New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Huawei > HCIP-Security > H12-722

H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Question and Answers

Question # 4

Regarding HTTP behavior, which of the following statements is wrong?

A.

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

B.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

C.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

D.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Full Access
Question # 5

Which of the following options will not pose a security threat to the network?

A.

Hacking

B.

Weak personal safety awareness

C.

Open company confidential files

D.

Failure to update the virus database in time

Full Access
Question # 6

The results of the RBL black and white list query on the firewall are as follows:

Based on the above information only, which of the following statements is correct? (multiple choice)

A.

Mail with source address 10.17.1.0/24 will be blocked

B.

Mail with source address 10.18.1.0/24 will be blocked

C.

Mail with source address 10.17.1.0/24 will be released

D.

Mail with source address 10.18.1.0/24 will be released

Full Access
Question # 7

Regarding the sequence of file filtering technology processing flow, which of the following is correct?

(1) The security policy is applied as permit

(2) Protocol decoding

(3) File type recognition

(4) Application recognition

(5) File filtering

A.

(1)(2)(3)(4)(5)

155955cc-666171a2-20fac832-0c042c049

B.

(1)(4)(2)(3)(5)

C.

(1)(2)(4)(3)(5)

D.

(1)(3)(2)(4)(5)

Full Access
Question # 8

Regarding the Anti-DDoS cloud cleaning solution; which of the following statements is wrong?

A.

Ordinary attacks will usually be cleaned locally first.

B.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

C.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

D.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

Full Access
Question # 9

Regarding the anti-spam local black and white list, which of the following statements is wrong?

A.

The black and white list is matched by extracting the destination IP address of the SMTP connection

B.

The black and white list is matched by the sender's dns suffix

C.

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

D.

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

Full Access
Question # 10

Content filtering is a security mechanism for filtering the content of files or applications through Huawei USCG00 products. Focus on the flow through deep recognition

Contains content, the device can block or alert traffic containing specific keywords.

A.

True

B.

False

Full Access
Question # 11

The user needs of a university are as follows:

1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

3. At the same time, some pornographic websites in the student area are prohibited.

The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

155955cc-666171a2-20fac832-0c042c0415

A.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

B.

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

C.

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

D.

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

Full Access
Question # 12

The administrator has made the following configuration:

1. The signature set Protect_ all includes the signature ID3000, and the overall action of the signature set is to block.

2. The action of overwriting signature ID3000 is an alarm.

A.

The action of signing iD3000 is an alarm

B.

The action of signing ID3000 is to block

C.

Unable to determine the action of signature ID3000

D.

The signature set is not related to the coverage signature

Full Access
Question # 13

The following commands are configured on the Huawei firewall:

[USG] firewall defend ip-fragment enable

Which of the following situations will be recorded as an offensive behavior? (multiple choice)

A.

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

B.

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

C.

DF bit is 0, and Fragment Offset + Length> 65535.

D.

The DF bit is 1, and Fragment Ofset + Length <65535.

Full Access
Question # 14

Which of the following technologies can achieve content security? (multiple choice)

A.

Web security protection

B.

Global environment awareness

C.

Sandbox and big data analysis

D.

Intrusion prevention

Full Access
Question # 15

An enterprise administrator configures a Web reputation website in the form of a domain name, and configures the domain name as www. abc; example. com. .

Which of the following is the entry that the firewall will match when looking up the website URL?

A.

example

B.

www. abc. example. com

C.

www.abc. example

D.

example. com

Full Access
Question # 16

Regarding the description of file reputation technology in anti-virus engines, which of the following options is correct?

A.

Local reputation MD5 cache only has static cache, which needs to be updated regularly

B.

File reputation database can only be upgraded by manual upgrade

C.

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

D.

File reputation database update and upgrade can only be achieved through linkage with sandbox

Full Access
Question # 17

File filtering technology can filter files based on the application of the file, the file transfer direction, the file type and the file extension.

A.

True

B.

False

Full Access
Question # 18

Regarding the statement of the mail protocol, which of the following is correct? (multiple choice)

A.

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

B.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

C.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

D.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

Full Access
Question # 19

There are several steps in a stored XSS attack

â‘ The attacker hijacks the user session

â‘¡The attacker submits an issue containing known JavaScript

â‘¢User login

â‘£The user requests the attacker's question 5

⑤The server responds to the attacker’s JavaScript

â‘¥ The user's browser sends a session token to the attacker

⑦The attacker's JavaScript is executed in the user's browser

For the ordering of these steps, which of the following options is correct?

A.

③②⑦⑥④⑤①

B.

③②④⑤⑦⑥①

C.

③②④⑥⑤⑦①

155955cc-666171a2-20fac832-0c042c0428

D.

⑧②⑤⑦④⑥①

Full Access
Question # 20

Regarding the description of keywords, which of the following is correct? (multiple choice)

A.

Keywords are the content that the device needs to recognize during content filtering.

B.

Keywords include predefined keywords and custom keywords.

C.

The minimum length of the keyword that the text can match is 2 bytes. ,

D.

Custom keywords can only be defined in text mode.

Full Access
Question # 21

For the description of URPF technology, which of the following options are correct? (multiple choice)

A.

The main function is to prevent network attacks based on source address spoofing.

B.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

C.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

D.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

Full Access
Question # 22

Which of the following threats cannot be detected by IPS?

A.

Virus

B.

Worms

C.

Spam

D.

DoS

Full Access
Question # 23

The process of a browser carrying a cookie to request resources from a server is shown in the following figure. Which of the following steps contains SessionID information in the message?

A.

③④

B.

①③④

C.

⑤⑥

D.

â‘¡â‘£

Full Access
Question # 24

After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

A.

Only packets in one direction pass through the firewall

B.

The same message passes through the firewall multiple times

C.

IPS underreporting

D.

Excessive traffic causes the Bypass function to be enabled

Full Access
Question # 25

In the following options, which of the two attacks use similar attack methods, they will generate a large number of useless response packets, occupying network bandwidth,

Consume equipment resources?

A.

Fraggle and Smurt

B.

Land and Smurf

C.

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

D.

Teardrop and Land35

Full Access
Question # 26

Which of the following options is not a feature of Trojan horses?

A.

Not self-replicating but parasitic

B.

Trojans self-replicate and spread

C.

Actively infectious

D.

The ultimate intention is to steal information and implement remote monitoring

Full Access