Answer: D
Section: (none)
Explanation
QUESTION 39
In some scenarios, it is necessary to convert the source IP address and convert the
destination IP address. Which of the following techniques is used in the scenario?
A. Two-way NAT
B. Source NAT
C. NAT-Server
D. NAT ALG
Correct Answer: A
Section: (none)
Explanation
QUESTION 40
Which of the following protocols guarantee the confidentiality of data
transmission? (multiple choice)
A. Telnet
B. SSH
C. FTP
D. HTTPS
Correct Answer: BD
Section: (none)
Explanation
QUESTION 41
After the web redirection function is configured on the USG series firewall, the
authentication page cannot be displayed. Which of the following is not the cause of
the fault?
A. The authentication policy is not configured or the authentication policy is
incorrectly configured.
Page 13
B. Web authentication is not enabled.
C. The browser SSL version does not match the SSL version of the firewall
authentication page.
D. The port number of the authentication page service is set to 8887
Correct Answer: D
Section: (none)
Explanation
QUESTION 42
Which of the following options describes the order of the four phases of the
Information Security Management System (ISMS)?
A. Plan->Check->Do->Action
B. Check->Plan->Do->Action
C. Plan->Do->Check->Action
D. Plan->Check->Action->Do
Correct Answer: C
Section: (none)
Explanation
QUESTION 43
In the information security system construction management cycle, which of the
following behaviors needs to be implemented in the “check” link?
A. Safety management system design
B. Implementation of the safety management system
C. Risk assessment
D. Safety management system operation monitoring
Correct Answer: C
Section: (none)
Explanation
QUESTION 44
A. The status of this firewall VGMP group is Active.
B. The status of the VRRP group on the G1/0/0 and G1/0/1 interfaces is standby.
Page 14
C. The HRP heartbeat interface of this firewall is G1/0/0 and G1/0/1.
D. This firewall must be in a preemptive state
Correct Answer: B
Section: (none)
Explanation
QUESTION 45
What are the following types of servers sorted by shape? (multiple choice)
A. Blade server
B. Tower server
C. Rack server
D. X86 server
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 46
Common scanning attacks include: port scanning tools, vulnerability scanning tools,
application scanning tools, and database scanning tools.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 47
According to the protection object, the firewall is divided, and the windows firewall
belongs to -?
A. Software firewall
B. Hardware firewall
C. Stand-alone firewall
D. Network firewall
Correct Answer: C
Section: (none)
Explanation
QUESTION 48
Which of the following options are part of the way a PKI entity applies for a local
certificate from a CA? (multiple choice)
Page 15
A. Apply online
B. Local application
C. Network application
D. Apply offline
Correct Answer: AD
Section: (none)
Explanation
QUESTION 49
Intrusion prevention system (IPS) is a defense system that can be blocked in real time
when intrusion is discovered.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 50
Which of the following is not a symmetric encryption algorithm?
A. DES
B. 3DES
C. AES
D. RSA
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
Which of the following options are correct about configuring a firewall security
zone? (multiple choice)
A. The firewall has four security zones by default, and the four security zone priorities
do not support modification.
B. The firewall can have up to 12 security zones
C. The firewall can create two security zones of the same priority
D. When data flows between different security zones, the device security check is
triggered and the corresponding security policy is implemented.
Correct Answer: AD
Section: (none)
Explanation
Page 16
QUESTION 52
Digital certificates can be classified into local certificates, CA certificates, root
certificates, and self-signed certificates according to different usage scenarios.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 53
Which of the following descriptions is wrong about the root CA certificate?
A. The issuer is CA
B. The certificate subject name is CA
C. Public key information is the public key of the CA
D. Signature is generated by CA public key encryption
Correct Answer: D
Section: (none)
Explanation
QUESTION 54
Which of the following configurations can implement the NAT ALG function?
A. nat alg protocol
B. alg protocol
C. nat protocol
D. detect protocol
Correct Answer: D
Section: (none)
Explanation
QUESTION 55
Regarding the anti-virus response method of the firewall gateway for the HTTP
protocol, which of the following statements is wrong?
A. When the gateway device blocks the HTTP connection, push the web page to the
client and generate a log
B. Response methods include announcement and blocking
C. Alarm mode The device only generates logs and sends them out without processing
the files transmitted by the HTTP protocol.
D. Blocking means that the device disconnects from the HTTP server and blocks file
transfer.
Correct Answer: B
Section: (none)
Explanation
Page 17
QUESTION 56
Which of the following does not belong to the user authentication method in the USG
firewall?
A. Free of certification
B. Password authentication
C. Single sign-on
D. Fingerprint authentication
Correct Answer: D
Section: (none)
Explanation
QUESTION 57
The GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If the area
connected to GE1/0/1 is connected to GE1/0/2,
Which of the following is correct?
A. Need to configure Local to DMZ security policy
B. No need to do any configuration
C. Need to configure an interzone security policy
D. Need to configure DMZ to local security policy
Correct Answer: B
Section: (none)
Explanation
QUESTION 58
For the process of forwarding the first packet of the session between firewall domains,
there are the following steps:
1, find the routing table
2, find the inter-domain packet filtering rules
3, find the session table
4, find the blacklist
Which of the following is correct?
A. 1->3->2->4
B. 3->2->1->4
C. 3->4->1->2
D. 4->3->1->2
Correct Answer: C
Section: (none)
Explanation
QUESTION 59
The administrator wants to know the current session table. Which of the following
commands is correct?
Page 18
A. clear firewall session table
B. reset firewall session table
C. display firewall session table
D. display session table
Correct Answer: B
Section: (none)
Explanation
QUESTION 60
Which of the following are the basic functions of anti-virus software? (multiple
choice)
A. Protect against viruses
B. Finding a virus
C. Clearing the virus
D. Copying the virus
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 61
The European TCSEC Code is divided into two modules, Function and Evaluation,
which are mainly used in the military, government and commercial fields.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 62
In the future development of information security, terminal detection is an important
part. Which of the following methods are within the scope of terminal
testing? (multiple choice)
A. Install host antivirus software
B. Monitoring and remembering outreach equipment
C. Prevent users from accessing public network search engines
D. Monitoring host registry modification record
Correct Answer: AD
Section: (none)
Explanation
Page 19
QUESTION 63
Using iptables to write a rule does not allow the network segment of 172.16.0.0/16 to
access the device. Which of the following rules is correct?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
QUESTION 64
Which of the following is not included in the HRP master/slave configuration
consistency check?
A. NAT policy
B. Is the heartbeat interface with the same serial number configured?
C. Next hop and outbound interface of static route
D. Certification strategy
Correct Answer: C
Section: (none)
Explanation
QUESTION 65
In the USG series firewall, you can use the ______ function to provide well-known
application services for non-known ports.
A. Port mapping
B. MAC and IP address binding
C. Packet filtering
D. Long connection
Correct Answer: A
Section: (none)
Explanation
QUESTION 66
Which of the following is not included in the design principles of the survey?
A. Integrity
B. Openness
Page 20
C. Specificity
D. Consistency
Correct Answer: D
Section: (none)
Explanation
QUESTION 67
To implement the "anti-virus function" in the security policy, you must perform a
license activation.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 68
The configuration commands for the NAT address pool are as follows:
The meaning of the no-pat parameter is:
A. Do not do address translation
B. Perform port multiplexing
C. Do not convert the source port
D. Do not convert the destination port
Correct Answer: C
Section: (none)
Explanation
QUESTION 69
On the surface, viruses, vulnerabilities, Trojans and other threats are the cause of
information security incidents, but at the root of it, information security incidents and
people and information systems
It also has a lot to do with it.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 21
QUESTION 70
Which of the following behaviors is relatively safer when connecting to Wi-Fi in a
public place?
A. Connect a Wi-Fi hotspot that is not encrypted
B. Connect to a paid Wi-Fi hotspot provided by the operator and only browse the web
C. Connect unencrypted free Wi-Fi for online shopping
D. Connect encrypted free Wi-Fi for online transfer operations
Correct Answer: B
Section: (none)
Explanation
QUESTION 71
Which of the following is the action to be taken during the summary phase of the
cybersecurity emergency response? (multiple choice)
A. Establish a defense system and specify control measures
B. Evaluate the implementation of the contingency plan and propose a follow-up
improvement plan
C. Determining the effectiveness of the isolation measures
D. Evaluation of members of the emergency response organization
Correct Answer: BD
Section: (none)
Explanation
QUESTION 72
Which of the following descriptions are correct about port mirroring? (multiple
choice)
A. The mirrored port copies the packet to the observing port.
B. The observing port sends the received packet to the monitoring device.
C. The mirrored port sends the received packet to the monitoring device.
D. The observing port copies the packet to the mirrored port.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 73
Which of the following options is the GRE protocol number?
A. 46
B. 47
C. 89
D. 50
Correct Answer: B
Section: (none)
Explanation
Page 22
QUESTION 74
Which of the following is incorrect about the VGMP protocol description?
A. VGMP joins multiple VRRP backup groups on the same firewall to one
management group. The management group manages all VRRP backup groups.
B. The status of all VRRP backup groups in the management group is consistent.
C. The VGMP group whose status is Active periodically sends hello packets to the
peer. The stdandby terminal only listens for hello packets.
Respond
D. By default, when the hello packet sent by the peer is not received in the three Hello
packets, the peer is considered faulty.
Switch yourself to the Active state.
Correct Answer: C
Section: (none)
Explanation
QUESTION 75
A and B communication communicates with each other. If an asymmetric encryption
algorithm is used for encryption, when A sends data to B, which of the following keys
will be used?
Data encryption?
A. A public key
B. A private key
C. B's public key
D. B's private key
Correct Answer: C
Section: (none)
Explanation
QUESTION 76
IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 77
Which of the following descriptions is wrong about GRE encapsulation and
decapsulation?
A. The encapsulation process, the original data packet is sent to the tunnel interface by
looking up the route, and then the GRE encapsulation is started.
B. The encapsulation process, after being encapsulated by the GRE module, the
packet will enter the IP module for further processing.
C. Decapsulation process, after receiving the GRE message, the destination end sends
the data packet to the tunnel interface by looking up the route and then decapsulates
the GRE.
D. Decapsulation process, after decapsulation by the GRE module, the packet will
enter the IP module for further processing.
Page 23
Correct Answer: B
Section: (none)
Explanation
QUESTION 78
The anti-virus software repair only needs to be able to repair some system files that
were accidentally deleted when killing the virus to prevent the system from crashing.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 79
Which of the following is not a rating in the cybersecurity incident?
A. Major cybersecurity incidents
B. Special cybersecurity incidents
C. General cybersecurity incidents
D. Larger network security incidents
Correct Answer: B
Section: (none)
Explanation
QUESTION 80
Which of the following statements is true about single sign-on? (multiple choice)
A. The device can identify the user who passed the authentication system
authentication.
B. AD domain single sign-on has only one deployment mode
C. Although the user password is not required, the authentication server needs to
interact with the user password to ensure that the authentication passes.
D. AD domain single sign-on can be synchronized to the firewall by mirroring the
data stream.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 81
Which of the following statements about VRRP/VGMP/HRP are correct? (multiple
choice)
A. VRRP is responsible for sending free ARP to direct traffic to the new primary
device during active/standby switchover.
B. VGMP is responsible for monitoring equipment failures and controlling fast
switching of equipment.
Page 24
C. HRP is responsible for data backup during hot standby operation.
D. The VGMP group in the active state may include the VRRP group in the standby
state.
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 82
The administrator PC is directly connected to the management port of the USG
firewall. The web interface is used for initialization. Which of the following
statements is correct? (multiple choice)
A. Manage PC browser access http; / / 192.168.0.1
B. The IP address of the management PC is manually set to 192.168.0.2-
192.168.0.254
C. Manage PC browser access http://192.168.1.1
D. Set the NIC of the management PC to automatically obtain an IP address.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 83
Which layer of the firewall does the firewall belong to in the Huawei SDSec solution?
A. Analysis layer
B. Control layer
C. Executive layer
D. Monitoring layer
Correct Answer: C
Section: (none)
Explanation
QUESTION 84
When deploying dual-system hot backup on a firewall, which protocol is required to
implement the overall state switching of the VRRP backup group?
A. VRRP
B. VGMP
C. HRP
D. OSPF
Correct Answer: B
Section: (none)
Explanation
Page 25
QUESTION 85
The online user scenario of the enterprise is shown in the figure. The user online
process is as follows:
1. The authentication is passed, and the USG allows the connection to be established.
2. User access to the internet input http://1.1.1.1
3.USG push authentication interface
4. The user successfully accesses http://1.1.1.1, and the device creates a session table.
5 User enters the correct username and password
The following correct process ordering should:
A. 2->5->3->1->4
B. 2->3->5->1->4
C. 2->1->3->5->4
D. 2->3->1->5->4
Correct Answer: B
Section: (none)
Explanation
QUESTION 86
Regarding the description of firewall hot standby, which of the following options are
A. When multiple areas of the firewall need to provide dual-system backup, you need
to configure multiple VRRP backup groups on the firewall.
B. Require the same status of all VRRP backup groups in the same VGMP
management group on the same firewall.
C. The firewall hot standby needs to synchronize the backup between the master
device and the slave device by using the session table, MAC table, routing table, and
other information.
D. VGMP is used to ensure the consistency of all VRRP backup group switching.
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 87
C. Hash algorithm
D. Streaming algorithm
Correct Answer: B
Section: (none)
Explanation
Page 26
QUESTION 88
Which of the following options are correct regarding the matching criteria for a
security policy? (multiple choice)
A. The source security zone is an optional parameter in the matching condition.
B. "Time period" in the matching condition is an optional parameter
C. "Apply" in the matching condition is an optional parameter
D. "Service" is an optional parameter in the matching condition
Section: (none)
Explanation
QUESTION 89
The attacker sends an ICMP echo request and sets the destination address of the
request packet to the broadcast address of the victim network.
Which kind of attack does this behavior belong to?
A. IP spoofing attack
B. Smurf attack
C. ICMP redirect attack
D. SYN flood attack
Correct Answer: B
Section: (none)
Explanation
QUESTION 90
Which of the following is true about the ordering of the PKI work process?
A. 1-2-6-5-7-4-3-8
B. 1-2-7-6-5-4-3-8
C. 6-5-4-1-2-7-3-8
D. 6-5-4-3-1-2-7-8
Correct Answer: B
Section: (none)
Explanation
Page 27
QUESTION 91
A client in the Trust domain can log in to the FTP server in the Untrust zone but
cannot download files. Which of the following methods can solve the problem?
problem? (multiple choice)
A. Release the 21 port number between Trust and Untrust
B. When the FTP working mode is in the port mode, modify the security policy action
from the Trust to the Untrust zone to allow
C. Enable detect ftp
D. When the FTP working mode is in Passive mode, modify the security policy action
from the Trust to the Untrust zone to allow
Correct Answer: CD
Section: (none)
Explanation
QUESTION 92
Which of the following is not part of a digital certificate?
A. Public key
B. Private key
C. Validity period
D. Issuer
Correct Answer: B
Section: (none)
Explanation
QUESTION 93
Which of the following is true about the description of the TCP/IP stack packet
decapsulation? (multiple choice)
A. The data packet is first transmitted to the data link layer. After parsing, the data
link layer information is stripped, and the network layer information is known
according to the parsed information.
For example, IP
B. After the transport layer (TCP) receives the data packet, the transport layer
information is stripped after parsing, and the upper layer processing protocol is known
according to the parsing information.
Such as UDP
C. After receiving the data packet, the network layer is stripped after parsing, and the
upper layer processing protocol is known according to the parsing information, for
example
HTTP
D. After the application layer receives the data packet, the application layer
information is stripped after parsing, and the final displayed user data and the number
sent by the sender host
According to exactly the same
Correct Answer: AD
Section: (none)
Explanation
QUESTION 94
Which of the following is not a key technology for anti-virus software?
A. Shelling technology
B. Self-protection
C. Format the disk
D. Update the virus database in real time
Page 28
Correct Answer: C
Section: (none)
Explanation
QUESTION 95
Which of the following are malicious programs? (multiple choice)
A. Trojan horse
B. Vulnerability
C. Worm
D. Virus
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 96
Which of the following are key elements of information security? (multiple choice)
A. Asset management
B. Security operation and management
C. Security products and technologies
D. Personnel
Section: (none)
Explanation
QUESTION 97
Which of the following is not a major form of computer crime?
A. Implanting a Trojan to the target host
B. Hacking to the target host
C. Using a computer for personal surveys
D. Use scanning tools to collect network information without permission
Correct Answer: C
Section: (none)
Explanation
QUESTION 98
When the IPSec VPN tunnel mode is deployed, the AH protocol is used for packet
encapsulation. In the new IP packet header field, which of the following parameters is
not required?
Data integrity check?
Page 29
A. Source IP address
B. Destination IP address
C. TTL
D. Idetification
Correct Answer: C
Section: (none)
Explanation
QUESTION 99
When configuring a GRE tunnel interface, which of the following parameters is the
Destination address?
A. Local tunnel interface IP address
B. Local end network export IP address
C. Peer external network export IP address
D. IP address of the peer tunnel interface
Correct Answer: C
Section: (none)
Explanation
QUESTION 100
Which of the following options are application risks (multiple choices)
A. Network virus
B. Email security
C. Database system configuration security
D. WEB service security
Section: (none)
Explanation
QUESTION 101
Security policy conditions can be divided into multiple fields, such as source address,
destination address, source port, destination port, etc.
The relationship with "," that is, only if the information in the message matches all the
fields, it is considered to be the strategy.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
Page 30
QUESTION 102
Which of the following is true about the description of SSL VPN?
A. Can be used without a client
B. The IP layer can be encrypted
C. There is a NAT traversal problem
D. No authentication required
Correct Answer: A
Section: (none)
Explanation
QUESTION 103
Regarding the description of disconnecting the TCP connection four-way handshake,
which of the following is wrong?
A. The active shutdown party sends the first FIN to perform an active shutdown,
while the other party receives this FIN execution is closed.
B. When the first FIN is received by passive shutdown, it will send back an ACK and
randomly generate an acknowledgment sequence number.
C. The passive shutdown party needs to pass a file terminator to the application, the
application closes its connection and causes a FIN to be sent
D. After the passive close party sends the FIN, the active close party must send back
an acknowledgment and set the acknowledgment number to the received sequence
number plus one.
Correct Answer: B
Section: (none)
Explanation
QUESTION 104
Which of the following is not an asymmetric encryption algorithm?
A. DH
B. MD5
C. DSA
D. RSA
Correct Answer: B
Section: (none)
Explanation
QUESTION 105
Which of the following statements about Client-Initiated VPN is correct? (multiple
choice)
A. A tunnel is established between each access user and the LNS.
B. Only one L2TP session and PPP connection are carried in each tunnel.
C. Multiple L2TP sessions and PPP connections in each tunnel
D. Each tunnel carries multiple L2TP sessions and one PPP connection.
Correct Answer: AB
Section: (none)
Explanation
Page 31
QUESTION 106
Regarding the firewall security policy, the following options are wrong?
A. If the security policy is permit, the discarded message will not accumulate the
number of hits.
B. You cannot reuse the same name when configuring the security policy name.
C. Adjust the order of security policies without saving the configuration file.
D. The number of security policy entries of Huawei USG series firewalls cannot
exceed 128.
Correct Answer: A
Section: (none)
Explanation
QUESTION 107
Which of the following options are supported by VPN technology to encrypt data
packets? (multiple choice)
A. SSL VPN
B. GRE VPN
C. IPSec VPN
D. L2TP VPN
Correct Answer: AC
Section: (none)
Explanation
QUESTION 108
Which of the following is the username/password for the first login of the USG series
firewall?
A. Username admin
Password Admin@123
B. Username admin
Password admin@123
C. Username admin
Password admin
D. Username admin
Password Admin123
Correct Answer: A
Section: (none)
Explanation
Page 32
QUESTION 109
There are various security threats during the use of the server. Which of the following
options is not a server security threat?
A. Natural disasters
B. DDos attack
C. Hacking
D. Malicious programs
Correct Answer: A
Section: (none)
Explanation
QUESTION 110
Regarding the Client-Initialized L2TP VPN, which of the following statements is
wrong?
A. After the remote user accesses the Internet, the client software can directly initiate
an L2TP tunnel connection request to the remote LNS.
B. The NS device receives the user L2TP connection request, and can authenticate the
user according to the user name and password.
C. LNS assigns a private IP address to the remote user.
D. Remote users do not need to install VPN client software
Correct Answer: D
Section: (none)
Explanation
QUESTION 111
Which of the following options does not include the respondents in the questionnaire
for safety assessment?
A. Network System Administrator
B. Security administrator
C. HR
D. Technical leader
Correct Answer: C
Section: (none)
Explanation
QUESTION 112
The vulnerability that has not been discovered is the 0 day vulnerability.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
Page 33
QUESTION 113
Regarding the problem that the two-way binding user of the authentication-free mode
cannot access the network resources, which of the following options are possible
reasons? (multiple choice)
A. The authentication-free user and the authenticated user are in the same security
zone.
B. The authentication-free user does not use the PC with the specified IP/MAC
address.
C. The authentication action in the authentication policy is set to “Do not accept/free
authentication”
D. Online users have reached the maximum
Correct Answer: BD
Section: (none)
Explanation
QUESTION 114
ASPF (Application Specific Packet Filter) is a packet filtering technology based on
application layer and implemented by server-map table.
Special security mechanisms.
Which of the following statements about the ASPF and server-map tables is
A. ASPF monitors messages during communication
B. ASPF can dynamically create a server-map table
C. ASPF dynamically allows multi-channel protocol data to pass through the server-
map table.
D. The quintuple server-map entry implements a similar function to the session table.
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 115
Which of the following are features of address translation technology? (multiple
choice)
A. Address translation allows internal network users (private IP addresses) to access
the Internet
B. Address translation can enable many hosts on the internal LAN to share an IP
address online.
C. Address translation can handle encrypted IP headers
D. Address translation can shield users on the internal network and improve the
security of the internal network.
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 116
Regarding NAT address translation, which of the following statements is wrong?
A. Configure a NAT address pool in the source NAT technology. You can configure
only one IP address in the address pool.
B. Address translation can provide FTP, WWW, Telnet and other services in the LAN
according to the needs of users.
C. Some application layer protocols carry IP address information in the data, and
modify the IP address information in the upper layer data when NAT is applied to
them.
D. For some non-TCP, UDP protocols (such as ICMP, PPTP), NAT conversion is not
possible.
Page 34
Correct Answer: D
Section: (none)
Explanation
QUESTION 117
Regarding the relationship and role of VRRP/VGMP/HRP, which of the following
statements are correct? (multiple choice)
A. VRRP is responsible for sending free ARP traffic to the new primary device during
active/standby switchover.
B. VGMP is responsible for monitoring equipment failures and controlling fast
switching of equipment.
C. HRP is responsible for data backup during hot standby operation.
D. The VGMP group in the active state may include the VRRP group in the Standby
state.
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 118
When the firewall upgrades the signature database and virus database online through
the security service center, it first requires the firewall to connect to the Internet, and
secondly requires the configuration to be correct.
DNS address
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 119
Which of the following is not a symmetric encryption algorithm?
A. DES
B. 3DES
C. AES
D. RSA
Correct Answer: D
Section: (none)
Explanation
QUESTION 120
The results seen by display ike sa are as follows. Which of the following statements is
wrong?
Page 35
A. IKE SA has been established
B. IPSec SA has been established
C. The neighbor address is 2.2.2.1
D. IKE uses the V1 version
Correct Answer: B
Section: (none)
Explanation
QUESTION 121
Regarding the comparison between windows and linux, which of the following
statements is wrong?
A. Getting started with Linux is more difficult and requires some learning and
guidance.
B. Windows can be compatible with most software, playing most games
C. linux is open source code, what do you want to do?
D. windows is open source, what do you want to do?
Correct Answer: D
Section: (none)
Explanation
QUESTION 122
Which of the following options are core elements of the IATF (Information Assurance
Technology Framework) model? (multiple choice)
A. Environment
B. People
C. Technology
D. Operation
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 123
Which of the following are multi-user operating systems? (multiple choice)
Page 36
A. MSDOS
B. UNIX
C. LINUX
D. Windows
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 124
The electronic evidence preservation is directly related to the legal effect of the
evidence, and it is in compliance with the legal formalities, and its authenticity and
reliability are guaranteed. Which of the following is not
In evidence preservation technology?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message tag tracking technology
Correct Answer: D
Section: (none)
Explanation
QUESTION 125
If the following conditions occur in the VGMP group, the VGMP message will not be
sent to the peer end.
A. Dual hot backup function enabled
B. Manually switch the active and standby status of the firewall.
C. Firewall service interface failure
D. Session table entry changes
Correct Answer: D
Section: (none)
Explanation
QUESTION 126
Which of the following options can be used in the advanced settings of Windows
A. Restore defaults
B. Change notification rules
C. Set connection security rules
D. Set up inbound rules
Section: (none)
Explanation
Page 37
QUESTION 127
Which of the following is true about the security policy configuration command?
A. ICMP packets with the destination address being 10.1.10.10 are not allowed to be
accessed from the trust zone.
B. Disable all ICMP packets from the trust zone to the untrust zone and the
destination address of the network segment 10.1.0.0/16.
C. Disable all ICMP packets from the trust zone to the untrust zone and the source IP
address of the network segment 10.1.0.0/16.
D. Disable all host ICMP packets from the trust zone to the untrust zone and the
source address is 10.2.10.10.
Correct Answer: C
Section: (none)
Explanation
QUESTION 128
In information security, commonly used security products include firewalls, Anti-
DDos devices, and IPS/IDS devices.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 129
If the administrator uses the default default authentication domain to authenticate the
user, the user only needs to enter the username when logging in; if the administrator
To authenticate a user using the newly created authentication domain, you need to
enter the Username@Authentication Domain Name when logging in.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 38
QUESTION 130
Digital certificate technology solves the problem that public key owners cannot
determine in digital signature technology
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 131
Which of the following options are technical features of the Intrusion Prevention
System? (multiple choice)
A. Online mode
B. Real-time blocking
C. Self-learning and adaptive
D. Straight road deployment
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 132
Regarding the firewall security policy, the following items are correct?
A. By default, an IPSec policy can control unicast packets and broadcast packets.
B. By default, the security policy can control multicast.
C. By default, the security policy only controls unicast packets.
D. By default, an IPSec policy can control unicast packets, broadcast packets, and
multicast packets.
Correct Answer: C
Section: (none)
Explanation
QUESTION 133
Which of the following information is encrypted during the use of digital
envelopes? (multiple choice)
A. Symmetric key
B. User data
C. Receiver public key
D. Receiver private key
Correct Answer: AB
Section: (none)
Page 39
Explanation
QUESTION 134
Which of the following options are part of the ISO27001 certification field? (multiple
choice)
A. Access control
B. Personnel safety
C. Vulnerability management
D. Business continuity management
Section: (none)
Explanation
QUESTION 135
Which of the following is true about the description of the firewall?
A. The firewall cannot transparently access the network.
B. Adding a firewall to the network will inevitably change the topology of the
network.
C. In order to avoid single point of failure, the firewall only supports side-by-side
deployment
D. Depending on the usage scenario, the firewall can be deployed in transparent mode
or deployed in a three-bedroom mode.
Correct Answer: D
Section: (none)
Explanation
QUESTION 136
On Huawei USG series devices, the administrator wants to erase the configuration
file. Which of the following commands is correct?
A. clear saved-configuration
B. reset saved-configuration
C. reset current-configuration
D. reset running-configuration
Correct Answer: B
Section: (none)
Explanation
QUESTION 137
Which of the following options are correct for the description of a buffer overflow
attack? (multiple choice)
A. Buffer overflow attack exploits the software system's flaws in memory operations,
running attack code with high operational privileges.
Page 40
B. Buffer overflow attacks are not related to operating system vulnerabilities and
architecture.
C. Buffer overflow attacks are one of the common methods of attacking software
systems.
D. Buffer overflow attacks belong to the application layer attack behavior.
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 138
Security technologies have different approaches at different levels and areas of
technology. Which of the following devices can be used for network layer
security? (multiple choice)
A. Vulnerability scanning device
B. Firewall
C. Anti-DDoS equipment
D. IPS/IDS equipment
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 139
IPSEC VPN technology does not support NAT traversal when encapsulated in ESP
security protocol because ESP encrypts the packet header.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 140
Which of the following options are part of the SSL VPN feature? (multiple choice)
A. User authentication
B. Port scanning
C. File sharing
D. WEB rewriting
Correct Answer: AC
Section: (none)
Explanation
QUESTION 141
Page 41
In the digital signature process, which of the following is the HASH algorithm to
verify the integrity of the data transmission?
A. User data
B. Symmetric key
Correct Answer: A
Section: (none)
Explanation
QUESTION 142
Which of the following traffic matches the authentication policy triggers
authentication?
A. Access device or device initiated traffic
B. DHCP, BGP, OSPF, and LDP packets
C. Traffic from visitors accessing HTTP traffic
D. The first DNS packet corresponding to the HTTP service data flow
Correct Answer: C
Section: (none)
Explanation
QUESTION 143
GE1/0/1 and GE1/0/2 of the firewall belong to the DMZ. If you need to access
GE1/0/1, you can access GE1/0/2.
Which of the following is correct for the connected area?
A. Need to configure local to DMZ security policy
B. No need to do any configuration
C. Need to configure an interzone security policy
D. Need to configure DMZ to local security policy
Correct Answer: B
Section: (none)
Explanation
QUESTION 144
Using a computer to store information about criminal activity is not a computer crime
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 145
Page 42
Which of the following descriptions is wrong about IKE SA?
A. IKE SA is two-way
B. IKE is a UDP-based application layer protocol
C. IKE SA is for IPSec SA
D. The encryption algorithm used by user data packets is determined by IKE SA.
Correct Answer: D
Section: (none)
Explanation
QUESTION 146
Which of the following statements is wrong about VPN?
A. Virtual private network is less expensive than dedicated line
B. VPN technology necessarily involves encryption technology
C. VPN technology is a technology that multiplexes logical channels on actual
physical lines.
D. The generation of VPN technology enables employees on business trips to
remotely access internal corporate servers.
Correct Answer: B
Section: (none)
Explanation
QUESTION 147
Which of the following are the standard port numbers for the FTP protocol? (multiple
choice)
A. 20
B. 21
C. 23
D. 80
Correct Answer: AB
Section: (none)
Explanation
QUESTION 148
Information security level protection is to improve the overall national security level,
while rationally optimizing the allocation of security resources, so that
Send back the greatest safety and economic benefits
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 43
QUESTION 149
For the occurrence of network security incidents, the remote emergency response is
generally taken first, if it cannot be solved by remote access.
The problem, after confirmation by the customer, goes to the local emergency
response process
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 150
Usually we will divide the server into two categories: general server and function
server. Which of the following options meets this classification standard?
A. By application hierarchy
B. By purpose
C. By shape
D. According to the architecture
Correct Answer: B
Section: (none)
Explanation
QUESTION 151
NAPT technology can implement a public IP address for multiple private network
hosts.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 152
After the firewall uses the hrp standby config enable command to enable the alternate
device configuration function, all the information that can be backed up can be
Configure directly on the standby device, and the configuration on the standby device
can be synchronized to the primary device
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 44
QUESTION 153
Which of the following options are characteristic of a symmetric encryption
algorithm? (multiple choice)
A. Fast encryption
B. Confidential speed is slow
C. Key distribution is not secure
D. Key distribution security is high
Correct Answer: AC
Section: (none)
Explanation
QUESTION 154
Which of the following options are a hazard of a traffic attack? (multiple choice)
A. Network瘫痪
B. Server downtime
C. Data is stolen
D. The page has been tampered with
Correct Answer: AB
Section: (none)
Explanation
QUESTION 155
Intrusion Prevention System (IPS) is a defense system that can be blocked in real time
when intrusion is discovered.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 156
About the HRP active and standby configuration consistency check content does not
include the following option?
A. NAT policy
B. Is the heartbeat interface with the same serial number configured?
C. Next hop and outbound interface of static route
D. Certification strategy
Correct Answer: C
Section: (none)
Explanation
Page 45
QUESTION 157
Which of the following is wrong about the NAT configuration?
A. Configure source NAT in transparent mode. The firewall does not support easy-ip
mode.
B. The IP address in the address pool can overlap with the public IP address of the
NAT server.
C. When there is VoIP service in the network, you do not need to configure NAT
ALG.
D. The firewall does not support NAPT conversion for ESP and AH packets.
Correct Answer: D
Section: (none)
Explanation
QUESTION 158
Which of the following options are correct regarding the actions of the security policy
and the description of the security profile? (multiple choice)
A. If the action of the security policy is "prohibited", the device will discard this
traffic, and then no content security check will be performed.
B. The security profile can be applied without being applied to the security policy
allowed by the action.
C. The security profile must be applied to the security policy that is allowed to take
effect.
D. If the security policy action is "Allow", the traffic will not match the security
profile.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 159
What are the following options for encryption technology to protect data during data
transmission? (multiple choice)
A. Confidentiality
B. Controllability
C. Integrity
D. Source verification
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 160
After the network attack event occurs, the isolation area, summary data, and estimated
loss are set according to the plan. The above actions belong to the network security
emergency.
In which stage of the response is the work content?
A. Preparation stage
B. Detection phase
C. Inhibition phase
D. Recovery phase
Page 46
Correct Answer: C
Section: (none)
Explanation
QUESTION 161
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 162
The digital certificate is fair to the public key through a third-party organization,
thereby ensuring the non-repudiation of data transmission. So confirm that the public
key is correct
Sex only needs the certificate of the communicating party.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 163
Digital signatures are used to ensure the integrity of data transmission by using a hash
algorithm to generate digital fingerprints.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 164
Which of the following options are correct for the description of the firewall shard
cache feature? (multiple choice)
A. By default, the firewall caches fragmented packets.
After the fragmented packet is forwarded, the firewall forwards the fragment
according to the interzone security policy.
C. For fragmented packets, NAT ALG does not support the processing of SIP
fragmented packets.
D. By default, the maximum number of fragment caches for an IPV4 packet is 32, and
the maximum number of fragment caches for an IPV6 packet is 255.
Page 47
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 165
The SIP protocol uses SDP messages to establish a session. The SDP message
contains a remote address or a multicast address.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 166
Which of the following attacks is not a network attack?
A. IP spoofing attack
B. Smurf attack
C. MAC address spoofing attack
D. ICMP attack
Correct Answer: C
Section: (none)
Explanation
QUESTION 167
What versions of the SNMP protocol are there? (multiple choice)
A. SNMPv1
B. SNMPv2b
C. SNMPv2c
D. SNMPv3
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 168
Regarding the description of the preemption function of VGMP management, which
of the following is wrong?
A. By default, the preemption function of the VGMP management group is enabled.
B. By default, the preemption delay of a VGMP management group is 40s.
Page 48
C. Preemption means that when the faulty primary device recovers, its priority will be
restored, and you can re-establish its own state.
Preemption
D. After the VRRP backup group is added to the VGMP management group, the
original preemption function on the VRRP backup group is invalid.
Correct Answer: B
Section: (none)
Explanation
QUESTION 169
In the IPSec VPN transmission mode, which part of the data packet is encrypted?
A. Network layer and upper layer data packets
B. Original IP header
C. New IP packet header
D. Transport layer and upper layer data packets
Correct Answer: D
Section: (none)
Explanation
QUESTION 170
Which of the following descriptions is wrong about windows logs?
A. The system log is used to record the events generated by the operating system
components, including the crash of the driver, system components and application
software, and data.
B. windows server 2008 system log is stored in Application.evtx
C. The application log contains events logged by the application or system program,
mainly recording events related to program operation
D. The security log of windows server 2008 is stored in security.evtx
Correct Answer: B
Section: (none)
Explanation
QUESTION 171
Which of the following is an error for the description of IP Spoofing?
A. IP spoofing attacks are exploited by the normal IP address-based trust relationship
between hosts.
B. After the IP spoofing attack is successful, the attacker can use the fake IP address
to imitate the legitimate host to access the key information.
C. The attacker needs to masquerade the source IP address as a trusted host and send a
data segment with a SYN label to request a connection.
D. The host based on the IP address-based trust relationship can log in directly
without entering password verification.
Correct Answer: C
Section: (none)
Explanation
Page 49
QUESTION 172
In the USG series firewall, which of the following commands can be used to query the
NAT translation result?
A. display nat translation
B. display firewall session table
C. display current nat
D. display firewall nat translation
Correct Answer: B
Section: (none)
Explanation
QUESTION 173
The preservation of electronic evidence is directly related to the legal effect of
evidence, and it is in compliance with the legal formalities, and its authenticity and
reliability are guaranteed. Which of the following is not
In evidence preservation technology?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message tag tracking technology
Correct Answer: D
Section: (none)
Explanation
QUESTION 174
Which of the following is the status information that can be backed up by the Huawei
Redundancy Protocol (HRP)? (multiple choice)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 175
As shown in the figure, a TCP connection is established between client A and server
B. Which of the following two "?" message numbers should be?
Page 50
A. a+1:a
B. a:a+1
C. b+1: b
D. a+1: a+1
Correct Answer: D
Section: (none)
Explanation
QUESTION 176
Digital certificates can be divided into local certificates, CA certificates, root
certificates, and self-signed certificates according to different usage scenarios.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 177
C. Hash algorithm
D. Stream encryption algorithm
Correct Answer: B
Section: (none)
Explanation
Page 51
QUESTION 178
Which of the following are remote authentication methods? (multiple choice)
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Correct Answer: AC
Section: (none)
Explanation
QUESTION 179
Which of the following statements is true about IPSec SA?
A. IPSec SA is one-way
B. IPSec SA is two-way
C. Used to generate an encryption key
D. Used to generate a secret algorithm
Correct Answer: A
Section: (none)
Explanation
QUESTION 180
Which of the following does not include the steps in the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire survey
D. Data analysis
Correct Answer: D
Section: (none)
Explanation
QUESTION 181
In the same security 2.0, which stipulates that “spam should be detected and protected
at critical network nodes, and maintenance of the garbage protection mechanism
should be maintained.
And update"?
A. Malicious code prevention
B. Communication transmission
C. Centralized control
D. Border protection
Page 52
Correct Answer: A
Section: (none)
Explanation
QUESTION 182
Which of the following options is not part of the 5-tuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Correct Answer: B
Section: (none)
Explanation
QUESTION 183
In the state detection firewall, when the state detection mechanism is enabled, the
second packet of the three-way handshake (SYN+ACK) arrives at the firewall.
At the time, if there is no corresponding session table on the firewall, which of the
following descriptions is correct?
A. The firewall does not create a session table, but allows packets to pass.
B. If the firewall security policy allows packets to pass, create a session table.
C. The message must not pass through the firewall.
D. The message must pass through the firewall and establish a session.
Correct Answer: C
Section: (none)
Explanation
QUESTION 184
In the VRRP (Virtual Router Redundancy Protocol) group, the main firewall
periodically sends advertisement packets to the backup firewall.
The backup firewall is only responsible for monitoring announcement messages and
will not respond.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 185
The VRRP advertisement packet of the USG firewall is a multicast packet. Therefore,
each firewall in the backup group must be able to implement direct Layer 2
interworking.
Page 53
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 186
Because the server is a kind of computer, we can use it in the enterprise as our server.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 187
As shown in the figure, the application scenario of a NAT server is configured when
the web configuration mode is used. Which of the following statements are correct?
(multiple choice)
A. When configuring an interzone security policy, set the source security zone to
Untrust and the target security zone to DMZ.
B. When configuring the NAT server, the internal address is 10.1.1.2 and the external
address is 200.10.10.1.
C. When configuring an interzone security policy, set the source security zone to
DMZ and the target security zone to Untrust.
D. When configuring the NAT server, the internal address is 200.10.10.1 and the
external address is 10.1.1.2.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 188
In the L2TP configuration, which of the following statements is true for the command
Tunnel Name? (multiple choice)
A. The tunnel name used to specify the local end
B. The tunnel name used to specify the peer
C. The tunnel Nnames on both ends must be consistent.
D. If the Tunnel Name is not configured, the tunnel name is the local system name.
Page 54
Correct Answer: AD
Section: (none)
Explanation
QUESTION 189
Which of the following types of attacks does a DDos attack belong to?
A. Peep scan attack
B. Malformed message attack
C. Special packet attack
D. Traffic attack
Correct Answer: D
Section: (none)
Explanation
QUESTION 190
In the USG system firewall, you can use --- function to provide well-known
application services for non-known ports.
A. Port mapping
B. MAC and IP address binding
C. Packet filtering
D. Long connection
Correct Answer: A
Section: (none)
Explanation
QUESTION 191
Which of the following is true about the command to view the number of security
policy matches?
A. display firewall sesstion table
B. display security-policy all
C. display security-policy count
D. count security-policy hit
Correct Answer: B
Section: (none)
Explanation
QUESTION 192
Which of the following options is a Layer 2 VPN technology?
Page 55
A. SSL VPN
B. L2TP VPN
C. GRE VPN
D. IPSec VPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 193
Which of the following options are wrong about the description of the Windows
Firewall advanced settings? (multiple choice)
A. When setting the stacking rule, only the local port can be restricted, and the remote
port cannot be restricted.
B. When setting the stacking rule, both the local port and the remote port can be
restricted.
C. When setting the pop-up rule, only the local port can be restricted, and the remote
port cannot be restricted.
D. When setting the pop-up rule, both local ports can be restricted and remote ports
can be restricted.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 194
Regarding the description of VGMP group management, which of the following is
wrong?
A. The master/slave status of the VRRP backup group needs to be notified to the
VGMP management group to which it belongs.
B. The interface types and numbers of the heartbeat interfaces of the two firewalls can
be different, as long as the Layer 2 interworking can be ensured.
C. The hello message is sent periodically between the VGMPs of the active and
standby firewalls.
D. The active and standby devices exchange their packets through the heartbeat line to
learn the status of each other and back up related commands and status information.
Correct Answer: B
Section: (none)
Explanation
QUESTION 195
In the security assessment method, the purpose of the security scan is to scan the
target system with a scan analysis evaluation tool to discover related vulnerabilities.
Prepare for the attack
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
Page 56
QUESTION 196
Which of the following attacks is not a malformed message attack?
A. Teardrop attack
B. Smurf attack
C. TCP fragmentation attack
D. ICMP unreachable packet attack
Correct Answer: D
Section: (none)
Explanation
QUESTION 197
Which of the following descriptions is wrong about IKE SA?
A. IKE SA is two-way
B. IKE is a UDP-based application layer protocol
C. IKE SA is for IPSec SA
D. The encryption algorithm used by user data packets is determined by IKE SA.
Correct Answer: D
Section: (none)
Explanation
QUESTION 198
In the construction of information security system, the security model is needed to
accurately describe the relationship between important aspects of security and system
behavior.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 199
Security policy conditions can be divided into multiple fields, such as source address,
destination address, source port, destination port, etc.
The relationship with "," that is, only if the information in the message matches all the
fields, it is considered to be the strategy.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 200
The matching principle of the security policy is to first find the inter-domain security
policy configured manually. If no match is found, the data packet is directly
discarded.
Page 57
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 201
Which of the following are the response actions after the gateway antivirus detects the
mail virus? (multiple choice)
A. Alarm
B. Blocking
C. Announcement
D. Remove attachments
Section: (none)
Explanation
QUESTION 202
Digital signatures are used to ensure the integrity of data transmission by using a hash
algorithm to generate digital fingerprints.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 203
Which of the following statements is wrong about NAT address translation?
A. Configure a NAT address pool in the source NAT technology. You can configure
only one IP address in the address pool.
B. Address translation can provide FTP, WWW, Telnet and other services in the LAN
according to the needs of users.
C. Some application layer protocols carry IP address information in the data, and
modify the IP address information in the upper layer data when NAT is applied to
them.
D. For some TCP, UDP protocols (such as ICMP, PPTP), NAT conversion is not
possible.
Correct Answer: D
Section: (none)
Explanation
QUESTION 204
When the NAT server is configured on the USG system firewall, the server-map table
is generated. Which of the following does not belong to the content in the
performance?
Page 58
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Correct Answer: D
Section: (none)
Explanation
QUESTION 205
Which of the following are malicious programs? (multiple choice)
A. Trojan horse
B. Vulnerability
C. Worm
D. Virus
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 206
Which of the following are the main implementations of gateway antivirus? (multiple
choice)
A. Proxy scanning method
B. Stream scanning method
C. Package inspection method
D. File killing method
Correct Answer: AB
Section: (none)
Explanation
QUESTION 207
Which of the following options is not part of the hashing algorithm?
A. MD5
B. SHA1
C. SM1
D. SHA2
Correct Answer: C
Section: (none)
Explanation
Page 59
QUESTION 208
Regarding the description of firewall hot standby, which of the following options are
A. When multiple areas of the firewall need to provide dual-system backup, you need
to configure multiple VRRP backup groups on the firewall.
B. Require the same status of all VRRP backup groups in the same VGMP
management group on the same firewall.
C. The firewall hot standby needs to synchronize the backup between the master
device and the slave device by using the session table, MAC table, routing table, and
other information.
D. VGMP is used to ensure the consistency of all VRRP backup group switching.
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 209
Which of the following is not the certificate save file format supported by the
USG6000 series?
A. PKCS#12
B. DER
C. PEM
D. PKCS#
Correct Answer: D
Section: (none)
Explanation
QUESTION 210
Which of the following attacks is not a special packet attack?
A. ICMP redirect packet attack
B. ICMP unreachable packet attack
C. IP address scanning attack
D. Large ICMP packet attack
Correct Answer: C
Section: (none)
Explanation
QUESTION 211
Security technologies have different approaches at different levels and areas of
technology. Which of the following devices can be used for network layer
security? (multiple choice)
A. Vulnerability scanning device
B. Firewall
C. Anti-DDoS equipment
D. IPS/IDS equipment
Page 60
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 212
Which of the following is used to encrypt digital fingerprints in digital signature
technology?
A. sender public key
B. sender private key
Correct Answer: B
Section: (none)
Explanation
QUESTION 213
The reason that OSPF is more commonly used than RIP is that OSPF has device
authentication and is more secure.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 214
Intrusion detection covers both authorized and unauthorized intrusions. Which of the
following actions is not part of the intrusion detection?
A. posing as another user
B. Administrator deletes the configuration by mistake
C. Planting worm Trojans
D. Disclosure of data information
Correct Answer: B
Section: (none)
Explanation
QUESTION 215
Which of the following is incorrect for the description of ARP spoofing attacks?
A. The ARP implementation mechanism only considers normal business interactions
and does not verify any abnormal business interactions or malicious behaviors.
B. ARP spoofing attacks can only be implemented through ARP replies and cannot be
implemented through ARP requests.
Page 61
C. When a host sends a normal ARP request, the attacker will respond preemptively,
causing the host to establish an incorrect IP and MAC mapping relationship.
D. ARP static binding is a solution to ARP spoofing attacks. It is mainly applied to
scenarios where the network size is not large.
Correct Answer: B
Section: (none)
Explanation
QUESTION 216
Which of the following mechanisms is used to implement MAC flooding
attacks? (multiple choice)
A. MAC learning mechanism of the switch
B. Switch forwarding mechanism
C. ARP learning mechanism
D. Limit on the number of MAC entries
Section: (none)
Explanation
QUESTION 217
After the firewall uses the hrp standby config enable command to enable the alternate
device configuration function, all the information that can be backed up can be
Configured directly on the standby device, and the configuration on the standby
device can be synchronized to the primary device.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 218
In practical applications, asymmetric encryption is mainly used to encrypt user data.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 219
When an enterprise establishes its own information system, it checks each operation
according to the internationally established authoritative standards and can detect its
own information.
Is the system safe?
Page 62
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 220
Which of the following is the port number used for L2TP packets?
A. 17
B. 500
C. 1701
D. 4500
Correct Answer: C
Section: (none)
Explanation
QUESTION 221
Which of the following does not include the steps in the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire survey
D. Data analysis
Correct Answer: D
Section: (none)
Explanation
QUESTION 222
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 223
Which of the following is true about firewall security policies?
A. By default, an IPSec policy can control unicast packets and broadcast packets.
B. By default, the security policy can control multicast.
C. By default, the security policy controls only unicast packets.
Page 63
D. By default, an IPSec policy can control unicast packets, broadcast packets, and
multicast packets.
Correct Answer: C
Section: (none)
Explanation
QUESTION 224
Which of the following information is encrypted during the use of digital
envelopes? (multiple choice)
A. Symmetric key
B. User data
Correct Answer: AB
Section: (none)
Explanation
QUESTION 225
Which of the following is an action to be taken during the eradication phase of the
cybersecurity emergency response?
(multiple choice)
A. Find sick Trojans, illegal authorization, system vulnerabilities, and timely
processing
B. Revise the security policy based on the security incident that occurred, enable
security auditing
C. Block the behavior of the attack, reduce the scope of influence
D. Confirm the damage caused by security incidents and report security incidents
Correct Answer: AB
Section: (none)
Explanation
QUESTION 226
Which of the following attacks can DHCP Snooping prevent? (multiple choice)
A. DHCP Server counterfeiter attack
B. Intermediaries and IP/MAC spoofing attacks
C. IP spoofing attack
D. Counterfeit DHCP lease renewal packet attack using option82 field
Section: (none)
Explanation
Page 64
QUESTION 227
Which of the following options are part of the Huawei SDSec solution? (multiple
choice)
A. CIS
B. Fierhunter
C. Router
D. AntiDDoS
Correct Answer: BCD
Section: (none)
Explanation
QUESTION 228
A company employee account authority expires, but you can still use the account to
access the company server. What are the security risks of the above
scenarios? (multiple choice)
A. Managing security risks
B. Access to security risks
C. System security risks
D. Physical security risks
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 229
Which of the following is the default backup method for hot standby?
A. Automatic backup
B. Manual batch backup
C. Session fast backup
D. Configuration of the active and standby FWs after the device is restarted
Correct Answer: A
Section: (none)
Explanation
QUESTION 230
The network administrator can collect data to be analyzed on the network device by
means of packet capture, port mirroring, or log.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 65
QUESTION 231
The world’s first worm, the Morris worm, made people realize that as people’s
reliance on computers grows,
The possibility of attack on the computer network is also increasing, and it is
necessary to establish a sound emergency response system.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 232
Which of the following are the necessary configurations for IPSec VPN? (multiple
choice)
A. Configure IKE neighbors
B. Configure IKE SA related parameters
C. Configuring IPSec SA related parameters
D. Configure the stream of interest
Section: (none)
Explanation
QUESTION 233
Which of the following categories are included in Huawei firewall user
management? (multiple choice)
A. Internet user management
B. Access user management
C. Administrator User Management
D. Device User Management
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 234
In order to obtain evidence of crime, it is necessary to master the technology of
intrusion tracking. Which of the following options is correct for the description of
tracking technology? (multiple choice)
A. Packet Recording Technology marks packets on each router that has been spoken
by inserting trace data into the tracked IP packets.
B. Link detection technology determines the source of the attack by testing the
network connection between the routers.
C. Packet tagging technology extracts information from attack sources by recording
packets on the router and then using data mining techniques
D. The shallow mail behavior analysis can implement the letter of sending IP address,
sending time, sending frequency, number of recipients, shallow email header, etc.
Analysis of interest
Page 66
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 235
When the user uses the session authentication mode to trigger the built-in Portal
authentication of the firewall, the user does not actively perform identity
authentication and advanced service access.
Device push "redirect" to the authentication page
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 236
Which of the following is wrong for the description of the intrusion detection system?
A. The intrusion detection system can dynamically collect a large amount of key
information and materials through the network and computer, and can analyze and
judge the entire system environment in time.
Current state
B. The intrusion detection system can perform blocking operation if it finds that there
is a violation of the security policy or the system has traces of being attacked.
C. Intrusion detection system includes all hardware and software systems for intrusion
detection
D. The flooding detection system can be linked with the firewall and the switch to
become a powerful “helper” of the firewall, which is better and more precise to
control the flow between domains.
Volume access
Correct Answer: C
Section: (none)
Explanation
QUESTION 237
Which of the following options are in the encapsulation mode supported by IPSec
VPN? (multiple choice)
A. AH mode
B. Tunnel mode
C. Transmission mode
D. ESP mode
Correct Answer: BC
Section: (none)
Explanation
QUESTION 238
The tunnel address of the two ends of the GRE tunnel can be configured as the
address of different network segments.
Page 67
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 239
Regarding the description of the packet during the iptables transfer process, which of
the following options is wrong?
A. When a packet enters the network card, it first matches the PREROUTING chain.
B. If the destination address of the packet is local, the packet will be sent to the
INPUT chain.
C. If the destination address of the packet is not local, the system sends the packet to
the OUTPUT chain.
D. If the destination address of the packet is not local, the system sends the packet to
the FORWARD chain.
Correct Answer: C
Section: (none)
Explanation
QUESTION 240
Which of the following is wrong about the description of the operating system?
A. The operating system is the interface between the user and the computer
B. The operating system is responsible for managing the execution of all hardware
resources and control software of the computer system.
C. The interface between the operating system and the user is a graphical interface.
D. The operating system itself is also software
Correct Answer: C
Section: (none)
Explanation
QUESTION 241
Which of the following does not belong to the conditions required for firewall hot
standby?
A. The firewall hardware model is consistent
B. The firewall software version is consistent
C. The interface type and number used are the same.
D. The firewall interface has the same IP address.
Correct Answer: D
Section: (none)
Explanation
QUESTION 242
Which of the following options are correct regarding the NAT policy processing
flow?
(multiple choice)
Page 68
A. Server-map is processed after status detection
B. Source NAT policy query is processed after the session is created
C. The source NAT policy is processed after the security policy is matched.
D. Server-map is processed before the security policy matches
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 243
Which of the following options are required for a firewall hot standby scenario?
(multiple choice)
A. hrp enable
B. hrp mirror session enable
C. hrp interface interface-type interface-number
D. hrp preempt [delay interval]
Correct Answer: AC
Section: (none)
Explanation
QUESTION 244
Manual auditing is a supplement to tool evaluation. It does not require any software to
be installed on the target system being evaluated.
There is no impact on the operation and status. Which of the following options does
not include manual auditing?
A. Manual detection of the host operating system
B. Manual inspection of the database
C. Manual inspection of network equipment
D. Manual inspection of the administrator's operation of the equipment process
Correct Answer: D
Section: (none)
Explanation
QUESTION 245
Which of the following are the default security zones of Huawei firewall? (multiple
choice)
A. Zone area
B. Trust area
C. Untrust area
D. Security area
Correct Answer: BC
Section: (none)
Page 69
Explanation
QUESTION 246
Which level is the corresponding warning for major network security incidents that
occur?
A. Red warning
B. Orange warning
C. Yellow warning
D. Blue warning
Correct Answer: B
Section: (none)
Explanation
QUESTION 247
Which of the following descriptions is wrong about the source of electronic evidence?
A. Fax data, mobile phone recording is an electronic evidence related to
communication technology.
B. Movies and TV shows belong to electronic evidence related to network technology.
C. Database operation records, operating system logs are computer-related electronic
evidence •
D. Operating system, e-mail, chat records can be used as a source of electronic
evidence
Correct Answer: B
Section: (none)
Explanation
QUESTION 248
Which of the following statements is correct about the ordering of the call setup
process for L2TP corridors?
1. Establish an L2TP tunnel
2. Establish a PPP connection
3. LNS authenticates users
4. Users access intranet resources
5. Establish an L2TP session
A. 1->2->3->5->4
B. 1->5->3->2->4
C. 2->1->5->3->4
D. 2->3->1->5->4
Correct Answer: B
Section: (none)
Explanation
Page 70
QUESTION 249
The protocol field in the IP packet header identifies the protocol used by the upper
layer. Which of the following field values indicates that the upper layer protocol is
UDP protocol?
A. 6
B. 17
C. 11
D. 18
Correct Answer: B
Section: (none)
Explanation
QUESTION 250
According to the management specifications, the network security system and
equipment are regularly checked, the patches are upgraded, and the network security
emergency response drill is organized.
Which of the following aspects of the MPDRR network security model?
A. Protection link
B. Testing
C. Response link
D. Management
Correct Answer: BC
Section: (none)
Explanation
QUESTION 251
Information security level protection is the basic system of national information
security work
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 252
Which of the following is not the identity of the IPSec SA?
A. SPI
B. Destination address
C. Source address
D. Security protocol
Correct Answer: C
Section: (none)
Explanation
Page 71
QUESTION 253
What is the correct difference between the following pre-accident prevention
strategies and post-accident recovery strategies? (multiple choice)
A. The prevention strategy focuses on minimizing the likelihood of an accident before
the story occurs. The recovery strategy focuses on minimizing the risk of the company
after the accident
Impact and loss
B. The role of pre-disaster prevention strategies does not include minimizing
economic, reputational, and other losses caused by accidents.
C. Recovery strategy is used to improve business high availability
D. Recovery strategy is part of the business continuity plan
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 254
Which of the following operations are required during the administrator upgrade of
the USG firewall software version? (multiple choice)
A. Upload the firewall version software
B. Restart the device
C. Device factory reset
D. Specify the next time you start loading the software version.
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 255
If the company structure has undergone a practical change, it is necessary to retest
whether the business continuity plan is feasible.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 256
HTTP packets are carried by UDP, and HTTPS is based on TCP three-way
handshake. Therefore, HTTPS is safer and more recommended.
Use HTTPS.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
Page 72
QUESTION 257
The single-point login function of the online user allows the user to directly
authenticate to the AD server. The device does not interfere with the user
authentication process. The AD monitoring service needs
Deployed on the USG to monitor the authentication information of the AD server.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 258
UDP port scanning means that an attacker sends a zero-byte UDP packet to a specific
port of the target host. If the port is open,
An ICMP port reachable data message will be returned.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 259
Regarding the business continuity plan, is the following statement correct? (multiple
choice)
A. Business continuity plan does not require high-level participation of the company
in determining the project scope phase
B. BCP needs flexibility because it cannot predict all possible accidents
C. Business continuity plan does not require senior company involvement before
formal documentation is formed
D. Not all security incidents must be reported to company executives
Correct Answer: BD
Section: (none)
Explanation
QUESTION 260
When the USG series firewall hard disk is in place, which of the following logs can be
viewed? (multiple choice)
A. Operation log
B. Business log
C. Alarm information
D. Threat log
Section: (none)
Page 73
Explanation
QUESTION 261
Social engineering is a psychological trap through psychological weakness, instinctive
reaction, curiosity, trust, greed, etc.
Hazard means such as deception, injury, etc.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 262
Apply for emergency response special funds, procurement emergency response
software and hardware equipment is in the stage of the network full emergency
response in the work content?
A. Preparation stage
B. Inhibition phase
C. Response phase
D. Recovery phase
Correct Answer: A
Section: (none)
Explanation
QUESTION 263
Device destruction attacks are generally not easy to cause information leakage, but
usually cause network communication services to be interrupted.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 264
Which of the following is incorrect about the description of Internet users and VPN
access user authentication?
A. Internet users and VPN access users share data, and the user's attribute check (user
status, account expiration time, etc.) is also the same.
VPN access takes effect
B. The local authentication or server authentication process is basically the same for
both users. The authentication is performed on the user through the authentication
domain.
Same as
C. After the VPN user accesses the network, it can access the network resources of the
enterprise headquarters. The firewall can control the accessible network resources
based on the user name.
D. After the VPN access user passes the authentication, it will be online on the user's
online list.
Page 74
Correct Answer: D
Section: (none)
Explanation
QUESTION 265
Which of the following descriptions about the patch is wrong?
A. Patch is a small program created by the original author of the software for the
discovered vulnerability.
B. No patching does not affect the operation of the system, so it is irrelevant whether
to patch or not.
C. Patches are generally updated.
D. Computer users should download and install the latest patches in time to protect
their systems.
Correct Answer: B
Section: (none)
Explanation
QUESTION 266
Which of the following is incorrect about the description of the Intrusion Prevention
System (IPS)?
A. IDS devices need to be linked to the firewall to block the intrusion.
B. IPS devices cannot be bypassed in the network.
C. IPS devices can be cascaded at the network boundary and deployed online
D. IPS devices can be blocked in real time once they detect intrusion
Correct Answer: B
Section: (none)
Explanation
QUESTION 267
Guan Zi Huawei's router and text changer, which of the following statements are
A. The router can implement some security functions, and some routers can
implement more security functions by adding security boards.
B. The main function of the router is to forward data. When the enterprise has security
requirements, sometimes the firewall may be a more suitable choice.
C. The switch has some security functions, and some switches can implement more
security functions by adding security boards.
D. The switch does not have security features
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 268
Which of the following options does not belong to the log type of the Windows
operating system?
A. Business log
B. Application log
C. Security log
Page 75
D. System log
Correct Answer: A
Section: (none)
Explanation
QUESTION 269
After the network intrusion event occurs, the intrusion identity, the attack source and
other information are acquired according to the plan, and the intrusion behavior is
blocked.
Which parts of the PDRR network security model are involved? (multiple choice)
A. Protection link
B. Testing
C. Response link
D. Recovery link
Correct Answer: BC
Section: (none)
Explanation
QUESTION 270
Which of the following is wrong about the scanning of vulnerabilities?
A. The vulnerability was discovered beforehand and discovered afterwards.
B. Vulnerabilities are generally repairable
C. Vulnerabilities are security risks that can expose computers to hackers
D. Vulnerabilities can be avoided
Correct Answer: D
Section: (none)
Explanation
QUESTION 271
When configuring single sign-on for users, the receiving PC message mode is
adopted. The authentication process has the following steps:
1 The visitor PC executes the login script and sends the user login information to the
AD monitor.
2 The firewall extracts the correspondence between the user and the IP from the login
information and adds it to the online user table.
3 AD monitor connects to the AD server to query the login user information, and
forwards the queried user information to the firewall.
4 The visitor logs in to the AD domain. The AD server returns the login success
message to the user and sends the login script.
Which of the following is sorted correctly?
A. 1-2-3-4
B. 4-1-3-2
C. 3-2-1-4
D. 1-4-3-2
Correct Answer: B
Section: (none)
Page 76
Explanation
QUESTION 272
The administrator wants to create a web configuration administrator, the device web
access port number 20000, and the administrator is the administrator level, which of
the following commands
Is it correct?
A.
B.
C.
D.
Page 77
Correct Answer: A
Section: (none)
Explanation
QUESTION 273
Which of the following options are correct regarding the actions of the security policy
and the description of the security profile? (multiple choice)
A. It is forbidden that if the action of the security policy is “prohibited”, the device
will discard this traffic and will not perform content security check later.
B. The security profile can be applied without being applied to the security policy
allowed by the action.
C. The security profile must be applied to the security policy that is allowed to take
effect.
D. If the security policy action is "Allow", the traffic will not match the security
profile.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 274
Which of the following are the same features of Windows and LINUX
systems? (multiple choice)
A. Support multitasking
B. Support graphical interface operations
C. Open source system
D. Support multiple terminal platforms
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 275
In the following configuration process, the device generates a Server-map entry in the
following cases? (multiple choice)
A. Automatically generate server-map entries when configuring source NAT.
B. After the NAT server is configured successfully, the device automatically
generates a server map entry.
C. A server-map entry is generated when easy-ip is configured.
D. After configuring NAT No-PAT, the device will create a server-map table for the
configured multi-channel protocol data stream.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 276
NAT technology can securely transfer data by encrypting data.
Page 78
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 277
Which of the following is the correct order for event response management?
1 detection
2 report
3 relief
4 summarizing experience
5 repair
6 recovery
7 response
A. 1-3-2-7-5-6-4
B. 1-3-2-7-6-5-4
C. 1-2-3-7-6-5-4
D. 1-7-3-2-6-5-4
Correct Answer: D
Section: (none)
Explanation
QUESTION 278
Regarding the L2TP VPN statement, which of the following is wrong?
A. Applicable to business employees dialing access to the intranet
B. Will not encrypt the data
C. Can be used in conjunction with IPsec VPN
D. Belongs to Layer 3 VPN technology
Correct Answer: D
Section: (none)
Explanation
QUESTION 279
Encryption technology can transform readable information into unreadable
information in a certain way.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
Page 79
QUESTION 280
ASPF (Application Specific Packet Filter) is an application layer based packet
filtering technology and passes the server-map table.
A special security mechanism has been implemented. Which of the following
statements about the ASPF and server-map tables is correct? (multiple choice)
A. ASPF monitors messages during communication
B. ASPF can dynamically create a server-map
C. ASPF dynamically allows multi-channel protocol data to pass through the server-
map table.
D. The quintuple server-map entry implements a similar function to the session table.
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 281
Antivirus software and host firewall have the same effect.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 282
The process of electronic forensics includes: protecting the site, obtaining evidence,
preserving evidence, identifying evidence, analyzing evidence, tracking and
presenting evidence.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 283
Page 80
Execute the command on the firewall and display the above information. Which of the
following descriptions is correct? (multiple choice)
A. The status of this firewall VGMP group is Active.
B. The virtual IP address of the G1/0/1 interface is 202.38.10.2.
C. The priority of the VRRP backup group with the VRID of the firewall is 100.
D. Will not switch when the primary device USG_A fails
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 284
In the USG series firewall system view, the device configuration will be restored to
the default configuration after the reset saved-configuration command is executed.
No action is required to take effect.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 285
Which of the following is the difference between Network Address Port Translation
(NAPT) and Switched Network Address Only (No-PAT)?
A. After No-PAT conversion, for external network users, all messages are from the
same IP address.
B. No-PAT only supports protocol port conversion of the transport layer
C. NAPT only supports protocol address translation at the network layer.
D. No-PAT supports protocol address translation at the network layer
Correct Answer: D
Section: (none)
Explanation
QUESTION 286
Which of the following options are correct for the description of a buffer overflow
attack?
Page 81
(multiple choice)
A. Buffer overflow attack exploits the software system's flaws in memory operations,
running attack code with high operational privileges
B. Buffer overflow attacks are not related to operating system vulnerabilities and
architectures
C. Buffer overflow attacks are one of the common methods of attacking software
systems.
D. Buffer overflow attack is an application layer attack behavior
Correct Answer: ACD
Section: (none)
Explanation
QUESTION 287
Which of the following is not the scope of business of the National Internet
Emergency Center?
A. Emergency handling of security incidents
B. Early warning notification of security incidents
C. Providing security evaluation services for government departments, enterprises and
institutions
D. Cooperate with other agencies to provide training services
Correct Answer: D
Section: (none)
Explanation
QUESTION 288
The host firewall is mainly used to protect the host from attacks and intrusions from
the network.
A. Yes
B. Wrong
Correct Answer: A
Section: (none)
Explanation
QUESTION 289
Which of the following options are international organizations related to information
security standardization? (multiple choice)
A. International Organization for Standardization (ISO) International Organization for
Standardization
B. International Electrotechnical Commission (IEC) International Electrotechnical
Commission
C. International Telecommunication Union (ITU) International Telecommunication
Union
D. Wi-Fi Alliance Wi-Fi Alliance
Correct Answer: ABC
Section: (none)
Explanation
Page 82
QUESTION 290
In order to obtain evidence of crime, it is necessary to master the technology of
intrusion tracking. Which of the following options is correct for the description of
tracking technology? (multiple choice)
A. Packet recording technology by inserting trace data into the tracked IP packets on
each router that passes through
Tag packet
B. Link test technology determines the source of the attack by testing the network link
between the routers
C. Packet tagging technology extracts information from attack sources by recording
packets on the router and then using data mining techniques
D. Shallow mail behavior analysis can achieve the sending IP address, sending time,
sending frequency, number of recipients, shallow email header
Analysis of information.
Correct Answer: ABD
Section: (none)
Explanation
QUESTION 291
Digital signature technology obtains a digital signature by encrypting which of the
following data?
A. User data
B. Receiver public key
C. sender public key
D. Digital fingerprint
Correct Answer: D
Section: (none)
Explanation
QUESTION 292
On the USG series firewalls, the default security policy does not support modification.
A. Yes
B. Wrong
Correct Answer: B
Section: (none)
Explanation
QUESTION 293
In the classification of information security level protection systems, which of the
following levels define the social order and if the information system is destroyed
Damage caused by public interest? (multiple choice)
A. First level
User protection level
B. Second level
System audit protection level
C. Third level
Security mark protection
D. Fourth level
Structured protection
Page 83
Section: (none)
Explanation
QUESTION 294
Which of the following is the analysis layer device in the Huawei SDSec solution?
A. CIS
B. Agile Controller
C. switch
D. Firehunter
Correct Answer: D
Section: (none)
Explanation
QUESTION 295
Which of the following options are correct regarding the control actions permit and
deny for firewall interzone forwarding security policies? (multiple choice)
A. The action of the firewall default security policy is deny
B. Packets are matched immediately after the deny action is removed from the
interzone security policy. The other interzone security policies will not be executed.
C. Even if the packet matches the permit action of the security policy, it will not
necessarily be forwarded by the firewall.
D. Whether the message matches the permit action of the security policy or the deny
action, it will go to the UTM module for processing.
Correct Answer: ABC
Section: (none)
Explanation
QUESTION 296
Which of the following is not included in the Corporate Impact Analysis (BIA)?
A. Business priority
B. Accident handling priority
C. Impact assessment
D. Risk identification
Correct Answer: C
Section: (none)
Explanation
QUESTION 297
Page 84
Which of the following is the main application scenario of tunnel mode when IPSec
VPN is deployed?
A. Between the host and the host
B. Between the host and the security gateway
C. Between security gateways
D. Between the host and the server
Correct Answer: C
Section: (none)
Explanation
QUESTION 298
The Huawei Redundancy Protocol (HRP) is used to synchronize the critical
configuration and connection status of the firewall to the standby firewall.
Which of the following options is not part of the synchronization?
A. Security policy
B. NAT strategy
C. Blacklist
D. IPS signature set
Correct Answer: D
Section: (none)
Explanation
QUESTION 299
Regarding the business continuity plan, is the following statement correct? (multiple
choice)
A. Business continuity plan does not require high-level participation of the company
in determining the project scope phase
B. It is thought that all accidents that may be suffered cannot be predicted, so BCP
needs flexibility.
C. Business continuity plan does not require senior company involvement before
formal documentation is formed
D. Not all security incidents must be reported to company executives
Correct Answer:
Section: (none)
Explanation

Security English

Uploaded by

Copyright:

Available Formats

Security English

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Security English

Uploaded by

Copyright:

Available Formats

鸿鹄论坛 -HCNA-Security ( H12-711 ) test bank V3.

You might also like