H12-722_V3.0 HCIP-Security-CSSN V3.0 Question and Answers

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

abcde

abcdde

abclde

abc+de

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

TRUE

FALSE

True

False

Teardrop attack

Ping of Death attack

IP Spoofng attack

Land attack

Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.

Main IP is the Policy Center reaches the next-hop firewall device interface address

Microsoft Windows operating system patches

Microsoft SQL Windows database patch

Microsoft Internet Explorer patches

android system patches

True

False

Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so

Not vulnerable to attack.

The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes

Need a lot of monitors.

It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

Plan

Implementation

termination

Monitoring

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

NIP0OO does not support SSL Threat Detection.

The traffic after threat detection is sent directly to the server without encryption

NIP can directly crack and detect SSL encryption.

After the process of "decryption", "threat detection", and "encryption"

Only packets in one direction pass through the firewall

The same message passes through the firewall multiple times

IPS underreporting

Excessive traffic causes the Bypass function to be enabled

The cleaning center completes the functions of drainage, cleaning, and re-injection of the flow after cleaning in the abnormal flow.

There are two types of drainage methods: static drainage and dynamic drainage.

Re-injection methods include: policy route re-injection, static route re-injection, VVPN back-injection and layer 2 same.

The cleaning equipment supports rich and flexible attack prevention technologies, but it is ineffective against cc attacks and ICMP Flood attacks.

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

2-3-4-1

1-2-4-3

1-4-2-3

2-1-4-3

The firewall will first check the blacklist entries and then the whitelist entries.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

Set local blacklist and whitelist: Both blacklist and whitelist can be configured at the same time, or only one of them can be configured.

In the "Whitelist" text box, enter the P address and mask of the SMTP Server to be added to the whitelist. You can enter multiple IP addresses, one IP address

Address one line. v

Enter the IP address and mask of the SMITP Server to be added to the blacklist in the "Blacklist" text box, you can enter multiple IP addresses, one IP

Address one line.

The priority of the blacklist is higher than that of the whitelist.

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

Worms exist in a parasitic way

155955cc-666171a2-20fac832-0c042c0413

Viruses mainly rely on system vulnerabilities to spread

The target of the worm infection is other computer systems on the network.

The virus exists independently in the computer system.

Viruses are triggered by computer users

Viruses can replicate themselves

Trojan horses are triggered by computer users

Trojans can replicate themselves

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item