H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Question and Answers

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Hacking

Weak personal safety awareness

Open company confidential files

Failure to update the virus database in time

Mail with source address 10.17.1.0/24 will be blocked

Mail with source address 10.18.1.0/24 will be blocked

Mail with source address 10.17.1.0/24 will be released

Mail with source address 10.18.1.0/24 will be released

(1)(2)(3)(4)(5)

155955cc-666171a2-20fac832-0c042c049

(1)(4)(2)(3)(5)

(1)(2)(4)(3)(5)

(1)(3)(2)(4)(5)

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

The black and white list is matched by extracting the destination IP address of the SMTP connection

The black and white list is matched by the sender's dns suffix

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

True

False

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

DF bit is 0, and Fragment Offset + Length> 65535.

The DF bit is 1, and Fragment Ofset + Length <65535.

Web security protection

Global environment awareness

Sandbox and big data analysis

Intrusion prevention

example

www. abc. example. com

www.abc. example

example. com

Local reputation MD5 cache only has static cache, which needs to be updated regularly

File reputation database can only be upgraded by manual upgrade

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

File reputation database update and upgrade can only be achieved through linkage with sandbox

True

False

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

③②⑦⑥④⑤①

③②④⑤⑦⑥①

③②④⑥⑤⑦①

155955cc-666171a2-20fac832-0c042c0428

⑧②⑤⑦④⑥①

Keywords are the content that the device needs to recognize during content filtering.

Keywords include predefined keywords and custom keywords.

The minimum length of the keyword that the text can match is 2 bytes. ,

Custom keywords can only be defined in text mode.

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

Virus

Worms

Spam

DoS

③④

①③④

⑤⑥

â‘¡â‘£

Only packets in one direction pass through the firewall

The same message passes through the firewall multiple times

IPS underreporting

Excessive traffic causes the Bypass function to be enabled

Fraggle and Smurt

Land and Smurf

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

Teardrop and Land35

Not self-replicating but parasitic

Trojans self-replicate and spread

Actively infectious

The ultimate intention is to steal information and implement remote monitoring