H12-723_V3.0 HCIP-Security-CTSS V3.0 Question and Answers

A What is configured on the device is MAC Bypass authentication

B What is configured on the device is MAC Bypass authentication o

A On the device 2GE1/01 Can access PC Can also access dumb terminal equipment

B On the device GE1/0/1 Can access PC It can also access dumb terminal equipment. Upper

router

switch

Firewall

IPS

Deployment Management Center MC Time, support HA,Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

Portal The certification process is only used in Web Certification

Server for a terminal Portal Certification will only give one Portal Device sends authentication message

Switch received Portal Online message, will give Radius Server send Radius Certification request

Portal The authentication message will not carry the result of the security check

Configure RADIUS authentication and accountingon the RADIUS server.

Configure the Agile Controller-Campus for local data source authentication, receive the packets sent by the device, and perform authentication.

Configure RADIUS authentication and accounting on the device side. W"

ConfigureRADIUS authentication and authorization on the Agile Controller-Campus.

Provide unified and secure access to enterprise mobile applications on mobile terminals.

The tunnel is dedicated and cannot be penetrated by viruses.

Applications are quickly integrated and can be extended.

It can be quickly integrated and docked with the enterprise application cloud platform.

MAC Certification

Password authentication

Not certified:

SN Certification

True

False

The user domain is generally composed of various terminal users. The terminals in this area have the characteristics of large numbers, wide distribution, and strong mobility.

The business domain is a platform for the heavy load of business flows. According to the needs of the enterprise, security technology is used to logically divide the business to realize thesecurity of the network.

The network domain is the most concerned security protection area of various enterprises, and it carries the important and core information assets of the enterprise.

The service domain is the area that provides security services for the corporate intranet. This area is generally composed of systems that provide security services such as antivirus servers, patch management servers, and terminal security servers.

Deploy the main DB

Deployimage DBO

Deploy witness DB

Deploy MC and SM dual machine backup

192.168.1.0 definitely is Agile Controller-Campus Manager IP address

if 192.126.200.11 Is the server of the post-authentication domain, then IP Address is 192.18.0.1 If your terminal has not passed the authentication, it is possible to access the server.

192.168.100.1 definitely is Agile Controller-Campus Controller IP address.

Ifin 6 Within minutes of the conversation 192.168.0.19 154->/192.162.0.11: 15080 Not refreshed,IP Address is 192.168.0.119 If the device wants to IP Address is 192.168.200.11 For device communication, the session must be re-established.

Agile Controller-CampusThere is no corresponding user on.

switch AAA Configuration error.

The switch is not turned on Portal Function.

Portal The push page on the server is wrong.

AD account number

Mobile certificate account)

Anonymous account

Guest account

AE Server priority use)SC server.

Install AE When the server, you need to configure the main and standby SC Server IP address.

If the Lord SC After the server fails,AE The server will use the backup SC server.

host SC After the server is restored,AE Server will not switch back to master SC The server handles the business.

Announcements can be issued bythe security department

The terminal must have a proxy client installed to receive announcements.

If the system issues an announcement and the proxy client is not online, the announcement information will not be received after going online.

Announcements can be issued by account.

You can check whether there is a weak password.

You can check whether the account has joined a specific group.

It cannot be repaired automatically._

It is not possible to check whether the password length meets the requirements.

Brute force

Crowd attack

DoS Denial of service attack

Weak IV attack

Portal server IP

Portal page URL

shared-key

Portal Protocol version

True

False

True

False

After the configuration is complete, the switch will automatically release the data flow to access the security controller,No need for manual configuration by the administrator.

This configuration allows users to access network resources before authentication.

After the configuration is complete, the administrator still needs to manually configure the release network segment

Only after the authentication is passed, the terminal can access 10.1.31.78 Host.

True

False