New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Huawei > HCIP-Security > H12-722_V3.0

H12-722_V3.0 HCIP-Security-CSSN V3.0 Question and Answers

Question # 4

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

A.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

B.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

C.

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

D.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Full Access
Question # 5

If the regular expression is "abc. de", which of the following will not match the regular expression?

A.

abcde

B.

abcdde

C.

abclde

D.

abc+de

Full Access
Question # 6

Which of the following options does not belong to the security risk of the application layer of the TCP/IP protocol stack?

A.

Virus

B.

Buffer overflow ρ

C.

System vulnerabilities

D.

Port scan

Full Access
Question # 7

For full encryption registered mobile storage devices must be formatted to normal use in not installed NAC client terminal host.

A.

TRUE

B.

FALSE

Full Access
Question # 8

The core technology of content security lies in anomaly detection, and the concept of defense lies in continuous monitoring and analysis.

A.

True

B.

False

Full Access
Question # 9

Among the following options, which attack is a malformed packet attack based on the TCR protocol?

A.

Teardrop attack

B.

Ping of Death attack

C.

IP Spoofng attack

D.

Land attack

Full Access
Question # 10

The following is a hardware SACG increase firewall configuration, which statement below is true?

A.

Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

B.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.

C.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.

D.

Main IP is the Policy Center reaches the next-hop firewall device interface address

Full Access
Question # 11

Which patches does Policy Center support to management?(Choose 3 answers)

A.

Microsoft Windows operating system patches

B.

Microsoft SQL Windows database patch

C.

Microsoft Internet Explorer patches

D.

android system patches

Full Access
Question # 12

When using the misuse check technology, if the normal user behavior is successfully matched with the intrusion feature knowledge base, it will be falsely reported.

A.

True

B.

False

Full Access
Question # 13

The network-based intrusion detection system is mainly used to monitor the information of the critical path of the network in real time, listen to all packets on the network, collect data, and divide

Analyze the suspicious object, which of the following options are its main features? (multiple choices)

A.

Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so

Not vulnerable to attack.

B.

The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes

C.

Need a lot of monitors.

D.

It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.

Full Access
Question # 14

Which of the following behaviors is a false positive of the intrusion detection system?

A.

Unable to detect new types of worms

B.

The process of trying to log in to the system is recorded

C.

Use Ping to perform network detection and be alerted as an attack

D.

Web-based attacks are not detected by the system

Full Access
Question # 15

Which of the following elements does PDCA include? (Choose 3 answers)

A.

Plan

B.

Implementation

C.

termination

D.

Monitoring

Full Access
Question # 16

Which of the following options is not a defense against HTTP Flood attacks?

A.

HTTP Flood source authentication

B.

HTTP source statistics

C.

URI source fingerprint learning function

D.

Baseline learning

Full Access
Question # 17

In order to protect the security of data transmission, more and more websites or companies choose to use SSL to encrypt transmissions in the stream. About using Huawei NIP6000

The product performs threat detection on (SSL stream boy, which of the following statements is correct?

A.

NIP0OO does not support SSL Threat Detection.

B.

The traffic after threat detection is sent directly to the server without encryption

C.

NIP can directly crack and detect SSL encryption.

D.

After the process of "decryption", "threat detection", and "encryption"

Full Access
Question # 18

After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

A.

Only packets in one direction pass through the firewall

B.

The same message passes through the firewall multiple times

C.

IPS underreporting

D.

Excessive traffic causes the Bypass function to be enabled

Full Access
Question # 19

Which of the following options is wrong for the description of the cleaning center?

A.

The cleaning center completes the functions of drainage, cleaning, and re-injection of the flow after cleaning in the abnormal flow.

B.

There are two types of drainage methods: static drainage and dynamic drainage.

C.

Re-injection methods include: policy route re-injection, static route re-injection, VVPN back-injection and layer 2 same.

D.

The cleaning equipment supports rich and flexible attack prevention technologies, but it is ineffective against cc attacks and ICMP Flood attacks.

Full Access
Question # 20

IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.

Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

A.

IPS is an intrusion detection system that can block real-time intrusions when found

B.

IPS unifies IDS and firewall

C.

IPS must use bypass deployment in the network

D.

Common IPS deployment modes are in-line deployment,

Full Access
Question # 21

Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices

A.

Enhanced mode refers to the authentication method using verification code.

B.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

C.

The enhanced mode is superior to the basic mode in terms of user experience.

D.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Full Access
Question # 22

With regard to APT attacks, the attacker often lurks for a long time and launches a formal attack on the enterprise at the key point of the incident.

Generally, APT attacks can be summarized into four stages:

1. Collecting Information & Intrusion

2. Long-term lurking & mining

3. Data breach

4. Remote control and penetration

Regarding the order of these four stages, which of the following options is correct?

A.

2-3-4-1

B.

1-2-4-3

C.

1-4-2-3

D.

2-1-4-3

Full Access
Question # 23

The following figure shows the configuration of the URL filtering configuration file. Regarding the configuration, which of the following statements is correct?

A.

The firewall will first check the blacklist entries and then the whitelist entries.

B.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

C.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

D.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

Full Access
Question # 24

Which of the following descriptions about the black and white lists in spam filtering is wrong? c

A.

Set local blacklist and whitelist: Both blacklist and whitelist can be configured at the same time, or only one of them can be configured.

B.

In the "Whitelist" text box, enter the P address and mask of the SMTP Server to be added to the whitelist. You can enter multiple IP addresses, one IP address

Address one line. v

C.

Enter the IP address and mask of the SMITP Server to be added to the blacklist in the "Blacklist" text box, you can enter multiple IP addresses, one IP

Address one line.

D.

The priority of the blacklist is higher than that of the whitelist.

Full Access
Question # 25

Huawei NIP6000 products have zero-setting network parameters and plug-and-play functions, because the interfaces and interface pairs only work on layer 2 without

Set the IP address.

A True

B. False

Full Access
Question # 26

Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?

1. The Netflow analysis device samples the current network flow;

2. Send a drainage command to the cleaning center;

3. Discover the DDoS attack stream;

4.Netior: analysis equipment sends alarms to ATIC management center

5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;

6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage

7. The cleaning log is sent to the management center to generate a report;

8. The cleaned traffic is sent to the original destination server.

A.

1-3-4-2-5-6-7-8

B.

1-3-2-4-6-5-7-8

C.

1-3-4-2-6-5-8-7

D.

1-3-24-6-5-8-7

Full Access
Question # 27

Regarding worms and viruses, which of the following statements is correct?

A.

Worms exist in a parasitic way

155955cc-666171a2-20fac832-0c042c0413

B.

Viruses mainly rely on system vulnerabilities to spread

C.

The target of the worm infection is other computer systems on the network.

D.

The virus exists independently in the computer system.

Full Access
Question # 28

Which of the following descriptions about viruses and Trojans are correct? (multiple choices)

A.

Viruses are triggered by computer users

B.

Viruses can replicate themselves

C.

Trojan horses are triggered by computer users

D.

Trojans can replicate themselves

Full Access
Question # 29

Which of the following options is not a special message attack?

A.

ICMP redirect message attack) 0l

B.

Oversized ICMP packet attack

C.

Tracert packet attack

D.

IP fragment message item

Full Access