Huawei HCNA HCIA security main exam for certification

Page 1

Huawei HCNA HCIA security main exam for certification. It covers all Levels in Huawei Exams. It comprises both questions and answers. Learn and share the knowledge out there with your family, colleagues, friends, and workmates.

Regarding the description of Windows log event types, which options are correct? (Multiple choices)
A. Warning events are events for the successful operation of an application, driver, or service.
B. Error events usually refer to loss of functionality and data. For example, if a service cannot be loaded as a
system boot, an error event is generated.
C. When disk space is low, it will be recorded as an “information event”
D. Failure audit event refers to a failed audit of a secure login attempt, such as a failure when the user view
accesses a network drive, and it is recorded as a failure
Audit events.
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:

 

QUESTION 2
Which of the following types of encryption technology can be classified? (Multiple choices)
A. Symmetric encryption
B. Symmetric encryption
C. Fingerprint encryption
D. Data encryption
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 3
Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple
choices)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC

Page 2

Exam A

QUESTION 1

Regarding the description of windows log event types, which options are correct? (Multiple choices)

1. Warning events are events for the successful operation of an application, driver, or service.
2. Error events usually refer to loss of functionality and data. For example, if a service cannot be loaded as a system boot, an error event is generated.
3. When disk space is low, it will be recorded as an “information event”
4. Failure audit event refers to a failed audit of a secure login attempt, such as a failure when the user view accesses a network drive, and it is recorded as a failure

Audit events.

Correct Answer: 2,3,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 2

Which of the following types of encryption technology can be classified? (Multiple choices)

1. Symmetric encryption
2. Symmetric encryption
3. Fingerprint encryption
4. Data encryption

Correct Answer: 1,2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 3

Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple choices)

1. Session table
2. ServerMap entry
3. Dynamic blacklist
4. Routing table

Correct Answer: 1,2,3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 4

Which of the following is a core part of the P2DR model?

1. Policy
2. Protection
3. Detection
4. Response

Page 3

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 5

Evidence identification needs to address the verification of the completeness of the evidence and determine whether it meets the applicable standards. Regarding the standards of evidence identification, which of the following descriptions is

correct?

1. Relevance criterion refers to the fact that if the evidence is able to have a substantial impact on the facts of the case to a certain extent, the court should rule that it is relevant.

Sex.

2. Objectivity standards mean that the acquisition, storage, and submission of electronic evidence should be legal, and should be based on national interests, social welfare, and personal      privacy.

This right does not constitute a strict violation.

3. The standard of legality is to ensure that the content of electronic evidence has not changed from the initial collection to the submission as evidence of litigation.

Into.

4. The fairness standard refers to the evidence materials obtained by legal entities through legal means to have evidence capacity.

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 6

Data analysis technology is to find and match keywords or key phrases in the acquired data stream or information stream, and analyze the relevance of time. the following

Which is not an evidence analysis technique?

1. Cryptographic decoding, data decryption technology
2. Document Digital Digest Analysis Techniques
3. Techniques to uncover the links between different pieces of evidence
4. Spam tracking technology

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 7

Regarding AH and ESP security protocols, which of the following options is correct? (Multiple choices)

1. AH can provide encryption and authentication functions
2. ESP can provide encryption and authentication functions
3. The agreement number of AH is 51
4. The agreement number of ESP is 51

Correct Answer: 2,3

Section: (none)

Explanation

Explanation / Reference:

Page 4

QUESTION 8

DDoS attacks belong to which of the following attack types?

1. Spying Scan Attack
2. Malformed message attack
3. Special message attacks
4. Traffic attacks

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 9

Regarding SSL VPN technology, which of the following options is wrong?

1. SSL VPN technology is perfect for NAT traversal scenarios
2. The encryption of SSL VPN technology is only effective at the application layer
3. SSL VPN requires a dial-up client
4. SSL VPN technology extends the reach of an enterprise’s network

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 10

Which of the following options can be operated in the advanced settings of windows firewall? (Multiple choices)

1. Restore default values
2. Change notification rules
3. Setting connection security rules
4. Set up inbound and outbound rules

Correct Answer: 1,2,3,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 11

When a NAT server is configured on a USG series firewall, a server-map table is generated. Which of the following is not included in the performance?

1. Destination IP
2. Destination port number
3. Agreement number
4. Source IP

Page 5

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 12

Which of the following attacks is not a special message attack?

1. ICMP redirect message attack
2. ICMP Unreachable Packet Attack
3. IP address scanning attack
4. Oversized ICMP packet attack

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 13

Which of the following attacks is not a malformed packet attack?

1. Teardrop attack
2. Smurf attack
3. TCP Fragmentation Attack
4. ICMP Unreachable Packet Attack

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 14

The “Caesar cipher” is mainly used to encrypt data by using a stick of a specific specification.

1. Yes
2. wrong

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 15

Which of the following are remote authentication methods? (Multiple choices)

1. RADIUS
2. Local

Page 6

1. HWTACACS
2. LLDP

Correct Answer: 1,3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 16

When the firewall hard disk is in place, which of the following is a correct description of the firewall log?

1. Administrators can publish content logs to view network threat detection and defense records
2. Administrators can use the threat log to understand the user’s security risk behavior and the reasons for being alerted or blocked
3. The administrator learns the user’s behavior, groped keywords, and the effectiveness of the audit policy configuration through the user activity log
4. The administrator can learn the security policy of traffic hit through the policy hit log, which can be used for fault location when a problem occurs.

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 17

In the Client-Initiated VPN configuration, it is generally recommended to plan the address pool and the headquarters network addresses as different network segments, otherwise the gateway device must be configured

Enable proxy forwarding.

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 18

Which of the following is the encryption technology used in digital envelopes?

1. Symmetric encryption algorithm
2. Asymmetric encryption algorithm
3. Hashing algorithm
4. Stream encryption algorithm

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

Page 7

QUESTION 19

In addition to the built-in Portal authentication, the firewall also supports custom Portal authentication. When custom Portal authentication is used, it does not need to be deployed separately.

External Portal server.

1. Yes
2. wrong

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 20

NAPT technology can implement one public network IP address for multiple private network hosts.

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 21

IPSec VPN technology does not support NAT traversal when using ESP security protocol encapsulation, because ESP encrypts the packet header

1. Yes
2. wrong

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 22

Regarding the description of SSL VPN, which of the following is correct?

1. Can be used without a client
2. Can encrypt the IP layer
3. NAT traversal problem
4. No authentication required

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

Page 8

QUESTION 23

Some applications, such as Oracle database applications, have no data stream transmission for a long time, which interrupts the firewall session connection, resulting in business interruption. The following

Which is the optimal solution?

1. Configure a long service connection
2. Enable ASPF function
3. Optimizing security policies
4. Enable shard cache

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 24

“Implement security monitoring and management of information and information systems to prevent illegal use of information and information systems” is to realize which features of information security

Sex?

1. Confidentiality
2. Controllability
3. Non-repudiation
4. Integrity

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 25

When configuring a security policy, one security policy can reference an address set or configure multiple destination IP addresses.

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 26

Which of the following options does not fall into the 5-tuple range?

1. Source IP
2. Source MAC
3. Destination IP
4. Destination port

Page 9

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 27

Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?

1. After a remote user accesses the Internet, the client software can directly initiate an L2TP tunnel connection request to the remote LNS.
2. The LNS device receives the user’s L2TP connection request and can authenticate the user based on the user name and password
3. LNS assigns private IP addresses to remote users
4. Remote users do not need to install VPN client software

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 28

Regarding the description of the vulnerability scan, which of the following is wrong?

1. Vulnerability scanning is a technology that remotely monitors the vulnerability of the security performance of the target network or host based on the network. It can be used to simulate attacks.Inspection and security audit.
2. Vulnerability scanning is used to detect the existence of vulnerabilities on the target host system. Generally, the target host is scanned for specific vulnerabilities.
3. Vulnerability scanning is a passive precautionary measure that can effectively avoid hacking
4. Vulnerability scanning can be performed based on the results of ping scanning and port scanning

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 29

Regarding the firewall security policy statement, what is wrong with the following options?

1. If the security policy is permit, discarded packets will not accumulate “hits”
2. When configuring a security policy name, you cannot reuse the same name
3. Adjust the order of security policies, no need to save configuration files, take effect immediately
4. The security policy entries of Huawei USG series firewalls cannot exceed 128

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 30

Which of the following protection levels are included in the TCSEC standard? (Multiple choices)

Page 10

1. Verify protection level
2. Mandatory protection levels
3. Autonomous protection level
4. Passive protection level

Correct Answer: 1,2,3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 31

Which of the following options are part of the PKI architecture? (Multiple choices)

1. End entity
2. Certificate authority
3. Certificate Registration Authority
4. Certificate storage

Correct Answer: 1,2,3,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 32

“Good observation” and “keep skepticism” can help us better identify security threats in the cyber world

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 33

In tunnel encapsulation mode. IPSec configuration does not need to have a route to the destination private network segment, because the data will be re-encapsulated to use the new IP

Header looks up the routing table.

1. Yes
2. wrong

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 34

Regarding the description of windows firewall, which of the following options are correct? (Multiple choices)

Page 11

1. The windows firewall can only allow or prohibit preset programs or functions and programs installed on the system.

Custom release rules

2. Windows firewall not only allows or prohibits the preset programs or functions and programs installed on the system, but also supports itself based on the protocol or end

Slogan Custom Release Rules

3. If you cannot access the Internet during the Windows firewall setting process, you can use the Restore Defaults function to quickly restore the firewall to its original state.

state

4. Windows firewall can change notification rules even when it is turned off

Correct Answer: 2,3,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 35

Which of the following statements about investigation and forensics is correct?

1. Evidence may not be required during the investigation
2. Evidence obtained by wiretapping is also valid
3. Enforcement agencies are best involved in all investigations and evidence gathering processes
4. Documentary evidence is required in computer crime

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 36

Regarding online user management, which of the following is wrong?

1. Each user group can include multiple users and user groups
2. Each user group can belong to multiple parent user groups
3. The system has a default user group by default.
4. Each user belongs to at least one user group or multiple user groups

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 37

Which of the following is not the method used in the Detection link in the P2DR model?

1. Real-time monitoring
2. Detection
3. Alarm
4. Closed Services

Correct Answer: 3

Page 12

Section: (none)

Explanation

Explanation / Reference:

QUESTION 38

Which of the following is not a LINUX operating system?

1. CentOS
2. RedHat
3. Ubuntu
4. MAC OS

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 39

In some scenarios, both source IP addresses and destination IP addresses need to be converted. Which of the following technologies is used in this scenario?

1. Bidirectional NAT
2. Source NAT
3. NAT-Server
4. NAT ALG

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 40

Which of the following protocols can guarantee the confidentiality of data transmission? (Multiple choices)

1. Telnet
2. SSH
3. FTP
4. HTTPS

Correct Answer: 2,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 41

After the web redirection function is configured on the USG series firewall, the authentication page cannot be displayed. Which of the following is not the cause of the fault?

1. The authentication policy is not configured or is incorrectly configured

1. Web authentication is not enabled
2. The browser SSL version does not match the SSL version of the firewall authentication page
3. The port number of the authentication page service is set to 8887

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 42

Which of the following is the correct description of the order of the four phases of the Information Security Management System (ISMS)?

1. Plan-> Check-> Do-> Action
2. Check-> Plan-> Do-> Action
3. Plan-> Do-> Check-> Action
4. Plan-> Check-> Action-> Do

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 43

In the information security system construction management cycle, which of the following actions need to be implemented in the “check” link?

1. Design of safety management system
2. Safety management system implementation
3. Risk assessment
4. Safety management system operation monitoring

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 44

1. The status of this firewall VGMP group is Active
2. The VRRP group status of this firewall’s G1 / 0/0 and G1 / 0/1 interfaces is standby

Page 14

1. The HRP heartbeat interfaces of this firewall are G1 / 0/0 and G1 / 0/1
2. This firewall must be in a preemptive state

Correct Answer: 2

Section: (none)

Explanation

Explanation / Reference:

QUESTION 45

Classification of servers by shape can be divided into the following types? (Multiple choices)

1. Blade server
2. Tower Server
3. Rack Server
4. X86 server

Correct Answer: 1,2,3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 46

Common scanning attacks include: port scanning tools, vulnerability scanning tools, application scanning tools, database scanning tools, etc.

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 47

According to the protection object to divide the firewall, windows firewall belongs to-?

1. Software firewall
2. Hardware firewall
3. Stand-alone firewall
4. Network firewall

Correct Answer: 3

Section: (none)

Explanation

Explanation / Reference:

QUESTION 48

Which of the following options are ways for a PKI entity to apply for a local certificate from a CA? (Multiple choices)

Page 15

1. Apply online
2. Local application
3. Online Application
4. Offline application

Correct Answer: 1,4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 49

Intrusion prevention system (IPS, intrusion prevention system) is a defense system that can block in real time when an intrusion is detected

1. Yes
2. wrong

Correct Answer: 1

Section: (none)

Explanation

Explanation / Reference:

QUESTION 50

Which of the following is not a symmetric encryption algorithm?

1. DES
2. 3DES
3. AES
4. RSA

Correct Answer: 4

Section: (none)

Explanation

Explanation / Reference:

QUESTION 51

Which of the following options are correct regarding configuring firewall security zones? (Multiple choices)

1. The firewall has four security zones by default, and the priorities of the four security zones cannot be modified.
2. The firewall can have up to 12 security zones
3. A firewall can create two security zones of the same priority
4. When data flows between different security areas, the security check of the device will be triggered and the corresponding security policy will be implemented

Correct Answer: 1,4

Section: (none)

Explanation

Explanation / Reference:

Page 16

QUESTION 52

Digital certificates can be divided into local certificates, CA certificates, root certificates, and self-signed certificates according to different usage scenarios.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 53

Regarding the root CA certificate, which of the following is incorrect?

1. Issuer is CA
2. The certificate subject name is CA
3. Public key information is the CA’s public key
4. The signature is generated by CA public key encryption

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 54

Which of the following configurations can implement the NAT ALG function?

1. nat alg protocol
2. alg protocol
3. nat protocol
4. detect protocol

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 55

Regarding the firewall gateway’s anti-virus response method for the HTTP protocol, which of the following statements is wrong?

1. When the gateway device blocks the HTTP connection, push the web page to the client and generate a log
2. Response methods include announcement and blocking
3. Alarm mode The device only generates logs and sends the files without processing the HTTP protocol.
4. Blocking means that the device disconnects from the HTTP server and blocks file transfers

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 17

QUESTION 56

Which of the following is not a user authentication method in the USG firewall?

1. Certification Free
2. Password authentication
3. Single sign-on
4. Fingerprint authentication

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 57

The firewall GE1 / 0/1 and GE1 / 0/2 ports belong to the DMZ area. If you want to realize that the area connected to GE1 / 0/1 can access the area

Area, which of the following is correct?

1. Need to configure Local to DMZ security policy
2. No configuration required
3. Inter-domain security policy needs to be configured
4. Need to configure DMZ to local security policy

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 58

The process of forwarding the first packet of a session between firewall domains has the following steps:

1.Find routing table

2.Find inter-domain packet filtering rules

3.Find the session table

4.Find blacklist

Which of the following order is correct?

1. 1-> 3-> 2-> 4
2. 3-> 2-> 1-> 4
3. 3-> 4-> 1-> 2
4. 4-> 3-> 1-> 2

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 59

The administrator wants to know the current session table. Which of the following commands is correct?

Page 18

1. clear firewall session table
2. reset firewall session table
3. display firewall session table
4. display session table

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 60

Which of the following are the basic functions of antivirus software? (Multiple choices)

1. Protection against viruses
2. Finding viruses
3. Remove the virus
4. Replication virus

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 61

The European TCSEC Code is divided into two modules, functional and evaluation, mainly used in the military, government and commercial fields

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 62

In the future development trend of information security, terminal detection is an important part. Which of the following methods fall into the category of terminal detection? (Multiple choices)

1. Install host anti-virus software
2. Monitor and remember external devices
3. Prevent users from accessing public search engines
4. Monitor host registry modification records

Correct Answer: AD

Section: (none)

Explanation

Explanation / Reference:

Page 19

QUESTION 63

Use iptables to write a rule that does not allow the network segment 172.16.0.0/16 to access the device. Which of the following rules is correct?

A.

B.

C.

D.

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 64

Which of the following options is not included in the consistency check of the HRP master / backup configuration?

1. NAT Policy
2. Are heartbeat interfaces with the same serial number configured?
3. Next hop and outgoing interface of the static route
4. Authentication strategy

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 65

In the USG series firewall, you can use the ______ function to provide well-known application services for non-well-known ports.

1. Port mapping
2. MAC and IP address binding
3. Packet filtering
4. Long connection

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 66

The questionnaire design principles do not include which of the following?

1. Integrity
2. Openness

Page 20

1. Specificity
2. Consistency

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 67

To implement the “anti-virus function” in the security policy, you must activate the license.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 68

The configuration commands for the NAT address pool are as follows:

The meaning of the no-pat parameter is:

1. No address translation
2. Port multiplexing
3. Do not convert source ports
4. Do not convert the destination port

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 69

On the surface, threats such as viruses, vulnerabilities, and Trojan horses are the cause of information security incidents. However, the root cause is that information security incidents are related to people and information systems.

It is also very relevant in itself.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

Page 21

QUESTION 70

When connecting to Wi-Fi in public places, which of the following actions is relatively more secure?

1. Connect to an unencrypted Wi-Fi hotspot
2. Connect to a paid Wi-Fi hotspot provided by the operator and only browse the web
3. Connect to unencrypted free Wi-Fi for online shopping
4. Connect encrypted free Wi-Fi for online transfer operations

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 71

Which of the following is an action to be taken during the summary phase in a cybersecurity emergency response? (Multiple choices)

1. Establish a defense system and specify control measures
2. Evaluate the implementation of emergency plans and propose follow-up improvement plans
3. Judging the effectiveness of isolation measures
4. Evaluation of emergency response organization members

Correct Answer: BD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 72

Regarding port mirroring, which of the following descriptions are correct? (Multiple choices)

1. Mirrored port copies packets to observing port
2. The observing port sends the received message to the monitoring device
3. The mirrored port sends the received message to the monitoring device
4. Observing port copies packets to mirrored port

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 73

Which of the following options is the protocol number for GRE?

1. 46
2. 47
3. 89
4. 50

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 22

QUESTION 74

Which of the following is wrong about the VGMP protocol description?

1. VGMP joins multiple VRRP backup groups on the same firewall to a management group, and all VRRP backup groups are managed by the management group.
2. VGMP guarantees that the status of all VRRP backup groups in the management group is consistent by uniformly controlling the status of each VRRP backup group.
3. The VGMP group device in the Active state periodically sends hello packets to the peer.

Respond

1. By default, when the Hello side does not receive the Hello message sent by the peer for three hello packet cycles, it will consider that the peer has failed.

And switch yourself to Active state.

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 75

A and B communication parties perform data communication. If the asymmetric encryption algorithm is used for encryption, when A sends data to B, which of the following keys will be used

Data encryption?

1. A’s public key
2. A’s private key
3. Public key of B
4. B’s private key

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 76

IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 77

Regarding GRE encapsulation and decapsulation, which of the following descriptions is incorrect?

1. The encapsulation process. The original data packet is sent to the Tunnel interface by looking up the route and then the GRE encapsulation is started.
2. Encapsulation process. After encapsulation by the GRE module, this packet will enter the IP module for further processing.
3. Decapsulation process. After receiving the GRE packet, the destination sends the packet to the tunnel interface by searching for the route and then decapsulates the GRE
4. Decapsulation process. After decapsulation by the GRE module, this packet will enter the IP module for further processing.

Page 23

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 78

The repair of anti-virus software only needs to repair some system files deleted by mistake when checking for viruses to prevent system crashes

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 79

Which of the following does not fall into the hierarchy of cybersecurity incidents?

1. Major cybersecurity incidents
2. Special cybersecurity incidents
3. General cybersecurity incidents
4. Major cybersecurity incidents

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 80

Which of the following statements is true about single sign-on? (Multiple choices)

1. The device can identify users who have been authenticated by the identity authentication system
2. AD domain single sign-on has only one deployment mode
3. Although the user password is not required, the authentication server needs to interact with the user password to ensure that the authentication passes.
4. AD domain single sign-on can be synchronized to the firewall by mirroring the login data stream

Correct Answer: AD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 81

Regarding the relationship and role of VRRP / VGMP / HRP, which of the following statements is correct? (Multiple choices)

1. VRRP is responsible for sending free ARP to direct traffic to the new master device when the master and backup are switched
2. VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment

Page 24

1. HRP is responsible for data backup during hot standby operation
2. Active VGMP group may include VRRP group in standby state

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 82

The administrator PC is directly connected to the USG firewall management interface and uses the web method to perform the initialization. Which of the following statements is correct? (Multiple choices)

192. The browser of the management PC accesses http; //192.168.0.1
193. The IP address of the management PC is manually set to 192.168.0.2-192.168.0.254
194. The browser of the management PC accesses http://192.168.1.1
195. Set the network card of the management PC to obtain an IP address automatically

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 83

In the Huawei SDSec solution, which layer of equipment does the firewall belong to?

1. Analysis layer
2. Control layer
3. Executive layer
4. Monitoring layer

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 84

When dual-system hot backup is deployed on the firewall, which of the following protocols is required to switch the overall state of the VRRP backup group?

1. VRRP
2. VGMP
3. HRP
4. OSPF

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 25

QUESTION 85

As shown in the figure, the online scenario of internal users of the enterprise is as follows:

1. The authentication is passed. The USG allows the connection to be established.
2. The user accesses the Internet and enters http://1.1.1.1

3.USG push authentication interface

4. The user successfully accesses http://1.1.1.1, and the device creates a session table

5 The user enters the correct username and password

The following correct process ordering should be:

1. 2-> 5-> 3-> 1-> 4
2. 2-> 3-> 5-> 1-> 4
3. 2-> 1-> 3-> 5-> 4
4. 2-> 3-> 1-> 5-> 4

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 86

Regarding the description of firewall dual-system hot backup, which of the following options are correct? (Multiple choices)

1. When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup groups need to be configured on the firewall.
2. Require that the status of all VRRP backup groups in the same VGMP management group on the same firewall be consistent
3. The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table, routing table and other information between the master and slave
4. VGMP is used to ensure the consistency of all VRRP backup group switching

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 87

Which of the following is the encryption technology used in digital envelopes?

1. Symmetric encryption algorithm
2. Asymmetric encryption algorithm
3. Hashing algorithm
4. Feeding Algorithm

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 26

QUESTION 88

Regarding the matching conditions of the security policy, which of the following options are correct? (Multiple choices)

1. “Source Security Zone” is an optional parameter in the matching conditions
2. “Time period” in the matching condition is optional
3. “Apply” in matching conditions is optional
4. “Service” is an optional parameter in the matching conditions

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 89

The attacker sends an ICMP response request and sets the destination address of the request packet as the broadcast address of the victim network.

What kind of attack does this behavior belong to?

1. IP Spoofing Attack
2. Smurf attack
3. ICMP redirect attack
4. SYN flood attack

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 90

Regarding the sequencing of PKI work processes, which of the following is correct?

1. 1-2-6-5-7-4-3-8
2. 1-2-7-6-5-4-3-8
3. 6-5-4-1-2-7-3-8
4. 6-5-4-3-1-2-7-8

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 27

QUESTION 91

Clients in the firewall Trust domain can log in to the FTP server in the Untrust domain, but cannot download files. Which of the following methods can solve the problem

problem? (Multiple choices)

1. Allow port 21 between Trust and Untrust
2. When FTP works in port mode, modify the security policy action from Trust to Untrust zone to allow
3. Enable detect ftp
4. When FTP works in Passive mode, modify the security policy action from Trust to Untrust zone to allow

Correct Answer: CD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 92

Which of the following is not part of the digital certificate?

1. Public key
2. Private key
3. Validity period
4. Issuer

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 93

Regarding the description of TCP / IP protocol stack decapsulation, which of the following is correct? (Multiple choices)

1. The data packet is first transmitted to the data link layer. After parsing, the data link layer information is stripped and the network layer information is known based on the parsing information.

Such as IP

1. After the transport layer (TCP) receives the data packet, the transport layer information is stripped after parsing, and the upper layer processing protocol is known based on the parsing information.

Such as UDP

1. After the network layer receives the data packet, the network layer information is stripped after parsing, and the upper layer processing protocol is known based on the parsing information, such as

HTTP

1. After the application layer receives the data packet, the application layer information is stripped after parsing, and the user data finally displayed and the number sent by the sender host

Data is exactly the same

Correct Answer: AD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 94

Which of the following is not a key technology of antivirus software?

1. Shelling technology
2. Self-protection
3. Format the disk
4. Upgrade virus database in real time

Page 28

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 95

Which of the following options are malicious programs? (Multiple choices)

1. Trojan horse
2. Vulnerabilities
3. Worms
4. Viruses

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 96

Which of the following are key elements of information security? (Multiple choices)

1. Asset management
2. Security operations and management
3. Security products and technologies
4. People

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 97

Which of the following is not a major form of computer crime?

1. Implant Trojan into target host
2. Hacking the target host
3. Personal surveys using computers
4. Use scanning tools to collect network information without permission

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 98

When the IPSec VPN tunnel mode is deployed, AH protocol is used for packet encapsulation. In the new IP packet header field, which of the following parameters need not be performed

Data integrity check?

Page 29

1. Source IP address
2. Destination IP address
3. TTL
4. Idetification

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 99

When configuring a GRE tunnel interface, which of the following parameters does the destination address generally refer to?

1. Local Tunnel Interface IP Address
2. Outbound IP address of the local end
3. Peer external IP address
4. IP address of the peer tunnel interface

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 100

Which of the following options are application risks (multiple choices)

1. Network viruses
2. Email security
3. Database system configuration security
4. Web Services Security

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 101

Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, and destination port.

“And” relationship, that is, only if the information in the message and all fields match, it is considered to hit this policy.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 30

QUESTION 102

Regarding the description of SSL VPN, which of the following is correct?

1. Can be used without a client
2. Can encrypt the IP layer
3. NAT traversal problem
4. No authentication required

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 103

Regarding the description of the four-way handshake to disconnect the TCP connection, which of the following is wrong?

1. The active closing party sends the first FIN to perform an active shutdown, while the other party receives this FIN to be closed.
2. When the passive shutdown receives the first FIN, it will send back an ACK and randomly generate an acknowledgement sequence number.
3. The passive closing party needs to send an end-of-file character to the application, and the application closes its connection and causes a FIN
4. After the passive closing party sends FIN, the active closing party must send back a confirmation and set the confirmation serial number to the received serial number plus 1

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 104

Which of the following is not an asymmetric encryption algorithm?

1. DH
2. MD5
3. DSA
4. RSA

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 105

Which of the following statements about Client-Initiated VPN is correct? (Multiple choices)

1. A tunnel is established between each access user and the LNS
2. Only one L2TP session and PPP connection are carried in each tunnel
3. Each tunnel carries multiple L2TP sessions and PPP connections
4. Each tunnel carries multiple L2TP sessions and a PPP connection

Correct Answer: AB

Section: (none)

Explanation

Page 31

Explanation / Reference:

QUESTION 106

Regarding the firewall security policy statement, what is wrong with the following options?

1. If the security policy permits, discarded packets will not accumulate “hits”
2. When configuring a security policy name, you cannot reuse the same name
3. Adjust the order of security policies, no need to save configuration files, take effect immediately
4. The number of security policy entries of Huawei USG series firewalls cannot exceed 128

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 107

Which of the following options of VPN technology supports datagram encryption? (Multiple choices)

1. SSL VPN
2. GRE VPN
3. IPSec VPN
4. L2TP VPN

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 108

Which of the following is the username / password for the first login of the USG series firewall?

1. User name admin

Password Admin @ 123

1. User name admin

Password admin @ 123

1. User name admin

Password admin

1. User name admin

Password Admin123

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

Page 32

QUESTION 109

During the use of the server, there are various security threats. Which of the following options is not a server security threat?

1. Natural disasters
2. DDos attack
3. Hacking
4. Malicious programs

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 110

Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?

1. After a remote user accesses the Internet, he can initiate an L2TP tunnel connection request to the remote LNS directly through the client software.

B.; The NS device receives the user’s L2TP connection request, and can authenticate the user based on the user name and password

1. LNS assigns private IP addresses to remote users
2. Remote users do not need to install VPN client software

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 111

Which of the following options are not included in the survey target for the safety assessment method?

1. Network System Administrator
2. Security administrator
3. HR
4. Technical Leader

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 112

The undiscovered vulnerability is the 0 day vulnerability

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 33

QUESTION 113

Regarding the problem that two-way binding users without authentication can not access network resources, which of the following options are possible reasons? (Multiple choices)

1. Authentication-free users and authenticated users are in the same security zone
2. Authentication-free users do not use a PC with the specified IP / MAC address
3. The authentication action in the authentication policy is set to “non-account / exempt authentication”
4. Online users have reached the maximum

Correct Answer: BD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 114

ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application layer, which is implemented through a server-map table.

Special security mechanisms.

Which of the following statements about ASPF and server-map tables is correct? (Multiple choices)

1. ASPF monitors messages during communication
2. ASPF can dynamically create a server-map table
3. ASPF dynamically allows multi-channel protocol data to pass through the server-map table
4. The five-tuple server-map entry implements a similar function to the session table

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 115

Which of the following are features of the address translation technology? (Multiple choice)

1. Address translation allows internal network users (private IP addresses) to access the Internet
2. Address translation can enable many hosts in the internal LAN to share an IP address to go online
3. Address translation can handle encrypted IP headers
4. Address translation can shield users on the internal network and improve the security of the internal network

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 116

Regarding NAT address translation, which of the following statements is wrong?

1. Configure NAT address pool in source NAT technology, you can configure only one IP address
2. Address translation can provide FTP, WWW, Telnet and other services to the outside in the LAN according to the needs of users
3. Some application layer protocols carry IP address information in the data. When they are NATed, the IP address information in the upper layer data must be modified
4. For some non-TCP, UDP protocols (such as ICMP, PPTP), NAT cannot be performed

Page 34

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 117

Regarding the relationship and role of VRRP / VGMP / HRP, which of the following statements are correct? (Multiple choices)

1. VRRP is responsible for sending gratuitous ARP to direct traffic to the new master device during the master / slave switchover.
2. VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment
3. HRP is responsible for data backup during hot standby operation
4. Active VGMP group may include VRRP group in Standby state

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 118

When the firewall upgrades the signature database and virus database online through the security service center, the firewall must be connected to the Internet first, and the configuration must be correct

DNS address

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 119

Which of the following is not a symmetric encryption algorithm?

1. DES
2. 3DES
3. AES
4. RSA

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 120

The results you see with display ike sa are as follows. Which of the following statements is wrong?

Page 35

1. IKE SA has been established
2. IPSec SA has been established
3. The neighbor address is 2.2.2.1
4. IKE uses V1 version

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 121

Regarding the comparison between windows and linux, which of the following statements is wrong?

1. Linux newbies are difficult to get started and require some learning and guidance
2. Windows can be compatible with most software and play most games
3. Linux is open source and you can do whatever you want
4. windows are open source, do whatever you want

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 122

Which of the following options are at the core of the IATF (Information Security Technology Framework) model? (Multiple choices)

1. Environment
2. People
3. Technology
4. Operation

Correct Answer: BCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 123

Which of the following are multi-user operating systems? (Multiple choices)

Page 36

1. MSDOS
2. UNIX
3. LINUX
4. Windows

Correct Answer: BCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 124

The preservation of electronic evidence is directly related to the legal validity of evidence and the preservation of legal procedures can ensure its authenticity and reliability. Which of the following is not

On evidence preservation technology?

1. Encryption technology
2. Digital certificate technology
3. Digital signature technology
4. Message mark tracking technology

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 125

The VGMP group does not actively send VGMP packets to the peer when any of the following conditions occur:

1. Dual-system hot backup function is enabled
2. Manually switch the active / standby status of the firewall
3. Firewall business interface failure
4. Session table entry changes

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 126

Which of the following options can be operated in the advanced settings of windows firewall? (Multiple choices)

1. Restore default values
2. Change notification rules
3. Setting connection security rules
4. Set up inbound and outbound rules

Correct Answer: ABCD

Section: (none)

Explanation

Page 37

Explanation / Reference:

QUESTION 127

Regarding the security policy configuration command, which of the following is correct?

10. Prohibit ICMP packets from the trust zone accessing the untrust zone and the destination address is 10.1.10.10.
11. Forbid all ICMP packets from the trust zone to access all hosts in the untrust zone and the destination address is 10.1.0.0/16
12. It is forbidden to access all host ICMP packets from the trust zone to the untrust zone and the source address is 10.1.0.0/16.
13. Forbid all host ICMP packets from the trust zone to access the untrust zone and the source address is 10.2.10.10.

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 128

In information security prevention, commonly used security products include firewalls, Anti-DDos devices, and IPS / IDS devices

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 129

If the administrator uses the default authentication domain to authenticate the user, the user only needs to enter the user name when logging in; if the administrator

Use the newly created authentication domain to authenticate the user, the user needs to enter “username @ certificate domain name” when logging in

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

Page 38

QUESTION 130

Digital certificate technology solves the problem that public key owners cannot determine in digital signature technology

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 131

Which of the following options are technical features of an intrusion prevention system? (Multiple choices)

1. Online mode
2. Real-time blocking
3. Self-learning and adaptive
4. Straight deployment

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 132

Regarding firewall security policies, are the following items correct?

1. By default, the security policy can control unicast packets and broadcast packets.
2. By default, security policies can control multicast
3. By default, the security policy controls only unicast packets.
4. By default, security policies can control unicast packets, broadcast packets, and multicast packets

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 133

Which of the following information is encrypted when using a digital envelope? (Multiple choices)

1. Symmetric keys
2. User data
3. Recipient public key
4. Receiver private key

Correct Answer: AB

Section: (none)

Page 39

Explanation

Explanation / Reference:

QUESTION 134

Which of the following options fall within the scope of ISO27001 certification? (Multiple choices)

1. Access control
2. Personnel safety
3. Vulnerability Management
4. Business Continuity Management

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 135

Regarding the description of the firewall, which of the following is correct?

1. The firewall cannot access the network transparently.
2. Adding a firewall to the network will inevitably change the topology of the network.
3. To avoid a single point of failure, the firewall only supports side-by-side deployment
4. Depending on the usage scenario, the firewall can be deployed in transparent mode or in three-bedroom mode.

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 136

On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands is correct?

1. clear saved-configuration
2. reset saved-configuration
3. reset current-configuration
4. reset running-configuration

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 137

Which of the following options is correct for the description of a buffer overflow attack? (Multiple choice)

1. Buffer overflow attack exploits the defect of the software system’s memory operation and runs the attack code with high operation authority.

Page 40

1. Buffer overflow attacks are not related to operating system vulnerabilities and architecture.
2. Buffer overflow attacks are one of the common ways to attack software systems
3. Buffer overflow attacks are application-level attacks.

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 138

Security precaution technologies have different approaches at different technical levels and fields. Which of the following devices can be used for network layer security? (Multiple choices)

1. Vulnerability Scanning Device
2. Firewall
3. Anti-DDoS device
4. IPS / IDS equipment

Correct Answer: BCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 139

IPSEC VPN technology does not support NAT traversal when using ESP security protocol encapsulation, because ESP encrypts the packet header

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 140

Which of the following options are features of SSL VPN? (Multiple choices)

1. User authentication
2. Port scanning
3. File sharing
4. WEB rewriting

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 141

Page 41

In the digital signature process, which of the following is the HASH algorithm to verify the integrity of the data transmission?

1. User data
2. Symmetric keys
3. Recipient public key
4. Receiver private key

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 142

Which of the following traffic matches the authentication policy to trigger authentication?

1. Accessing devices or device-initiated traffic
2. DHCP, BGP, OSPF, LDP packets
3. Visitors accessing HTTP traffic
4. DNS message corresponding to the first HTTP service data flow

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 143

The firewalls GE1 / 0/1 and GE1 / 0/2 both belong to the DMZ area. If you want to realize that the area connected to GE1 / 0/1 can access GE1 / 0/2

Which of the following is correct for the connected area?

1. Need to configure local to DMZ security policy
2. No configuration required
3. Inter-domain security policy needs to be configured
4. Need to configure DMZ to local security policy

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 144

The use of computers to store information about criminal activity is not a computer crime

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 145

Page 42

Regarding IKE SA, which of the following is incorrect?

1. IKE SA is bidirectional
2. IKE is an application layer protocol based on UDP
3. IKE SA is for IPSec SA
4. The encryption algorithm used for user data packets is determined by IKE SA

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 146

Which of the following statements about VPN is wrong?

1. Virtual private network costs less than leased lines
2. VPN technology necessarily involves encryption technology
3. VPN technology is a technology that reuses logical channels on actual physical lines
4. The emergence of VPN technology enables employees on business trips to remotely access internal servers of the enterprise

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 147

Which of the following are standard port numbers for the FTP protocol? (Multiple choices)

1. 20
2. 21
3. 23
4. 80

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 148

The level of information security protection is to improve the overall level of national security, and to rationally optimize the allocation of security resources so that

Send back maximum safety and economic benefits

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Page 43

Explanation / Reference:

QUESTION 149

In response to network security incidents, remote emergency response is generally adopted first. If remote access is not available, it can be resolved for customers.

After the customer confirms the problem, go to the local emergency response process

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 150

Generally, we will divide the server into two categories: general server and function server. Which of the following options meets this classification criteria?

1. By application level
2. By purpose
3. Divided by shape
4. Divided by architecture

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 151

NAPT technology can implement a public IP address for multiple private network hosts

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 152

After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can be

Configure directly on the standby device, and the configuration on the standby device can be synchronized to the active device

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Page 44

Explanation / Reference:

QUESTION 153

Which of the following options are characteristic of symmetric encryption algorithms? (Multiple choices)

1. Fast encryption
2. Confidentiality is slow
3. Insecure key distribution
4. High key distribution security

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 154

Which of the following options are harms of a traffic attack? (Multiple choices)

1. Network is down
2. Server is down
3. Data is stolen
4. Web pages are tampered with

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 155

Intrusion prevention system (IPS) is a defense system that can block in real time when intrusion behaviors are discovered

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 156

Regarding the consistency check of the HRP master / backup configuration, which of the following options is not included?

1. NAT Policy
2. Are heartbeat interfaces with the same serial number configured?
3. Next hop and outgoing interface of the static route
4. Authentication strategy

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

Page 45

QUESTION 157

Regarding NAT configuration, which of the following is wrong?

1. Configure source NAT in transparent mode, firewall does not support easy-ip mode
2. The IP address in the address pool can overlap with the public IP address of the NAT server
3. When there is VoIP service on the network, NAT ALG does not need to be configured
4. The firewall does not support NAPT conversion of ESP and AH packets

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 158

Regarding the description of security policy actions and security profiles, which of the following options are correct? (Multiple choices)

1. If the action of the security policy is “Forbidden”, the device will discard this traffic and no further content security checks will be performed.
2. Security profiles can take effect without being applied to security policies whose actions are allowed
3. The security profile must be applied under a security policy whose action is allowed to take effect
4. If the security policy action is “Allow”, the traffic will not match the security profile

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 159

Encryption technology protects data during data transmission. Which of the following options are included? (Multiple choices)

1. Confidentiality
2. Controllability
3. Integrity
4. Source verification

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 160

After a cyber attack event, set up an isolation area, summarize data, and estimate losses according to the plan. The above actions are a cyber security emergency

At what stage of the response is the work involved?

1. Preparation stage
2. Detection phase
3. Inhibition phase
4. Recovery phase

Page 46

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 161

IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 162

The digital certificate is fair to the public key through a third party organization, thereby ensuring the non-repudiation of data transmission. So confirm the public key is correct

Sex requires only the certificate of the correspondent

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 163

Digital signature is to generate a digital fingerprint by using a hashing algorithm to ensure the integrity of data transmission

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 164

Regarding the description of the firewall fragment cache function, which of the following options are correct? (Multiple choices)

1. By default, the firewall caches fragmented packets
2. After the direct forwarding of fragmented packets is configured, the firewall will forward the fragmented packets that are not the first fragment according to the inter-domain security policy.
3. For fragmented packets, NAT ALG does not support the processing of SIP fragmented packets
4. By default, the maximum number of fragment caches for an IPv4 packet is 32, and the maximum number of fragment caches for an IPv6 packet is 255

Page 47

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 165

The SIP protocol uses SDP messages to establish sessions. SDP messages contain remote addresses or multicast addresses.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 166

Which of the following attacks is not a cyber attack?

1. IP Spoofing Attack
2. Smurf attack
3. MAC Address Spoofing Attack
4. ICMP attack

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 167

What versions of the SNMP protocol? (Multiple choices)

1. SNMPv1
2. SNMPv2b
3. SNMPv2c
4. SNMPv3

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 168

Regarding the description of the preemption function of VGMP management, which of the following is wrong?

1. By default, the preemption function of the VGMP management group is enabled.
2. By default, the preemption delay time of the VGMP management group is 40s.

Page 48

1. Preemption refers to the restoration of the priority of the original faulty master device when it fails. At this time, you can reset your status

Preemptive

1. After the VRRP backup group is added to the VGMP management group, the original preemption function on the VRRP backup group becomes invalid

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 169

In the IPSec VPN transmission mode, what part of the data packet is encrypted?

1. Network layer and upper layer data messages
2. Original IP header
3. New IP packet header
4. Transport layer and upper layer data messages

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 170

Regarding windows logs, which of the following descriptions is incorrect?

1. System logs are used to record events generated by operating system components, mainly including crashes of drivers, system components, and application software, as well as data
2. The system log of windows server 2008 is stored in Application.evtx
3. The application log contains events recorded by the application or system program, which mainly records events related to the operation of the program
4. The security log of windows server 2008 is stored in security.evtx

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 171

For the description of IP Spoofing, which of the following is wrong?

1. IP spoofing attacks are launched using the normal IP address-based trust relationship between hosts.
2. After a successful IP spoofing attack, an attacker can use a forged IP address to impersonate a legitimate host to access key information
3. The attacker needs to disguise the source IP address as a trusted host and send a data segment with a SYN tag to request a connection
4. Hosts based on IP address trust relationship can log in directly without entering password authentication

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

Page 49

QUESTION 172

In the USG series firewall, which command can be used to query the NAT translation result?

1. display nat translation
2. display firewall session table
3. display current nat
4. display firewall nat translation

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 173

The preservation of electronic evidence is directly related to the legal validity of evidence and the preservation of legal procedures, so that its authenticity and reliability can be guaranteed. Which of the following is not

On evidence preservation technology?

1. Encryption technology
2. Digital certificate technology
3. Digital signature technology
4. Message mark tracking technology

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 174

Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple choices)

1. Session table
2. ServerMap entry
3. Dynamic blacklist
4. Routing table

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 175

As shown in the figure, a TCP connection is established between client A and server B. Which of the following “?” Message sequence numbers should be in the figure?

Page 50

1. a + 1: a
2. a: a + 1
3. b + 1: b
4. a + 1: a + 1

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 176

Digital certificates can be divided into local certificates, CA certificates, root certificates, and self-signed certificates according to different usage scenarios.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 177

Which of the following is the encryption technology used in digital envelopes?

1. Symmetric encryption algorithm
2. Asymmetric encryption algorithm
3. Hashing algorithm
4. Stream encryption algorithm

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 51

QUESTION 178

Which of the following are remote authentication methods? (Multiple choices)

1. RADIUS
2. Local
3. HWTACACS
4. LLDP

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 179

Which of the following statements about IPSec SA is correct?

1. IPSec SA is unidirectional
2. IPSec SA is bidirectional
3. Used to generate encryption keys
4. Used to generate confidential algorithms

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 180

The steps of the safety assessment method do not include which of the following?

1. Human audit
2. Penetration testing
3. Questionnaire
4. Data analysis

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 181

In Equal Guarantee 2.0, which stipulates that “spam emails should be detected and protected at key network nodes, and upgrades to spam protection mechanisms should be maintained

And update “?

1. Malicious code prevention
2. Communication transmission
3. Centralized control
4. Border protection

Page 52

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 182

Which of the following options does not fall into the 5-tuple range?

1. Source IP
2. Source MAC
3. Destination IP
4. Destination port

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 183

In the state detection firewall, when the state detection mechanism is enabled, the second packet (SYN + ACK) of the three-way handshake reaches the firewall.

At this time, if there is no corresponding session table on the firewall, which of the following is correct?

1. The firewall does not create a session table, but allows packets to pass
2. If the firewall security policy allows packets to pass, create a session table
3. Messages must not pass through the firewall
4. The packets must pass through the firewall and establish a session

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 184

In a VRRP (Virtual Router Redundancy Protocol) group, the primary firewall periodically sends notification packets to the backup firewall.

The backup firewall is only responsible for listening to the notification message and will not respond.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 185

Huawei USG firewall VRRP notification messages are multicast packets, so each firewall in the backup group must be able to implement direct Layer 2 interworking.

Page 53

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 186

Because the server is a type of computer, we can use our personal computer as a server in the enterprise.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 187

As shown in the figure is an application scenario of a NAT server, when the configuration is performed using the web configuration mode. Which of the following statements is true?

(Multiple choices)

1. When configuring the interzone security policy, you need to set the source security zone to Untrust and the target security zone to DMZ.
2. When configuring NAT Server, the internal address is 10.1.1.2 and the external address is 200.10.10.1
3. When configuring the interzone security policy, set the source security zone to DMZ and the target security zone to Untrust
4. When configuring NAT Server, the internal address is 200.10.10.1 and the external address is 10.1.1.2

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 188

In the configuration of L2TP, which of the following statements is correct for the Tunnel Name command? (Multiple choices)

1. Used to specify the local tunnel name
2. Tunnel name used to specify the peer
3. Tunnel Nname must be the same at both ends
4. If Tunnel Name is not configured, the tunnel name is the local system name

Page 54

Correct Answer: AD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 189

Which of the following attack types does a DDos attack have?

1. Spying Scan Attack
2. Malformed message attack
3. Special message attacks
4. Traffic attacks

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 190

In the USG system firewall, you can use the function to provide well-known application services for non-well-known ports.

1. Port mapping
2. MAC and IP address binding
3. Packet filtering
4. Long connection

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 191

Regarding the command to check the number of security policy matches, which of the following is correct?

1. display firewall sesstion table
2. display security-policy all
3. display security-policy count
4. count security-policy hit

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 192

Which of the following options is a Layer 2 VPN technology?

Page 55

1. SSL VPN
2. L2TP VPN
3. GRE VPN
4. IPSec VPN

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 193

About the description of advanced settings of windows firewall, which of the following options are wrong? (Multiple choices)

1. When setting the stacking rule, only the local port can be restricted, and the remote port cannot be restricted
2. When setting the stacking rules, you can restrict both local and remote ports
3. When setting out the stack rule, only the local port can be restricted, and the remote port cannot be restricted
4. When setting out the stack rule, you can restrict both the local port and the remote port

Correct Answer: BD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 194

Regarding the description of VGMP group management, which of the following is wrong?

1. The master / backup status of a VRRP backup group needs to be notified to the VGMP management group to which it belongs.
2. The interface types and numbers of the heartbeat interfaces of the two firewalls can be different, as long as the Layer 2 communication
3. Periodic hello messages between VGMPs of the active and standby firewalls
4. The master and backup devices learn the status of each other through heartbeat exchange messages, and back up related commands and status information.

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 195

In the security assessment method, the purpose of a security scan is to scan the target system with a scan analysis and evaluation tool in order to find related vulnerabilities.

Prepare for the attack

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 56

QUESTION 196

Which of the following attacks is not a malformed packet attack?

1. Teardrop attack
2. Smurf attack
3. TCP Fragmentation Attack
4. ICMP Unreachable Packet Attack

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 197

Regarding IKE SA, which of the following is incorrect?

1. IKE SA is bidirectional
2. IKE is an application layer protocol based on UDP
3. IKE SA is for IPSec SA
4. The encryption algorithm used for user data packets is determined by IKE SA

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 198

In the construction of an information security system, the relationship between important aspects of security and system behavior needs to be accurately described through a security model

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 199

Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, and destination port.

“And” relationship, that is, only if the information in the message and all fields match, it is considered to hit this policy.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 200

The matching principle of the security policy is: first find the manually-configured inter-domain security policy, and if it does not match, directly discard the data packet.

Page 57

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 201

Which of the following is the response action of the gateway antivirus after detecting a mail virus? (Multiple choices)

1. Alarm
2. Block
3. Declaration
4. Delete attachments

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 202

Digital signature is to generate a digital fingerprint by using a hashing algorithm to ensure the integrity of data transmission

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 203

Regarding NAT address translation, which of the following statements is wrong?

1. Configure NAT address pool in source NAT technology, you can configure only one IP address
2. Address translation can provide FTP, WWW, Telnet and other services to the outside in the LAN according to the needs of users
3. Some application layer protocols carry IP address information in the data. When they are NATed, the IP address information in the upper layer data must be modified
4. For some TCP and UDP protocols (such as ICMP, PPTP), NAT cannot be performed.

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 204

When a NAT server is configured on the firewall of the USG system, a server-map table is generated. Which of the following is not included in the performance?

Page 58

1. Destination IP
2. Destination port number
3. Agreement number
4. Source IP

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 205

Which of the following options are malicious programs? (Multiple choices)

1. Trojan horse
2. Vulnerabilities
3. Worms
4. Viruses

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 206

Which of the following are the main implementation methods of gateway antivirus? (Multiple choices)

1. Agent scanning method
2. Stream scanning method
3. Package inspection and killing methods
4. File killing methods

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 207

Which of the following options is not part of the hashing algorithm?

1. MD5
2. SHA1
3. SM1
4. SHA2

Correct Answer: C

Section: (none)

Explanation

Page 59

Explanation / Reference:

QUESTION 208

Regarding the description of firewall dual-system hot backup, which of the following options are correct? (Multiple choices)

1. When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup groups need to be configured on the firewall.
2. Require that the status of all VRRP backup groups in the same VGMP management group on the same firewall be consistent
3. The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table, routing table and other information between the master and slave
4. VGMP is used to ensure the consistency of all VRRP backup group switching

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 209

Which of the following options is not a certificate save file format supported by the USG6000 series device?

1. PKCS # 12
2. DER
3. PEM
4. PKCS #

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 210

Which of the following attacks is not a special message attack?

1. ICMP redirect message attack
2. ICMP Unreachable Packet Attack
3. IP address scanning attack
4. Oversized ICMP packet attack

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 211

Security precaution technologies have different approaches at different technical levels and fields. Which of the following devices can be used for network layer security? (Multiple choices)

1. Vulnerability Scanning Device
2. Firewall
3. Anti-DDoS device
4. IPS / IDS equipment

Page 60

Correct Answer: BCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 212

Which of the following is used in digital signature technology to encrypt digital fingerprints?

1. Sender public key
2. Sender private key
3. Recipient public key
4. Receiver private key

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 213

The reason OSPF is more commonly used than RIP is that OSPF has device authentication and is more secure

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 214

The content of intrusion detection covers authorized and unauthorized intrusion behaviors. Which of the following behaviors does not fall into the scope of intrusion detection?

1. Impersonating another user
2. The administrator deletes the configuration by mistake
3. Worm Trojans
4. Leaked data

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 215

For the description of ARP spoofing attack, which of the following is wrong

1. The ARP implementation mechanism only considers normal business interactions, and does not verify any abnormal business interactions or malicious behaviors.
2. ARP spoofing attacks can only be implemented through ARP responses, not through ARP requests

Page 61

1. When a host sends a normal ARP request, the attacker will respond preemptively, causing the host to establish an incorrect IP-MAC mapping
2. ARP static binding is a solution to ARP spoofing attacks. It is mainly used in small network scenarios.

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 216

Which of the following mechanisms are used for MAC flood attacks? (Multiple choices)

1. MAC learning mechanism of the switch
2. Switch forwarding mechanism
3. ARP learning mechanism
4. Limit on the number of MAC entries

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 217

After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can be

Configuration is performed directly on the standby device, and the configuration on the standby device can be synchronized to the active device.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 218

In practical applications, asymmetric encryption is mainly used to encrypt user data

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 219

When the enterprise establishes its own information system, it checks each operation according to the internationally established authoritative standards and can detect its own information.

Is the system secure

Page 62

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 220

Which of the following options is the port number used for L2TP packets?

1. 17
2. 500
3. 1701
4. 4500

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 221

The steps of the safety assessment method do not include which of the following?

1. Human audit
2. Penetration testing
3. Questionnaire
4. Data analysis

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 222

IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 223

Regarding firewall security policies, which of the following is correct?

1. By default, security policies can control unicast and broadcast packets
2. By default, security policies can control multicast
3. By default, the security policy controls only unicast packets

Page 63

1. By default, security policies can control unicast packets, broadcast packets, and multicast packets

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 224

Which of the following information is encrypted when using a digital envelope? (Multiple choices)

1. Symmetric keys
2. User data
3. Recipient public key
4. Receiver private key

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 225

Which of the following is an action to be taken during the eradication phase in a cybersecurity emergency response?

(Multiple choice)

1. Find sick Trojan horses, illegal authorization, system loopholes, and deal with them in time
2. Revise security policies based on security incidents and enable security audits
3. Blocking attacks and reducing their scope
4. Confirm the degree of damage caused by the security incident and report the security incident

Correct Answer: AB

Section: (none)

Explanation

Explanation / Reference:

QUESTION 226

Which of the following attacks can DHCP Snooping prevent? (Multiple choices)

1. DHCP Server Phishing Attack
2. Man in the Middle and IP / MAC spoofing Attacks
3. IP spoofing attacks
4. Counterfeit DHCP lease renewal message attack using option82 field

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

Page 64

QUESTION 227

In the Huawei SDSec solution, which of the following options belong to the equipment of the execution layer? (Multiple choices)

1. CIS
2. Fierhunter
3. Router
4. AntiDDoS

Correct Answer: BCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 228

A company employee account has expired, but the account can still be used to access the company server. What security risks does the above scenario belong to? (Multiple choices)

1. Managing security risks
2. Access security risks
3. System security risks
4. Physical security risks

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 229

What is the default backup mode for dual-system hot backup?

1. Automatic backup
2. Manual batch backup
3. Quick session backup
4. Configuration of the active and standby FWs after the device restarts

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 230

Network administrators can collect data to be analyzed on network devices through packet capture, port mirroring, or logs

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Page 65

Explanation / Reference:

QUESTION 231

The world’s first worm, the “Morris Worm,” made people realize that as people ’s dependence on computers grew,

The possibility of attack on computer networks is also increasing, and it is necessary to establish a comprehensive emergency response system

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 232

Which of the following is required for IPSec VPN? (Multiple choices)

1. Configure IKE neighbors
2. Configure IKE SA related parameters
3. Configure IPSec SA related parameters
4. Configure the flow of interest

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 233

Which of the following categories are included in Huawei firewall user management? (Multiple choices)

1. Internet user management
2. Access user management
3. Administrator User Management
4. Device user management

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 234

In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options is correct for the description of tracking technology? (Multiple choices)

1. The packet recording technology inserts the trace data in the traced IP data packet, so as to mark the packet on each router that has been talked about.
2. Link detection technology determines the source of the attack by testing the network connection between routers
3. Packet marking technology records the packets on the router and then uses data drilling techniques to extract the source of the attack
4. Shallow email behavior analysis can realize information such as sending IP address, sending time, sending frequency, number of recipients, shallow email header

Analysis

Page 66

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 235

When a user uses session authentication to trigger the built-in Portal authentication of the firewall, the user does not actively perform identity authentication, advanced service access,

Device pushes “redirect” to authentication page

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 236

For the description of the intrusion detection system, which of the following is wrong ?.

1. Intrusion detection system can dynamically collect a large amount of key information through the network and computer, and can analyze and judge the entire system environment in time.

Current status

1. Once the intrusion detection system finds that it violates the security policy or the system has traces of being attacked, it can implement blocking operations.
2. Intrusion detection system includes all software and hardware systems used for intrusion detection
3. The immersion detection system can be linked with firewalls and switches to become a powerful “assistant” for firewalls, to better and more accurately control inter-domain traffic

Volume visit

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 237

Which of the following options are encapsulation modes supported by IPSec VPN? (Multiple choices)

1. AH mode
2. Tunnel mode
3. Transmission mode
4. ESP mode

Correct Answer: BC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 238

Tunnel addresses at both ends of the GRE tunnel can be configured as addresses on different network segments

Page 67

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 239

Regarding the description of the packet during the iptables transmission, which of the following options is wrong?

1. When a data packet enters the network card, it first matches the PREROUTING chain
2. If the destination address of the packet is local, the system will send the packet to the INPUT chain.
3. If the destination address of the packet is not local, the system sends the packet to the OUTPUT chain
4. If the destination address of the data packet is not the local machine, the system sends the data packet to the FORWARD chain.

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 240

Regarding the description of the operating system, which of the following is wrong?

1. The operating system is the interface between the user and the computer
2. The operating system is responsible for managing all hardware resources of the computer system and controlling the execution of software.
3. The interface between the operating system and the user is a graphical interface
4. The operating system itself is software

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

QUESTION 241

Which of the following is not a requirement for dual-system hot backup of the firewall?

1. The firewall hardware model is the same
2. The firewall software version is the same
3. The type and number of the interfaces used are the same
4. The firewall interface IP address is the same

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 242

Regarding the NAT policy processing flow, which of the following options are correct?

(Multiple choice)

Page 68

1. Server-map is processed after state detection
2. Source NAT policy query is processed after session creation
3. Source NAT policy is processed after security policy matches
4. Server-map processing before security policy matching

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 243

Which of the following options are required for a dual-system hot backup scenario?

(Multiple choice)

1. hrp enable
2. hrp mirror session enable
3. hrp interface interface-type interface-number
4. hrp preempt [delay interval]

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 244

Manual audit is a supplement to tool evaluation. It does not need to install any software on the target system being evaluated.

Operation and status have no effect. Which of the following options is not included in the manual audit?

1. Manual detection of the host operating system
2. Manual inspection of the database
3. Manual inspection of network equipment
4. Manual inspection of the process of the administrator operating the equipment

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 245

Which of the following options belong to the default security zone of Huawei Firewall? (Multiple choices)

1. Zone
2. Trust area
3. Untrust Zone
4. Security area

Correct Answer: BC

Section: (none)

Page 69

Explanation

Explanation / Reference:

QUESTION 246

What level of early warning corresponds to a major cyber security event?

1. Red alert
2. Orange warning
3. Yellow warning
4. Blue warning

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 247

Regarding the source of electronic evidence, which of the following is incorrect?

1. Facsimile information, mobile phone recordings are electronic evidence related to communication technology.
2. Movies and TV series are electronic evidence related to network technology.
3. Database operation records, operating system logs are computer-related electronic evidence •
4. Operating system, e-mail, chat records can be used as the source of electronic evidence

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 248

Regarding the sequence of call establishment processes in the L2TP corridor, which of the following descriptions is correct?

1. Establish L2TP tunnel
2. Establish a PPP connection

3.LNS authenticates users

4. Users access intranet resources
5. Establish L2TP Session
6. 1-> 2-> 3-> 5-> 4
7. 1-> 5-> 3-> 2-> 4
8. 2-> 1-> 5-> 3-> 4
9. 2-> 3-> 1-> 5-> 4

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

Page 70

QUESTION 249

The protocol field in the IP packet header identifies the protocol used by its upper layer. Which of the following field values ​​indicates that the upper layer protocol is

UDP protocol?

1. 6
2. 17
3. 11
4. 18

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 250

Carry out regular inspections of network security systems and equipment, upgrade patches, and organize cyber security emergency response drills in accordance with management specifications.

Which part of the MPDRR network security mode does the above action belong to?

1. Protection link
2. Testing
3. Response
4. Management

Correct Answer: BC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 251

Information security level protection is the basic system of national information security protection work

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 252

Which of the following options is not the identity of an IPSec SA?

1. SPI
2. Destination address
3. Source address
4. Security protocols

Correct Answer: C

Section: (none)

Explanation

Explanation / Reference:

Page 71

QUESTION 253

What is the difference between the pre-accident prevention strategy and the post-accident recovery strategy? (Multiple choices)

1. Prevention strategies focus on minimizing the possibility of accidents before the story begins. Recovery strategies focus on minimizing

Impact and loss

1. The role of pre-disaster prevention strategies does not include minimizing economic and reputational losses due to accidents
2. Recovery strategies to improve business high availability
3. Recovery strategies are part of the business continuity plan

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 254

During the administrator’s upgrade of the USG firewall software version, which of the following operations are necessary? (Multiple choices)

1. Upload firewall version software
2. Restart the device
3. Factory reset
4. Specify the software version to be loaded at the next startup

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 255

If the company’s structure changes in reality, the business continuity plan needs to be retested

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 256

HTTP packets are carried using UDP, while HTTPS protocol is based on TCP three-way handshake, so HTTPS is more secure and more recommended

Use HTTPS.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Page 72

Explanation / Reference:

QUESTION 257

Single sign-on for Internet users, users directly authenticate to the AD server, and the device does not interfere with the user authentication process. AD monitoring services require

Deployed on the USG to monitor the authentication information of the AD server

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 258

UDP port scanning refers to an attacker sending a zero-byte length UDP packet to a specific port on the target host. If the port is open,

An ICMP port reachable data message will be returned.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 259

Regarding the business continuity plan, what is the following statement correct? (Multiple choices)

1. The business continuity plan does not require senior company involvement during the scoping phase
2. BCP needs flexibility because it cannot predict all possible accidents
3. The business continuity plan does not require senior company involvement before it is formally documented
4. Not all security incidents must be reported to company executives

Correct Answer: BD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 260

When the USG series firewall hard disk is in place, which of the following logs can be viewed? (Multiple choices)

1. Operation log
2. Business logs
3. Alarm information
4. Threat log

Correct Answer: ABCD

Section: (none)

Page 73

Explanation

Explanation / Reference:

QUESTION 261

Social engineering is a kind of psychological trapping through victim’s psychological weakness, instinct reaction, curiosity, trust, greed, etc.

Harms such as deception and injury.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 262

Apply for emergency response special funds and purchase emergency response software and hardware equipment in which stage of the network’s full emergency response?

1. Preparation stage
2. Inhibition phase
3. Response phase
4. Recovery phase

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 263

Device sabotage attacks are generally not easy to cause information leakage, but usually cause network service interruption.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 264

Regarding the description of online user and VPN access user authentication, which of the following is wrong?

1. Internet users and VPN access users share data, and user attribute checks (user status, account expiration time, etc.) are also correct.

VPN access takes effect

1. Local users or server authentication processes are basically the same for online users. Both use the authentication domain to authenticate users.

The same

1. After VPN users access the network, they can access the network resources of the corporate headquarters. The firewall can control the accessible network resources based on user names
2. VPN access users will go online at the same time after being authenticated

Page 74

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 265

Which of the following descriptions of the patch is wrong?

1. A patch is a small program made by the original author of the software to find a vulnerability
2. Not patching does not affect the operation of the system, so whether it is patched or not is irrelevant.
3. Patches are constantly updated.
4. Computer users should download and install the latest patches in time to protect their systems

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 266

Regarding the description of the Intrusion Prevention System (IPS), which of the following is incorrect?

1. IDS equipment needs to cooperate with firewall to block intrusion
2. IPS equipment cannot be bypassed in the network
3. IPS devices can be connected at the network boundary and deployed online
4. Once the IPS device detects the intrusion behavior, it can realize real-time blocking

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 267

Guan Zihua’s routers and routers, which of the following statements are correct? (Multiple choices)

1. Routers can implement some security functions, and some routers can implement more security functions by adding security cards
2. The main function of the router is to forward data. When enterprises have security requirements, sometimes a firewall may be a more suitable choice.
3. The switch has some security functions, and some switches can implement more security functions by adding security cards.
4. Switches do not have security features

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 268

Which of the following options is not a log type for the windows operating system?

1. Business logs
2. Application logs
3. Security logs

Page 75

1. System logs

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 269

After the network intrusion event, obtain the identity of the intrusion, the source of the attack and other information according to the plan, and block the intrusion behavior. The above actions

What links belong to the PDRR network security model? (Multiple choices)

1. Protection link
2. Testing
3. Response
4. Recovery

Correct Answer: BC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 270

Regarding scanning of vulnerabilities, which of the following is wrong?

1. The loopholes were previously unknown and discovered afterwards.
2. Vulnerabilities are generally patchable
3. Vulnerabilities are security risks that can expose computers to hacking
4. Vulnerabilities are avoidable

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 271

When the user is configured for single sign-on, the PC message mode is used. The authentication process includes the following steps:

1 The visitor PC executes the login script and sends the user login information to the AD monitor

2 The firewall extracts the correspondence between the user and the IP from the login information and adds it to the online user table

3 The AD monitor connects to the AD server to query login user information, and forwards the queried user information to the firewall

4 The visitor logs in to the AD domain. The AD server returns a login success message to the user and issues a login script.

Which of the following is correct?

1. 1-2-3-4
2. 4-1-3-2
3. 3-2-1-4
4. 1-4-3-2

Correct Answer: B

Section: (none)

Page 76

Explanation

Explanation / Reference:

QUESTION 272

The administrator wants to create a web configuration administrator, the device web access port number is 20000, and the administrator is an administrator level. Which of the following commands

Is it correct?

A.

B.

C.

D.

Page 77

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 273

Regarding the description of security policy actions and security profiles, which of the following options are correct? (Multiple choices)

1. Forbidden If the action of the security policy is “Forbidden”, the device will discard this traffic and no further content security checks will be performed.
2. Security profiles can take effect without being applied to security policies whose actions are allowed
3. The security profile must be applied under a security policy whose action is allowed to take effect.
4. If the security policy action is “Allow”, the traffic will not match the security profile

Correct Answer: AC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 274

Which of the following options are the same characteristics of windows system and LINUX system? (Multiple choices)

1. Support for multitasking
2. Support graphical interface operation
3. Open source systems
4. Support for multiple terminal platforms

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 275

During the NAT configuration process, in which of the following situations, the device generates a server-map entry? (Multiple choices)

1. Automatically generate server-map entries when configuring source NAT
2. After the NAT server is successfully configured, the device will automatically generate a Server-map entry.
3. Server-map entries are generated when easy-ip is configured
4. After NAT No-PAT is configured, the device will create a server-map table for the configured multi-channel protocol data flow.

Correct Answer: BD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 276

NAT technology can realize data security transmission by encrypting data.

Page 78

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 277

Which of the following is the correct order for incident response management?

1 detection

2 reports

3 remission

4 summarize experience

5 fixes

6 recovery

7 responses

1. 1-3-2-7-5-6-4
2. 1-3-2-7-6-5-4
3. 1-2-3-7-6-5-4
4. 1-7-3-2-6-5-4

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 278

Which of the following statements about L2TP VPN is wrong?

1. Applicable to employees on business trip dial-up access to the intranet
2. Data will not be encrypted
3. Can be used with IPsec VPN
4. Belongs to Layer 3 VPN technology

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 279

Encryption technology can convert readable information into unreadable information through certain methods.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Page 79

Explanation / Reference:

QUESTION 280

ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application layer.

Implemented special security mechanisms. Which of the following statements about ASPF and server-map tables is correct? (Multiple choices)

1. ASPF monitors messages during communication
2. ASPF can create server-map dynamically
3. ASPF dynamically allows multi-channel protocol data to pass through the server-map table
4. The five-tuple server-map entry implements a similar function to the session table

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 281

The role of antivirus software and host firewall is the same.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 282

The process of electronic forensics includes: protecting the scene, obtaining evidence, preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 283

Page 80

The command is executed on the firewall and the above information is displayed. Which of the following descriptions is correct? (Multiple choices)

1. The status of this firewall VGMP group is Active
2. The virtual IP address of this firewall G1 / 0/1 interface is 202.38.10.2
3. The priority of the VRRP backup group whose firewall VRID is 1 is 100
4. Will not switch when the master device USG_A fails

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

QUESTION 284

In the USG series firewall system view, after the reset saved-configuration command is executed, the device configuration is restored to the default configuration.

No further action is required to take effect.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 285

Which of the following is the difference between Network Address Port Translation (NAPT) and No Network Address Translation (No-PAT)?

1. After No-PAT conversion, for external users, all packets are from the same IP address
2. No-PAT only supports protocol port conversion at the transport layer
3. NAPT only supports protocol address translation at the network layer
4. No-PAT supports protocol address translation at the network layer

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 286

Which of the following options is correct for the description of a buffer overflow attack?

Page 81

(Multiple choice)

1. Buffer overflow attack exploits the defect of the software system’s memory operation and runs the attack code with high operation authority
2. Buffer overflow attacks have nothing to do with the vulnerability and architecture of the operating system
3. Buffer overflow attacks are one of the common ways to attack software systems
4. Buffer overflow attacks are application-level attacks

Correct Answer: ACD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 287

Which of the following is not the business scope of the National Internet Emergency Center?

1. Emergency handling of security incidents
2. Early warning of security incidents
3. Provide security evaluation services for government departments, enterprises and institutions
4. Cooperate with other institutions to provide training services

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 288

The host firewall is mainly used to protect the host from attacks and intrusions from the network.

1. Yes
2. wrong

Correct Answer: A

Section: (none)

Explanation

Explanation / Reference:

QUESTION 289

Which of the following options belong to international organizations related to information security standardization? (Multiple choices)

1. International Organization for Standardization (ISO)
2. International Electrotechnical Commission (IEC)
3. International Telecommunication Union (ITU)
4. Wi-Fi Alliance

Correct Answer: ABC

Section: (none)

Explanation

Explanation / Reference:

Page 82

QUESTION 290

In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options is correct for the description of tracking technology? (Multiple choices)

1. The packet recording technology inserts trace data in the traced IP data packets, so

Marking packets

1. Link test technology determines the source of the attack by testing the network link between routers
2. Packet marking technology records the packets on the router and then uses data drilling techniques to extract the source of the attack
3. Shallow email behavior analysis can realize sending IP address, sending time, sending frequency, number of recipients, shallow email header

Analysis of information.

Correct Answer: ABD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 291

Digital signature technology obtains a digital signature by encrypting which of the following data?

1. User data
2. Recipient’s public key
3. Sender public key
4. Digital fingerprint

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 292

On Huawei USG series firewalls, the default security policy cannot be modified.

1. Yes
2. wrong

Correct Answer: B

Section: (none)

Explanation

Explanation / Reference:

QUESTION 293

In the classification of the information security level protection system, which of the following levels defines if the information system is damaged, it will affect social order and society.

Damage to the public interest? (Multiple choices)

1. First level

User autonomous protection level

1. Second level

System audit protection level

1. Third level

Security mark protection

1. Level 4

Structured protection

Page 83

Correct Answer: ABCD

Section: (none)

Explanation

Explanation / Reference:

QUESTION 294

In the Huawei SDSec solution, which of the following is an analysis layer device?

1. CIS
2. Agile Controller
3. switch
4. Firehunter

Correct Answer: D

Section: (none)

Explanation

Explanation / Reference:

QUESTION 295

Regarding the control action permit and deny of the firewall inter-domain forwarding security policy, which of the following options are correct? (Multiple choices)

1. The action of the firewall’s default security policy is deny
2. Packets are discarded immediately after the deny action of the inter-domain security policy is matched, and other inter-domain security policies will not continue to be executed.
3. Even if the packet matches the permit action of the security policy, it may not be forwarded by the firewall
4. Whether the packet matches the permit action or deny action of the security policy, it will be transferred to the UTM module for processing.

Correct Answer: ABC

Section: (none)</strong