Black Friday Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Huawei H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Exam Practice Test

Page: 1 / 18
Total 177 questions

Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Question 1

Misuse detection is through the detection of similar intrusions in user behavior, or those that use system flaws to indirectly violate system security rules

To detect intrusions in the system. Which of the following is not a feature of misuse detection 2

Options:

A.

Easy to implement

B.

Accurate detection

C.

Effective detection of impersonation detection of legitimate users

D.

Easy to upgrade

Question 2

Regarding the description of file reputation technology in anti-virus engines, which of the following options is correct?

Options:

A.

Local reputation MD5 cache only has static cache, which needs to be updated regularly

B.

File reputation database can only be upgraded by manual upgrade

C.

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

D.

File reputation database update and upgrade can only be achieved through linkage with sandbox

Question 3

The process of a browser carrying a cookie to request resources from a server is shown in the following figure. Which of the following steps contains SessionID information in the message?

Question # 3

Options:

A.

③④

B.

①③④

C.

⑤⑥

D.

②④

Question 4

​​SQl injection attacks generally have the following steps:

①Elevate the right

②Get the data in the database

③Determine whether there are loopholes in the webpage

④ Determine the database type

For the ordering of these steps, which of the following options is correct?

Options:

A.

③④①②

B.

③④②①

C.

④①②③

D.

④②①③

Question 5

Which of the following statements about IPS is wrong?

Options:

A.

The priority of the coverage signature is higher than that of the signature in the signature set.

B.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

C.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

D.

The signature set can contain either predefined signatures or custom signatures. 832335

Question 6

Regarding the Anti-DDoS cloud cleaning solution; which of the following statements is wrong?

Options:

A.

Ordinary attacks will usually be cleaned locally first.

B.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

C.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

D.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

Question 7

The security management system is only optional, and anti-virus software or anti-hacking technology can be a good defense against network threats.

Options:

A.

True

B.

False

Question 8

In the deployment of Huawei NIP6000 products, only port mirroring can be used for streaming replication.

Options:

A.

True

B.

False

Question 9

The realization of content security filtering technology requires the support of the content security combination license.

Options:

A.

True

B.

False

Question 10

Use BGP protocol to achieve diversion, the configuration command is as follows

[sysname] route-policy 1 permit node 1

[sysname-route-policy] apply community no-advertise

[sysname-route-policy] quit

[sysname]bgp100

155955cc-666171a2-20fac832-0c042c04

29

[sysname-bgp] peer

[sysname-bgp] import-route unr

[sysname- bgpl ipv4-family unicast

[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export

[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community

[sysname-bgp-af-ipv4] quit

[sysname-bgp]quit

Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

Options:

A.

Use BGP to publish UNR routes to achieve dynamic diversion.

B.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

C.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

D.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

Question 11

Which of the following behaviors is a false positive of the intrusion detection system?

Options:

A.

Unable to detect new types of worms

B.

The process of trying to log in to the system is recorded

C.

Use Ping to perform network detection and be alerted as an attack

D.

Web-based attacks are not detected by the system

Question 12

Which of the following options does not belong to the basic DDoS attack prevention configuration process?

Options:

A.

The system starts traffic statistics.

B.

System related configuration application, fingerprint learning.

C.

The system starts attack prevention.

D.

The system performs preventive actions.

Question 13

Regarding HTTP behavior, which of the following statements is wrong?

Options:

A.

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

B.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

C.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

D.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Question 14

Due to differences in network environment and system security strategies, intrusion detection systems are also different in specific implementation. From the perspective of system composition, the main

Which four major components are included?

Options:

A.

Event extraction, intrusion analysis, reverse intrusion and remote management.

B.

Incident extraction, intrusion analysis, intrusion response and on-site management.

C.

Incident recording, intrusion analysis, intrusion response and remote management.

D.

Incident extraction, intrusion analysis, intrusion response and remote management.

Question 15

Which of the following is the correct configuration idea for the anti-virus strategy?

1. Load the feature library

2. Configure security policy and reference AV Profile

3. Apply and activate the license

4. Configure AV Profile

5. Submit

Options:

A.

3->1->4->2->5

B.

3->2->4->1->5

C.

3->2->1->4->5

D.

3->1->2->4->5

Question 16

For the description of URPF technology, which of the following options are correct? (multiple choice)

Options:

A.

The main function is to prevent network attacks based on source address spoofing.

B.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

C.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

D.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

Question 17

For the basic mode of HTTP Flood source authentication, which of the following options are correct? (multiple choice)

Options:

A.

The basic mode can effectively block the access from the Feng Explor client.

B.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

C.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

D.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

Question 18

Content filtering is a security mechanism for filtering the content of files or applications through Huawei USCG00 products. Focus on the flow through deep recognition

Contains content, the device can block or alert traffic containing specific keywords.

Options:

A.

True

B.

False

Question 19

Regarding the anti-spam local black and white list, which of the following statements is wrong?

Options:

A.

The black and white list is matched by extracting the destination IP address of the SMTP connection

B.

The black and white list is matched by the sender's dns suffix

C.

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

D.

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

Question 20

Which of the following options will not pose a security threat to the network?

Options:

A.

Hacking

B.

Weak personal safety awareness

C.

Open company confidential files

D.

Failure to update the virus database in time

Question 21

When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Options:

A.

Planting malware

B.

Vulnerability attack"

C.

We6 Application Click

D.

Brute force

Question 22

Which of the following technologies can achieve content security? (multiple choice)

Options:

A.

Web security protection

B.

Global environment awareness

C.

Sandbox and big data analysis

D.

Intrusion prevention

Question 23

The configuration command to enable the attack prevention function is as follows; n

[FW] anti-ddos syn-flood source-detect

[FW] anti-ddos udp-flood dynamic-fingerprint-learn

[FW] anti-ddos udp-frag-flood dynamic fingerprint-learn

[FW] anti-ddos http-flood defend alert-rate 2000

[Fwj anti-ddos htp-flood source-detect mode basic

Which of the following options is correct for the description of the attack prevention configuration? (multiple choice)

Options:

A.

The firewall has enabled the SYN Flood source detection and defense function

B.

The firewall uses the first packet drop to defend against UDP Flood attacks.

C.

HTTP Flood attack defense uses enhanced mode for defense

D.

The threshold for HTTP Flood defense activation is 2000.

Question 24

IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.

Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

Options:

A.

IPS is an intrusion detection system that can block real-time intrusions when found

B.

IPS unifies IDS and firewall

C.

IPS must use bypass deployment in the network

D.

Common IPS deployment modes are in-line deployment,

Question 25

USG6000V software logic architecture is divided into three planes: management plane, control plane and

Options:

A.

Configuration plane

B.

Business plane

C.

Log plane

D.

Data forwarding plane

Question 26

Which of the following descriptions are correct for proxy-based anti-virus gateways? (multiple choice)

Options:

A.

The detection rate is higher than the flow scanning method

B.

System overhead will be relatively small

C.

Cache all files through the gateway's own protocol stack

D.

More advanced operations such as decompression, shelling, etc. can be performed

Page: 1 / 18
Total 177 questions