Huawei HCNA HCIA security main exam for certification. It cover all Levels in Huawei Exams. It comprises both questions and answers. Learn and share the knowledge out there with your family, colleagues, friends and workmates.
Regarding the description of windows log event types, which options are correct? (Multiple choices)
A. Warning events are events for the successful operation of an application, driver, or service.
B. Error events usually refer to loss of functionality and data. For example, if a service cannot be loaded as a
system boot, an error event is generated.
C. When disk space is low, it will be recorded as an “information event”
D. Failure audit event refers to a failed audit of a secure login attempt, such as a failure when the user view
accesses a network drive, and it is recorded as a failure
Audit events.
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 2
Which of the following types of encryption technology can be classified? (Multiple choices)
A. Symmetric encryption
B. Symmetric encryption
C. Fingerprint encryption
D. Data encryption
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 3
Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple
choices)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC
Page 2
Exam A
QUESTION 1
Regarding the description of windows log event types, which options are correct? (Multiple choices)
Warning events are events for the successful operation of an application, driver, or service.
Error events usually refer to loss of functionality and data. For example, if a service cannot be loaded as a system boot, an error event is generated.
When disk space is low, it will be recorded as an “information event”
Failure audit event refers to a failed audit of a secure login attempt, such as a failure when the user view accesses a network drive, and it is recorded as a failure
Audit events.
Correct Answer: 2,3,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 2
Which of the following types of encryption technology can be classified? (Multiple choices)
Symmetric encryption
Symmetric encryption
Fingerprint encryption
Data encryption
Correct Answer: 1,2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 3
Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple choices)
Session table
ServerMap entry
Dynamic blacklist
Routing table
Correct Answer: 1,2,3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 4
Which of the following is a core part of the P2DR model?
Policy
Protection
Detection
Response
Page 3
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 5
Evidence identification needs to address the verification of the completeness of the evidence and determine whether it meets the applicable standards. Regarding the standards of evidence identification, which of the following descriptions is
correct?
Relevance criterion refers to the fact that if the evidence is able to have a substantial impact on the facts of the case to a certain extent, the court should rule that it is relevant.
Sex.
2. Objectivity standards mean that the acquisition, storage, and submission of electronic evidence should be legal, and should be based on national interests, social welfare, and personal privacy.
This right does not constitute a strict violation.
3. The standard of legality is to ensure that the content of electronic evidence has not changed from the initial collection to the submission as evidence of litigation.
Into.
4. The fairness standard refers to the evidence materials obtained by legal entities through legal means to have evidence capacity.
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 6
Data analysis technology is to find and match keywords or key phrases in the acquired data stream or information stream, and analyze the relevance of time. the following
Which is not an evidence analysis technique?
Cryptographic decoding, data decryption technology
Document Digital Digest Analysis Techniques
Techniques to uncover the links between different pieces of evidence
Spam tracking technology
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 7
Regarding AH and ESP security protocols, which of the following options is correct? (Multiple choices)
AH can provide encryption and authentication functions
ESP can provide encryption and authentication functions
The agreement number of AH is 51
The agreement number of ESP is 51
Correct Answer: 2,3
Section: (none)
Explanation
Explanation / Reference:
Page 4
QUESTION 8
DDoS attacks belong to which of the following attack types?
Spying Scan Attack
Malformed message attack
Special message attacks
Traffic attacks
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 9
Regarding SSL VPN technology, which of the following options is wrong?
SSL VPN technology is perfect for NAT traversal scenarios
The encryption of SSL VPN technology is only effective at the application layer
SSL VPN requires a dial-up client
SSL VPN technology extends the reach of an enterprise’s network
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 10
Which of the following options can be operated in the advanced settings of windows firewall? (Multiple choices)
Restore default values
Change notification rules
Setting connection security rules
Set up inbound and outbound rules
Correct Answer: 1,2,3,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 11
When a NAT server is configured on a USG series firewall, a server-map table is generated. Which of the following is not included in the performance?
Destination IP
Destination port number
Agreement number
Source IP
Page 5
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 12
Which of the following attacks is not a special message attack?
ICMP redirect message attack
ICMP Unreachable Packet Attack
IP address scanning attack
Oversized ICMP packet attack
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 13
Which of the following attacks is not a malformed packet attack?
Teardrop attack
Smurf attack
TCP Fragmentation Attack
ICMP Unreachable Packet Attack
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 14
The “Caesar cipher” is mainly used to encrypt data by using a stick of a specific specification.
Yes
wrong
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 15
Which of the following are remote authentication methods? (Multiple choices)
RADIUS
Local
Page 6
HWTACACS
LLDP
Correct Answer: 1,3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 16
When the firewall hard disk is in place, which of the following is a correct description of the firewall log?
Administrators can publish content logs to view network threat detection and defense records
Administrators can use the threat log to understand the user’s security risk behavior and the reasons for being alerted or blocked
The administrator learns the user’s behavior, groped keywords, and the effectiveness of the audit policy configuration through the user activity log
The administrator can learn the security policy of traffic hit through the policy hit log, which can be used for fault location when a problem occurs.
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 17
In the Client-Initiated VPN configuration, it is generally recommended to plan the address pool and the headquarters network addresses as different network segments, otherwise the gateway device must be configured
Enable proxy forwarding.
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 18
Which of the following is the encryption technology used in digital envelopes?
Symmetric encryption algorithm
Asymmetric encryption algorithm
Hashing algorithm
Stream encryption algorithm
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
Page 7
QUESTION 19
In addition to the built-in Portal authentication, the firewall also supports custom Portal authentication. When custom Portal authentication is used, it does not need to be deployed separately.
External Portal server.
Yes
wrong
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 20
NAPT technology can implement one public network IP address for multiple private network hosts.
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 21
IPSec VPN technology does not support NAT traversal when using ESP security protocol encapsulation, because ESP encrypts the packet header
Yes
wrong
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 22
Regarding the description of SSL VPN, which of the following is correct?
Can be used without a client
Can encrypt the IP layer
NAT traversal problem
No authentication required
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
Page 8
QUESTION 23
Some applications, such as Oracle database applications, have no data stream transmission for a long time, which interrupts the firewall session connection, resulting in business interruption. The following
Which is the optimal solution?
Configure a long service connection
Enable ASPF function
Optimizing security policies
Enable shard cache
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 24
“Implement security monitoring and management of information and information systems to prevent illegal use of information and information systems” is to realize which features of information security
Sex?
Confidentiality
Controllability
Non-repudiation
Integrity
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 25
When configuring a security policy, one security policy can reference an address set or configure multiple destination IP addresses.
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 26
Which of the following options does not fall into the 5-tuple range?
Source IP
Source MAC
Destination IP
Destination port
Page 9
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 27
Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?
After a remote user accesses the Internet, the client software can directly initiate an L2TP tunnel connection request to the remote LNS.
The LNS device receives the user’s L2TP connection request and can authenticate the user based on the user name and password
LNS assigns private IP addresses to remote users
Remote users do not need to install VPN client software
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 28
Regarding the description of the vulnerability scan, which of the following is wrong?
Vulnerability scanning is a technology that remotely monitors the vulnerability of the security performance of the target network or host based on the network. It can be used to simulate attacks.Inspection and security audit.
Vulnerability scanning is used to detect the existence of vulnerabilities on the target host system. Generally, the target host is scanned for specific vulnerabilities.
Vulnerability scanning is a passive precautionary measure that can effectively avoid hacking
Vulnerability scanning can be performed based on the results of ping scanning and port scanning
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 29
Regarding the firewall security policy statement, what is wrong with the following options?
If the security policy is permit, discarded packets will not accumulate “hits”
When configuring a security policy name, you cannot reuse the same name
Adjust the order of security policies, no need to save configuration files, take effect immediately
The security policy entries of Huawei USG series firewalls cannot exceed 128
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 30
Which of the following protection levels are included in the TCSEC standard? (Multiple choices)
Page 10
Verify protection level
Mandatory protection levels
Autonomous protection level
Passive protection level
Correct Answer: 1,2,3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 31
Which of the following options are part of the PKI architecture? (Multiple choices)
End entity
Certificate authority
Certificate Registration Authority
Certificate storage
Correct Answer: 1,2,3,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 32
“Good observation” and “keep skepticism” can help us better identify security threats in the cyber world
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 33
In tunnel encapsulation mode. IPSec configuration does not need to have a route to the destination private network segment, because the data will be re-encapsulated to use the new IP
Header looks up the routing table.
Yes
wrong
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 34
Regarding the description of windows firewall, which of the following options are correct? (Multiple choices)
Page 11
The windows firewall can only allow or prohibit preset programs or functions and programs installed on the system.
Custom release rules
2. Windows firewall not only allows or prohibits the preset programs or functions and programs installed on the system, but also supports itself based on the protocol or end
Slogan Custom Release Rules
3. If you cannot access the Internet during the Windows firewall setting process, you can use the Restore Defaults function to quickly restore the firewall to its original state.
state
4. Windows firewall can change notification rules even when it is turned off
Correct Answer: 2,3,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 35
Which of the following statements about investigation and forensics is correct?
Evidence may not be required during the investigation
Evidence obtained by wiretapping is also valid
Enforcement agencies are best involved in all investigations and evidence gathering processes
Documentary evidence is required in computer crime
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 36
Regarding online user management, which of the following is wrong?
Each user group can include multiple users and user groups
Each user group can belong to multiple parent user groups
The system has a default user group by default.
Each user belongs to at least one user group or multiple user groups
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 37
Which of the following is not the method used in the Detection link in the P2DR model?
Real-time monitoring
Detection
Alarm
Closed Services
Correct Answer: 3
Page 12
Section: (none)
Explanation
Explanation / Reference:
QUESTION 38
Which of the following is not a LINUX operating system?
CentOS
RedHat
Ubuntu
MAC OS
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 39
In some scenarios, both source IP addresses and destination IP addresses need to be converted. Which of the following technologies is used in this scenario?
Bidirectional NAT
Source NAT
NAT-Server
NAT ALG
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 40
Which of the following protocols can guarantee the confidentiality of data transmission? (Multiple choices)
Telnet
SSH
FTP
HTTPS
Correct Answer: 2,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 41
After the web redirection function is configured on the USG series firewall, the authentication page cannot be displayed. Which of the following is not the cause of the fault?
The authentication policy is not configured or is incorrectly configured
Web authentication is not enabled
The browser SSL version does not match the SSL version of the firewall authentication page
The port number of the authentication page service is set to 8887
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 42
Which of the following is the correct description of the order of the four phases of the Information Security Management System (ISMS)?
Plan-> Check-> Do-> Action
Check-> Plan-> Do-> Action
Plan-> Do-> Check-> Action
Plan-> Check-> Action-> Do
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 43
In the information security system construction management cycle, which of the following actions need to be implemented in the “check” link?
Design of safety management system
Safety management system implementation
Risk assessment
Safety management system operation monitoring
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 44
The status of this firewall VGMP group is Active
The VRRP group status of this firewall’s G1 / 0/0 and G1 / 0/1 interfaces is standby
Page 14
The HRP heartbeat interfaces of this firewall are G1 / 0/0 and G1 / 0/1
This firewall must be in a preemptive state
Correct Answer: 2
Section: (none)
Explanation
Explanation / Reference:
QUESTION 45
Classification of servers by shape can be divided into the following types? (Multiple choices)
Blade server
Tower Server
Rack Server
X86 server
Correct Answer: 1,2,3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 46
Common scanning attacks include: port scanning tools, vulnerability scanning tools, application scanning tools, database scanning tools, etc.
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 47
According to the protection object to divide the firewall, windows firewall belongs to-?
Software firewall
Hardware firewall
Stand-alone firewall
Network firewall
Correct Answer: 3
Section: (none)
Explanation
Explanation / Reference:
QUESTION 48
Which of the following options are ways for a PKI entity to apply for a local certificate from a CA? (Multiple choices)
Page 15
Apply online
Local application
Online Application
Offline application
Correct Answer: 1,4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 49
Intrusion prevention system (IPS, intrusion prevention system) is a defense system that can block in real time when an intrusion is detected
Yes
wrong
Correct Answer: 1
Section: (none)
Explanation
Explanation / Reference:
QUESTION 50
Which of the following is not a symmetric encryption algorithm?
DES
3DES
AES
RSA
Correct Answer: 4
Section: (none)
Explanation
Explanation / Reference:
QUESTION 51
Which of the following options are correct regarding configuring firewall security zones? (Multiple choices)
The firewall has four security zones by default, and the priorities of the four security zones cannot be modified.
The firewall can have up to 12 security zones
A firewall can create two security zones of the same priority
When data flows between different security areas, the security check of the device will be triggered and the corresponding security policy will be implemented
Correct Answer: 1,4
Section: (none)
Explanation
Explanation / Reference:
Page 16
QUESTION 52
Digital certificates can be divided into local certificates, CA certificates, root certificates, and self-signed certificates according to different usage scenarios.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 53
Regarding the root CA certificate, which of the following is incorrect?
Issuer is CA
The certificate subject name is CA
Public key information is the CA’s public key
The signature is generated by CA public key encryption
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 54
Which of the following configurations can implement the NAT ALG function?
nat alg protocol
alg protocol
nat protocol
detect protocol
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 55
Regarding the firewall gateway’s anti-virus response method for the HTTP protocol, which of the following statements is wrong?
When the gateway device blocks the HTTP connection, push the web page to the client and generate a log
Response methods include announcement and blocking
Alarm mode The device only generates logs and sends the files without processing the HTTP protocol.
Blocking means that the device disconnects from the HTTP server and blocks file transfers
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 17
QUESTION 56
Which of the following is not a user authentication method in the USG firewall?
Certification Free
Password authentication
Single sign-on
Fingerprint authentication
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 57
The firewall GE1 / 0/1 and GE1 / 0/2 ports belong to the DMZ area. If you want to realize that the area connected to GE1 / 0/1 can access the area
Area, which of the following is correct?
Need to configure Local to DMZ security policy
No configuration required
Inter-domain security policy needs to be configured
Need to configure DMZ to local security policy
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 58
The process of forwarding the first packet of a session between firewall domains has the following steps:
1.Find routing table
2.Find inter-domain packet filtering rules
3.Find the session table
4.Find blacklist
Which of the following order is correct?
1-> 3-> 2-> 4
3-> 2-> 1-> 4
3-> 4-> 1-> 2
4-> 3-> 1-> 2
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 59
The administrator wants to know the current session table. Which of the following commands is correct?
Page 18
clear firewall session table
reset firewall session table
display firewall session table
display session table
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 60
Which of the following are the basic functions of antivirus software? (Multiple choices)
Protection against viruses
Finding viruses
Remove the virus
Replication virus
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 61
The European TCSEC Code is divided into two modules, functional and evaluation, mainly used in the military, government and commercial fields
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 62
In the future development trend of information security, terminal detection is an important part. Which of the following methods fall into the category of terminal detection? (Multiple choices)
Install host anti-virus software
Monitor and remember external devices
Prevent users from accessing public search engines
Monitor host registry modification records
Correct Answer: AD
Section: (none)
Explanation
Explanation / Reference:
Page 19
QUESTION 63
Use iptables to write a rule that does not allow the network segment 172.16.0.0/16 to access the device. Which of the following rules is correct?
A.
B.
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 64
Which of the following options is not included in the consistency check of the HRP master / backup configuration?
NAT Policy
Are heartbeat interfaces with the same serial number configured?
Next hop and outgoing interface of the static route
Authentication strategy
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 65
In the USG series firewall, you can use the ______ function to provide well-known application services for non-well-known ports.
Port mapping
MAC and IP address binding
Packet filtering
Long connection
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 66
The questionnaire design principles do not include which of the following?
Integrity
Openness
Page 20
Specificity
Consistency
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 67
To implement the “anti-virus function” in the security policy, you must activate the license.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 68
The configuration commands for the NAT address pool are as follows:
The meaning of the no-pat parameter is:
No address translation
Port multiplexing
Do not convert source ports
Do not convert the destination port
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 69
On the surface, threats such as viruses, vulnerabilities, and Trojan horses are the cause of information security incidents. However, the root cause is that information security incidents are related to people and information systems.
It is also very relevant in itself.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
Page 21
QUESTION 70
When connecting to Wi-Fi in public places, which of the following actions is relatively more secure?
Connect to an unencrypted Wi-Fi hotspot
Connect to a paid Wi-Fi hotspot provided by the operator and only browse the web
Connect to unencrypted free Wi-Fi for online shopping
Connect encrypted free Wi-Fi for online transfer operations
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 71
Which of the following is an action to be taken during the summary phase in a cybersecurity emergency response? (Multiple choices)
Establish a defense system and specify control measures
Evaluate the implementation of emergency plans and propose follow-up improvement plans
Judging the effectiveness of isolation measures
Evaluation of emergency response organization members
Correct Answer: BD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 72
Regarding port mirroring, which of the following descriptions are correct? (Multiple choices)
Mirrored port copies packets to observing port
The observing port sends the received message to the monitoring device
The mirrored port sends the received message to the monitoring device
Observing port copies packets to mirrored port
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 73
Which of the following options is the protocol number for GRE?
46
47
89
50
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 22
QUESTION 74
Which of the following is wrong about the VGMP protocol description?
VGMP joins multiple VRRP backup groups on the same firewall to a management group, and all VRRP backup groups are managed by the management group.
VGMP guarantees that the status of all VRRP backup groups in the management group is consistent by uniformly controlling the status of each VRRP backup group.
The VGMP group device in the Active state periodically sends hello packets to the peer.
Respond
By default, when the Hello side does not receive the Hello message sent by the peer for three hello packet cycles, it will consider that the peer has failed.
And switch yourself to Active state.
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 75
A and B communication parties perform data communication. If the asymmetric encryption algorithm is used for encryption, when A sends data to B, which of the following keys will be used
Data encryption?
A’s public key
A’s private key
Public key of B
B’s private key
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 76
IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 77
Regarding GRE encapsulation and decapsulation, which of the following descriptions is incorrect?
The encapsulation process. The original data packet is sent to the Tunnel interface by looking up the route and then the GRE encapsulation is started.
Encapsulation process. After encapsulation by the GRE module, this packet will enter the IP module for further processing.
Decapsulation process. After receiving the GRE packet, the destination sends the packet to the tunnel interface by searching for the route and then decapsulates the GRE
Decapsulation process. After decapsulation by the GRE module, this packet will enter the IP module for further processing.
Page 23
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 78
The repair of anti-virus software only needs to repair some system files deleted by mistake when checking for viruses to prevent system crashes
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 79
Which of the following does not fall into the hierarchy of cybersecurity incidents?
Major cybersecurity incidents
Special cybersecurity incidents
General cybersecurity incidents
Major cybersecurity incidents
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 80
Which of the following statements is true about single sign-on? (Multiple choices)
The device can identify users who have been authenticated by the identity authentication system
AD domain single sign-on has only one deployment mode
Although the user password is not required, the authentication server needs to interact with the user password to ensure that the authentication passes.
AD domain single sign-on can be synchronized to the firewall by mirroring the login data stream
Correct Answer: AD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 81
Regarding the relationship and role of VRRP / VGMP / HRP, which of the following statements is correct? (Multiple choices)
VRRP is responsible for sending free ARP to direct traffic to the new master device when the master and backup are switched
VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment
Page 24
HRP is responsible for data backup during hot standby operation
Active VGMP group may include VRRP group in standby state
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 82
The administrator PC is directly connected to the USG firewall management interface and uses the web method to perform the initialization. Which of the following statements is correct? (Multiple choices)
The browser of the management PC accesses http; //192.168.0.1
The IP address of the management PC is manually set to 192.168.0.2-192.168.0.254
The browser of the management PC accesses http://192.168.1.1
Set the network card of the management PC to obtain an IP address automatically
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 83
In the Huawei SDSec solution, which layer of equipment does the firewall belong to?
Analysis layer
Control layer
Executive layer
Monitoring layer
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 84
When dual-system hot backup is deployed on the firewall, which of the following protocols is required to switch the overall state of the VRRP backup group?
VRRP
VGMP
HRP
OSPF
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 25
QUESTION 85
As shown in the figure, the online scenario of internal users of the enterprise is as follows:
The authentication is passed. The USG allows the connection to be established.
The user accesses the Internet and enters http://1.1.1.1
3.USG push authentication interface
The user successfully accesses http://1.1.1.1, and the device creates a session table
5 The user enters the correct username and password
The following correct process ordering should be:
2-> 5-> 3-> 1-> 4
2-> 3-> 5-> 1-> 4
2-> 1-> 3-> 5-> 4
2-> 3-> 1-> 5-> 4
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 86
Regarding the description of firewall dual-system hot backup, which of the following options are correct? (Multiple choices)
When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup groups need to be configured on the firewall.
Require that the status of all VRRP backup groups in the same VGMP management group on the same firewall be consistent
The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table, routing table and other information between the master and slave
VGMP is used to ensure the consistency of all VRRP backup group switching
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 87
Which of the following is the encryption technology used in digital envelopes?
Symmetric encryption algorithm
Asymmetric encryption algorithm
Hashing algorithm
Feeding Algorithm
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 26
QUESTION 88
Regarding the matching conditions of the security policy, which of the following options are correct? (Multiple choices)
“Source Security Zone” is an optional parameter in the matching conditions
“Time period” in the matching condition is optional
“Apply” in matching conditions is optional
“Service” is an optional parameter in the matching conditions
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 89
The attacker sends an ICMP response request and sets the destination address of the request packet as the broadcast address of the victim network.
What kind of attack does this behavior belong to?
IP Spoofing Attack
Smurf attack
ICMP redirect attack
SYN flood attack
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 90
Regarding the sequencing of PKI work processes, which of the following is correct?
1-2-6-5-7-4-3-8
1-2-7-6-5-4-3-8
6-5-4-1-2-7-3-8
6-5-4-3-1-2-7-8
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 27
QUESTION 91
Clients in the firewall Trust domain can log in to the FTP server in the Untrust domain, but cannot download files. Which of the following methods can solve the problem
problem? (Multiple choices)
Allow port 21 between Trust and Untrust
When FTP works in port mode, modify the security policy action from Trust to Untrust zone to allow
Enable detect ftp
When FTP works in Passive mode, modify the security policy action from Trust to Untrust zone to allow
Correct Answer: CD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 92
Which of the following is not part of the digital certificate?
Public key
Private key
Validity period
Issuer
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 93
Regarding the description of TCP / IP protocol stack decapsulation, which of the following is correct? (Multiple choices)
The data packet is first transmitted to the data link layer. After parsing, the data link layer information is stripped and the network layer information is known based on the parsing information.
Such as IP
After the transport layer (TCP) receives the data packet, the transport layer information is stripped after parsing, and the upper layer processing protocol is known based on the parsing information.
Such as UDP
After the network layer receives the data packet, the network layer information is stripped after parsing, and the upper layer processing protocol is known based on the parsing information, such as
HTTP
After the application layer receives the data packet, the application layer information is stripped after parsing, and the user data finally displayed and the number sent by the sender host
Data is exactly the same
Correct Answer: AD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 94
Which of the following is not a key technology of antivirus software?
Shelling technology
Self-protection
Format the disk
Upgrade virus database in real time
Page 28
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 95
Which of the following options are malicious programs? (Multiple choices)
Trojan horse
Vulnerabilities
Worms
Viruses
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 96
Which of the following are key elements of information security? (Multiple choices)
Asset management
Security operations and management
Security products and technologies
People
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 97
Which of the following is not a major form of computer crime?
Implant Trojan into target host
Hacking the target host
Personal surveys using computers
Use scanning tools to collect network information without permission
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 98
When the IPSec VPN tunnel mode is deployed, AH protocol is used for packet encapsulation. In the new IP packet header field, which of the following parameters need not be performed
Data integrity check?
Page 29
Source IP address
Destination IP address
TTL
Idetification
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 99
When configuring a GRE tunnel interface, which of the following parameters does the destination address generally refer to?
Local Tunnel Interface IP Address
Outbound IP address of the local end
Peer external IP address
IP address of the peer tunnel interface
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 100
Which of the following options are application risks (multiple choices)
Network viruses
Email security
Database system configuration security
Web Services Security
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 101
Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, and destination port.
“And” relationship, that is, only if the information in the message and all fields match, it is considered to hit this policy.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 30
QUESTION 102
Regarding the description of SSL VPN, which of the following is correct?
Can be used without a client
Can encrypt the IP layer
NAT traversal problem
No authentication required
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 103
Regarding the description of the four-way handshake to disconnect the TCP connection, which of the following is wrong?
The active closing party sends the first FIN to perform an active shutdown, while the other party receives this FIN to be closed.
When the passive shutdown receives the first FIN, it will send back an ACK and randomly generate an acknowledgement sequence number.
The passive closing party needs to send an end-of-file character to the application, and the application closes its connection and causes a FIN
After the passive closing party sends FIN, the active closing party must send back a confirmation and set the confirmation serial number to the received serial number plus 1
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 104
Which of the following is not an asymmetric encryption algorithm?
DH
MD5
DSA
RSA
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 105
Which of the following statements about Client-Initiated VPN is correct? (Multiple choices)
A tunnel is established between each access user and the LNS
Only one L2TP session and PPP connection are carried in each tunnel
Each tunnel carries multiple L2TP sessions and PPP connections
Each tunnel carries multiple L2TP sessions and a PPP connection
Correct Answer: AB
Section: (none)
Explanation
Page 31
Explanation / Reference:
QUESTION 106
Regarding the firewall security policy statement, what is wrong with the following options?
If the security policy permits, discarded packets will not accumulate “hits”
When configuring a security policy name, you cannot reuse the same name
Adjust the order of security policies, no need to save configuration files, take effect immediately
The number of security policy entries of Huawei USG series firewalls cannot exceed 128
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 107
Which of the following options of VPN technology supports datagram encryption? (Multiple choices)
SSL VPN
GRE VPN
IPSec VPN
L2TP VPN
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 108
Which of the following is the username / password for the first login of the USG series firewall?
User name admin
Password Admin @ 123
User name admin
Password admin @ 123
User name admin
Password admin
User name admin
Password Admin123
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
Page 32
QUESTION 109
During the use of the server, there are various security threats. Which of the following options is not a server security threat?
Natural disasters
DDos attack
Hacking
Malicious programs
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 110
Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?
After a remote user accesses the Internet, he can initiate an L2TP tunnel connection request to the remote LNS directly through the client software.
B.; The NS device receives the user’s L2TP connection request, and can authenticate the user based on the user name and password
LNS assigns private IP addresses to remote users
Remote users do not need to install VPN client software
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 111
Which of the following options are not included in the survey target for the safety assessment method?
Network System Administrator
Security administrator
HR
Technical Leader
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 112
The undiscovered vulnerability is the 0 day vulnerability
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 33
QUESTION 113
Regarding the problem that two-way binding users without authentication can not access network resources, which of the following options are possible reasons? (Multiple choices)
Authentication-free users and authenticated users are in the same security zone
Authentication-free users do not use a PC with the specified IP / MAC address
The authentication action in the authentication policy is set to “non-account / exempt authentication”
Online users have reached the maximum
Correct Answer: BD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 114
ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application layer, which is implemented through a server-map table.
Special security mechanisms.
Which of the following statements about ASPF and server-map tables is correct? (Multiple choices)
ASPF monitors messages during communication
ASPF can dynamically create a server-map table
ASPF dynamically allows multi-channel protocol data to pass through the server-map table
The five-tuple server-map entry implements a similar function to the session table
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 115
Which of the following are features of the address translation technology? (Multiple choice)
Address translation allows internal network users (private IP addresses) to access the Internet
Address translation can enable many hosts in the internal LAN to share an IP address to go online
Address translation can handle encrypted IP headers
Address translation can shield users on the internal network and improve the security of the internal network
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 116
Regarding NAT address translation, which of the following statements is wrong?
Configure NAT address pool in source NAT technology, you can configure only one IP address
Address translation can provide FTP, WWW, Telnet and other services to the outside in the LAN according to the needs of users
Some application layer protocols carry IP address information in the data. When they are NATed, the IP address information in the upper layer data must be modified
For some non-TCP, UDP protocols (such as ICMP, PPTP), NAT cannot be performed
Page 34
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 117
Regarding the relationship and role of VRRP / VGMP / HRP, which of the following statements are correct? (Multiple choices)
VRRP is responsible for sending gratuitous ARP to direct traffic to the new master device during the master / slave switchover.
VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment
HRP is responsible for data backup during hot standby operation
Active VGMP group may include VRRP group in Standby state
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 118
When the firewall upgrades the signature database and virus database online through the security service center, the firewall must be connected to the Internet first, and the configuration must be correct
DNS address
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 119
Which of the following is not a symmetric encryption algorithm?
DES
3DES
AES
RSA
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 120
The results you see with display ike sa are as follows. Which of the following statements is wrong?
Page 35
IKE SA has been established
IPSec SA has been established
The neighbor address is 2.2.2.1
IKE uses V1 version
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 121
Regarding the comparison between windows and linux, which of the following statements is wrong?
Linux newbies are difficult to get started and require some learning and guidance
Windows can be compatible with most software and play most games
Linux is open source and you can do whatever you want
windows are open source, do whatever you want
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 122
Which of the following options are at the core of the IATF (Information Security Technology Framework) model? (Multiple choices)
Environment
People
Technology
Operation
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 123
Which of the following are multi-user operating systems? (Multiple choices)
Page 36
MSDOS
UNIX
LINUX
Windows
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 124
The preservation of electronic evidence is directly related to the legal validity of evidence and the preservation of legal procedures can ensure its authenticity and reliability. Which of the following is not
On evidence preservation technology?
Encryption technology
Digital certificate technology
Digital signature technology
Message mark tracking technology
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 125
The VGMP group does not actively send VGMP packets to the peer when any of the following conditions occur:
Dual-system hot backup function is enabled
Manually switch the active / standby status of the firewall
Firewall business interface failure
Session table entry changes
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 126
Which of the following options can be operated in the advanced settings of windows firewall? (Multiple choices)
Restore default values
Change notification rules
Setting connection security rules
Set up inbound and outbound rules
Correct Answer: ABCD
Section: (none)
Explanation
Page 37
Explanation / Reference:
QUESTION 127
Regarding the security policy configuration command, which of the following is correct?
Prohibit ICMP packets from the trust zone accessing the untrust zone and the destination address is 10.1.10.10.
Forbid all ICMP packets from the trust zone to access all hosts in the untrust zone and the destination address is 10.1.0.0/16
It is forbidden to access all host ICMP packets from the trust zone to the untrust zone and the source address is 10.1.0.0/16.
Forbid all host ICMP packets from the trust zone to access the untrust zone and the source address is 10.2.10.10.
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 128
In information security prevention, commonly used security products include firewalls, Anti-DDos devices, and IPS / IDS devices
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 129
If the administrator uses the default authentication domain to authenticate the user, the user only needs to enter the user name when logging in; if the administrator
Use the newly created authentication domain to authenticate the user, the user needs to enter “username @ certificate domain name” when logging in
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
Page 38
QUESTION 130
Digital certificate technology solves the problem that public key owners cannot determine in digital signature technology
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 131
Which of the following options are technical features of an intrusion prevention system? (Multiple choices)
Online mode
Real-time blocking
Self-learning and adaptive
Straight deployment
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 132
Regarding firewall security policies, are the following items correct?
By default, the security policy can control unicast packets and broadcast packets.
By default, security policies can control multicast
By default, the security policy controls only unicast packets.
By default, security policies can control unicast packets, broadcast packets, and multicast packets
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 133
Which of the following information is encrypted when using a digital envelope? (Multiple choices)
Symmetric keys
User data
Recipient public key
Receiver private key
Correct Answer: AB
Section: (none)
Page 39
Explanation
Explanation / Reference:
QUESTION 134
Which of the following options fall within the scope of ISO27001 certification? (Multiple choices)
Access control
Personnel safety
Vulnerability Management
Business Continuity Management
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 135
Regarding the description of the firewall, which of the following is correct?
The firewall cannot access the network transparently.
Adding a firewall to the network will inevitably change the topology of the network.
To avoid a single point of failure, the firewall only supports side-by-side deployment
Depending on the usage scenario, the firewall can be deployed in transparent mode or in three-bedroom mode.
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 136
On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands is correct?
clear saved-configuration
reset saved-configuration
reset current-configuration
reset running-configuration
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 137
Which of the following options is correct for the description of a buffer overflow attack? (Multiple choice)
Buffer overflow attack exploits the defect of the software system’s memory operation and runs the attack code with high operation authority.
Page 40
Buffer overflow attacks are not related to operating system vulnerabilities and architecture.
Buffer overflow attacks are one of the common ways to attack software systems
Buffer overflow attacks are application-level attacks.
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 138
Security precaution technologies have different approaches at different technical levels and fields. Which of the following devices can be used for network layer security? (Multiple choices)
Vulnerability Scanning Device
Firewall
Anti-DDoS device
IPS / IDS equipment
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 139
IPSEC VPN technology does not support NAT traversal when using ESP security protocol encapsulation, because ESP encrypts the packet header
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 140
Which of the following options are features of SSL VPN? (Multiple choices)
User authentication
Port scanning
File sharing
WEB rewriting
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 141
Page 41
In the digital signature process, which of the following is the HASH algorithm to verify the integrity of the data transmission?
User data
Symmetric keys
Recipient public key
Receiver private key
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 142
Which of the following traffic matches the authentication policy to trigger authentication?
Accessing devices or device-initiated traffic
DHCP, BGP, OSPF, LDP packets
Visitors accessing HTTP traffic
DNS message corresponding to the first HTTP service data flow
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 143
The firewalls GE1 / 0/1 and GE1 / 0/2 both belong to the DMZ area. If you want to realize that the area connected to GE1 / 0/1 can access GE1 / 0/2
Which of the following is correct for the connected area?
Need to configure local to DMZ security policy
No configuration required
Inter-domain security policy needs to be configured
Need to configure DMZ to local security policy
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 144
The use of computers to store information about criminal activity is not a computer crime
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 145
Page 42
Regarding IKE SA, which of the following is incorrect?
IKE SA is bidirectional
IKE is an application layer protocol based on UDP
IKE SA is for IPSec SA
The encryption algorithm used for user data packets is determined by IKE SA
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 146
Which of the following statements about VPN is wrong?
Virtual private network costs less than leased lines
VPN technology is a technology that reuses logical channels on actual physical lines
The emergence of VPN technology enables employees on business trips to remotely access internal servers of the enterprise
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 147
Which of the following are standard port numbers for the FTP protocol? (Multiple choices)
20
21
23
80
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 148
The level of information security protection is to improve the overall level of national security, and to rationally optimize the allocation of security resources so that
Send back maximum safety and economic benefits
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Page 43
Explanation / Reference:
QUESTION 149
In response to network security incidents, remote emergency response is generally adopted first. If remote access is not available, it can be resolved for customers.
After the customer confirms the problem, go to the local emergency response process
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 150
Generally, we will divide the server into two categories: general server and function server. Which of the following options meets this classification criteria?
By application level
By purpose
Divided by shape
Divided by architecture
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 151
NAPT technology can implement a public IP address for multiple private network hosts
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 152
After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can be
Configure directly on the standby device, and the configuration on the standby device can be synchronized to the active device
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Page 44
Explanation / Reference:
QUESTION 153
Which of the following options are characteristic of symmetric encryption algorithms? (Multiple choices)
Fast encryption
Confidentiality is slow
Insecure key distribution
High key distribution security
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 154
Which of the following options are harms of a traffic attack? (Multiple choices)
Network is down
Server is down
Data is stolen
Web pages are tampered with
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 155
Intrusion prevention system (IPS) is a defense system that can block in real time when intrusion behaviors are discovered
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 156
Regarding the consistency check of the HRP master / backup configuration, which of the following options is not included?
NAT Policy
Are heartbeat interfaces with the same serial number configured?
Next hop and outgoing interface of the static route
Authentication strategy
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
Page 45
QUESTION 157
Regarding NAT configuration, which of the following is wrong?
Configure source NAT in transparent mode, firewall does not support easy-ip mode
The IP address in the address pool can overlap with the public IP address of the NAT server
When there is VoIP service on the network, NAT ALG does not need to be configured
The firewall does not support NAPT conversion of ESP and AH packets
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 158
Regarding the description of security policy actions and security profiles, which of the following options are correct? (Multiple choices)
If the action of the security policy is “Forbidden”, the device will discard this traffic and no further content security checks will be performed.
Security profiles can take effect without being applied to security policies whose actions are allowed
The security profile must be applied under a security policy whose action is allowed to take effect
If the security policy action is “Allow”, the traffic will not match the security profile
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 159
Encryption technology protects data during data transmission. Which of the following options are included? (Multiple choices)
Confidentiality
Controllability
Integrity
Source verification
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 160
After a cyber attack event, set up an isolation area, summarize data, and estimate losses according to the plan. The above actions are a cyber security emergency
At what stage of the response is the work involved?
Preparation stage
Detection phase
Inhibition phase
Recovery phase
Page 46
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 161
IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 162
The digital certificate is fair to the public key through a third party organization, thereby ensuring the non-repudiation of data transmission. So confirm the public key is correct
Sex requires only the certificate of the correspondent
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 163
Digital signature is to generate a digital fingerprint by using a hashing algorithm to ensure the integrity of data transmission
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 164
Regarding the description of the firewall fragment cache function, which of the following options are correct? (Multiple choices)
By default, the firewall caches fragmented packets
After the direct forwarding of fragmented packets is configured, the firewall will forward the fragmented packets that are not the first fragment according to the inter-domain security policy.
For fragmented packets, NAT ALG does not support the processing of SIP fragmented packets
By default, the maximum number of fragment caches for an IPv4 packet is 32, and the maximum number of fragment caches for an IPv6 packet is 255
Page 47
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 165
The SIP protocol uses SDP messages to establish sessions. SDP messages contain remote addresses or multicast addresses.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 166
Which of the following attacks is not a cyber attack?
IP Spoofing Attack
Smurf attack
MAC Address Spoofing Attack
ICMP attack
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 167
What versions of the SNMP protocol? (Multiple choices)
SNMPv1
SNMPv2b
SNMPv2c
SNMPv3
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 168
Regarding the description of the preemption function of VGMP management, which of the following is wrong?
By default, the preemption function of the VGMP management group is enabled.
By default, the preemption delay time of the VGMP management group is 40s.
Page 48
Preemption refers to the restoration of the priority of the original faulty master device when it fails. At this time, you can reset your status
Preemptive
After the VRRP backup group is added to the VGMP management group, the original preemption function on the VRRP backup group becomes invalid
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 169
In the IPSec VPN transmission mode, what part of the data packet is encrypted?
Network layer and upper layer data messages
Original IP header
New IP packet header
Transport layer and upper layer data messages
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 170
Regarding windows logs, which of the following descriptions is incorrect?
System logs are used to record events generated by operating system components, mainly including crashes of drivers, system components, and application software, as well as data
The system log of windows server 2008 is stored in Application.evtx
The application log contains events recorded by the application or system program, which mainly records events related to the operation of the program
The security log of windows server 2008 is stored in security.evtx
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 171
For the description of IP Spoofing, which of the following is wrong?
IP spoofing attacks are launched using the normal IP address-based trust relationship between hosts.
After a successful IP spoofing attack, an attacker can use a forged IP address to impersonate a legitimate host to access key information
The attacker needs to disguise the source IP address as a trusted host and send a data segment with a SYN tag to request a connection
Hosts based on IP address trust relationship can log in directly without entering password authentication
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
Page 49
QUESTION 172
In the USG series firewall, which command can be used to query the NAT translation result?
display nat translation
display firewall session table
display current nat
display firewall nat translation
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 173
The preservation of electronic evidence is directly related to the legal validity of evidence and the preservation of legal procedures, so that its authenticity and reliability can be guaranteed. Which of the following is not
On evidence preservation technology?
Encryption technology
Digital certificate technology
Digital signature technology
Message mark tracking technology
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 174
Which of the following state information can be backed up by Huawei Redundancy Protocol (HRP)? (Multiple choices)
Session table
ServerMap entry
Dynamic blacklist
Routing table
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 175
As shown in the figure, a TCP connection is established between client A and server B. Which of the following “?” Message sequence numbers should be in the figure?
Page 50
a + 1: a
a: a + 1
b + 1: b
a + 1: a + 1
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 176
Digital certificates can be divided into local certificates, CA certificates, root certificates, and self-signed certificates according to different usage scenarios.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 177
Which of the following is the encryption technology used in digital envelopes?
Symmetric encryption algorithm
Asymmetric encryption algorithm
Hashing algorithm
Stream encryption algorithm
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 51
QUESTION 178
Which of the following are remote authentication methods? (Multiple choices)
RADIUS
Local
HWTACACS
LLDP
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 179
Which of the following statements about IPSec SA is correct?
IPSec SA is unidirectional
IPSec SA is bidirectional
Used to generate encryption keys
Used to generate confidential algorithms
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 180
The steps of the safety assessment method do not include which of the following?
Human audit
Penetration testing
Questionnaire
Data analysis
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 181
In Equal Guarantee 2.0, which stipulates that “spam emails should be detected and protected at key network nodes, and upgrades to spam protection mechanisms should be maintained
And update “?
Malicious code prevention
Communication transmission
Centralized control
Border protection
Page 52
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 182
Which of the following options does not fall into the 5-tuple range?
Source IP
Source MAC
Destination IP
Destination port
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 183
In the state detection firewall, when the state detection mechanism is enabled, the second packet (SYN + ACK) of the three-way handshake reaches the firewall.
At this time, if there is no corresponding session table on the firewall, which of the following is correct?
The firewall does not create a session table, but allows packets to pass
If the firewall security policy allows packets to pass, create a session table
Messages must not pass through the firewall
The packets must pass through the firewall and establish a session
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 184
In a VRRP (Virtual Router Redundancy Protocol) group, the primary firewall periodically sends notification packets to the backup firewall.
The backup firewall is only responsible for listening to the notification message and will not respond.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 185
Huawei USG firewall VRRP notification messages are multicast packets, so each firewall in the backup group must be able to implement direct Layer 2 interworking.
Page 53
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 186
Because the server is a type of computer, we can use our personal computer as a server in the enterprise.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 187
As shown in the figure is an application scenario of a NAT server, when the configuration is performed using the web configuration mode. Which of the following statements is true?
(Multiple choices)
When configuring the interzone security policy, you need to set the source security zone to Untrust and the target security zone to DMZ.
When configuring NAT Server, the internal address is 10.1.1.2 and the external address is 200.10.10.1
When configuring the interzone security policy, set the source security zone to DMZ and the target security zone to Untrust
When configuring NAT Server, the internal address is 200.10.10.1 and the external address is 10.1.1.2
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 188
In the configuration of L2TP, which of the following statements is correct for the Tunnel Name command? (Multiple choices)
Used to specify the local tunnel name
Tunnel name used to specify the peer
Tunnel Nname must be the same at both ends
If Tunnel Name is not configured, the tunnel name is the local system name
Page 54
Correct Answer: AD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 189
Which of the following attack types does a DDos attack have?
Spying Scan Attack
Malformed message attack
Special message attacks
Traffic attacks
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 190
In the USG system firewall, you can use the function to provide well-known application services for non-well-known ports.
Port mapping
MAC and IP address binding
Packet filtering
Long connection
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 191
Regarding the command to check the number of security policy matches, which of the following is correct?
display firewall sesstion table
display security-policy all
display security-policy count
count security-policy hit
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 192
Which of the following options is a Layer 2 VPN technology?
Page 55
SSL VPN
L2TP VPN
GRE VPN
IPSec VPN
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 193
About the description of advanced settings of windows firewall, which of the following options are wrong? (Multiple choices)
When setting the stacking rule, only the local port can be restricted, and the remote port cannot be restricted
When setting the stacking rules, you can restrict both local and remote ports
When setting out the stack rule, only the local port can be restricted, and the remote port cannot be restricted
When setting out the stack rule, you can restrict both the local port and the remote port
Correct Answer: BD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 194
Regarding the description of VGMP group management, which of the following is wrong?
The master / backup status of a VRRP backup group needs to be notified to the VGMP management group to which it belongs.
The interface types and numbers of the heartbeat interfaces of the two firewalls can be different, as long as the Layer 2 communication
Periodic hello messages between VGMPs of the active and standby firewalls
The master and backup devices learn the status of each other through heartbeat exchange messages, and back up related commands and status information.
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 195
In the security assessment method, the purpose of a security scan is to scan the target system with a scan analysis and evaluation tool in order to find related vulnerabilities.
Prepare for the attack
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 56
QUESTION 196
Which of the following attacks is not a malformed packet attack?
Teardrop attack
Smurf attack
TCP Fragmentation Attack
ICMP Unreachable Packet Attack
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 197
Regarding IKE SA, which of the following is incorrect?
IKE SA is bidirectional
IKE is an application layer protocol based on UDP
IKE SA is for IPSec SA
The encryption algorithm used for user data packets is determined by IKE SA
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 198
In the construction of an information security system, the relationship between important aspects of security and system behavior needs to be accurately described through a security model
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 199
Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, and destination port.
“And” relationship, that is, only if the information in the message and all fields match, it is considered to hit this policy.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 200
The matching principle of the security policy is: first find the manually-configured inter-domain security policy, and if it does not match, directly discard the data packet.
Page 57
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 201
Which of the following is the response action of the gateway antivirus after detecting a mail virus? (Multiple choices)
Alarm
Block
Declaration
Delete attachments
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 202
Digital signature is to generate a digital fingerprint by using a hashing algorithm to ensure the integrity of data transmission
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 203
Regarding NAT address translation, which of the following statements is wrong?
Configure NAT address pool in source NAT technology, you can configure only one IP address
Address translation can provide FTP, WWW, Telnet and other services to the outside in the LAN according to the needs of users
Some application layer protocols carry IP address information in the data. When they are NATed, the IP address information in the upper layer data must be modified
For some TCP and UDP protocols (such as ICMP, PPTP), NAT cannot be performed.
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 204
When a NAT server is configured on the firewall of the USG system, a server-map table is generated. Which of the following is not included in the performance?
Page 58
Destination IP
Destination port number
Agreement number
Source IP
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 205
Which of the following options are malicious programs? (Multiple choices)
Trojan horse
Vulnerabilities
Worms
Viruses
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 206
Which of the following are the main implementation methods of gateway antivirus? (Multiple choices)
Agent scanning method
Stream scanning method
Package inspection and killing methods
File killing methods
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 207
Which of the following options is not part of the hashing algorithm?
MD5
SHA1
SM1
SHA2
Correct Answer: C
Section: (none)
Explanation
Page 59
Explanation / Reference:
QUESTION 208
Regarding the description of firewall dual-system hot backup, which of the following options are correct? (Multiple choices)
When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup groups need to be configured on the firewall.
Require that the status of all VRRP backup groups in the same VGMP management group on the same firewall be consistent
The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table, routing table and other information between the master and slave
VGMP is used to ensure the consistency of all VRRP backup group switching
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 209
Which of the following options is not a certificate save file format supported by the USG6000 series device?
PKCS # 12
DER
PEM
PKCS #
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 210
Which of the following attacks is not a special message attack?
ICMP redirect message attack
ICMP Unreachable Packet Attack
IP address scanning attack
Oversized ICMP packet attack
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 211
Security precaution technologies have different approaches at different technical levels and fields. Which of the following devices can be used for network layer security? (Multiple choices)
Vulnerability Scanning Device
Firewall
Anti-DDoS device
IPS / IDS equipment
Page 60
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 212
Which of the following is used in digital signature technology to encrypt digital fingerprints?
Sender public key
Sender private key
Recipient public key
Receiver private key
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 213
The reason OSPF is more commonly used than RIP is that OSPF has device authentication and is more secure
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 214
The content of intrusion detection covers authorized and unauthorized intrusion behaviors. Which of the following behaviors does not fall into the scope of intrusion detection?
Impersonating another user
The administrator deletes the configuration by mistake
Worm Trojans
Leaked data
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 215
For the description of ARP spoofing attack, which of the following is wrong
The ARP implementation mechanism only considers normal business interactions, and does not verify any abnormal business interactions or malicious behaviors.
ARP spoofing attacks can only be implemented through ARP responses, not through ARP requests
Page 61
When a host sends a normal ARP request, the attacker will respond preemptively, causing the host to establish an incorrect IP-MAC mapping
ARP static binding is a solution to ARP spoofing attacks. It is mainly used in small network scenarios.
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 216
Which of the following mechanisms are used for MAC flood attacks? (Multiple choices)
MAC learning mechanism of the switch
Switch forwarding mechanism
ARP learning mechanism
Limit on the number of MAC entries
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 217
After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the information that can be backed up can be
Configuration is performed directly on the standby device, and the configuration on the standby device can be synchronized to the active device.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 218
In practical applications, asymmetric encryption is mainly used to encrypt user data
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 219
When the enterprise establishes its own information system, it checks each operation according to the internationally established authoritative standards and can detect its own information.
Is the system secure
Page 62
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 220
Which of the following options is the port number used for L2TP packets?
17
500
1701
4500
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 221
The steps of the safety assessment method do not include which of the following?
Human audit
Penetration testing
Questionnaire
Data analysis
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 222
IPSec VPN uses asymmetric encryption algorithm to encrypt the transmitted data
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 223
Regarding firewall security policies, which of the following is correct?
By default, security policies can control unicast and broadcast packets
By default, security policies can control multicast
By default, the security policy controls only unicast packets
Page 63
By default, security policies can control unicast packets, broadcast packets, and multicast packets
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 224
Which of the following information is encrypted when using a digital envelope? (Multiple choices)
Symmetric keys
User data
Recipient public key
Receiver private key
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 225
Which of the following is an action to be taken during the eradication phase in a cybersecurity emergency response?
(Multiple choice)
Find sick Trojan horses, illegal authorization, system loopholes, and deal with them in time
Revise security policies based on security incidents and enable security audits
Blocking attacks and reducing their scope
Confirm the degree of damage caused by the security incident and report the security incident
Correct Answer: AB
Section: (none)
Explanation
Explanation / Reference:
QUESTION 226
Which of the following attacks can DHCP Snooping prevent? (Multiple choices)
DHCP Server Phishing Attack
Man in the Middle and IP / MAC spoofing Attacks
IP spoofing attacks
Counterfeit DHCP lease renewal message attack using option82 field
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
Page 64
QUESTION 227
In the Huawei SDSec solution, which of the following options belong to the equipment of the execution layer? (Multiple choices)
CIS
Fierhunter
Router
AntiDDoS
Correct Answer: BCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 228
A company employee account has expired, but the account can still be used to access the company server. What security risks does the above scenario belong to? (Multiple choices)
Managing security risks
Access security risks
System security risks
Physical security risks
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 229
What is the default backup mode for dual-system hot backup?
Automatic backup
Manual batch backup
Quick session backup
Configuration of the active and standby FWs after the device restarts
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 230
Network administrators can collect data to be analyzed on network devices through packet capture, port mirroring, or logs
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Page 65
Explanation / Reference:
QUESTION 231
The world’s first worm, the “Morris Worm,” made people realize that as people ’s dependence on computers grew,
The possibility of attack on computer networks is also increasing, and it is necessary to establish a comprehensive emergency response system
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 232
Which of the following is required for IPSec VPN? (Multiple choices)
Configure IKE neighbors
Configure IKE SA related parameters
Configure IPSec SA related parameters
Configure the flow of interest
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 233
Which of the following categories are included in Huawei firewall user management? (Multiple choices)
Internet user management
Access user management
Administrator User Management
Device user management
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 234
In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options is correct for the description of tracking technology? (Multiple choices)
The packet recording technology inserts the trace data in the traced IP data packet, so as to mark the packet on each router that has been talked about.
Link detection technology determines the source of the attack by testing the network connection between routers
Packet marking technology records the packets on the router and then uses data drilling techniques to extract the source of the attack
Shallow email behavior analysis can realize information such as sending IP address, sending time, sending frequency, number of recipients, shallow email header
Analysis
Page 66
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 235
When a user uses session authentication to trigger the built-in Portal authentication of the firewall, the user does not actively perform identity authentication, advanced service access,
Device pushes “redirect” to authentication page
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 236
For the description of the intrusion detection system, which of the following is wrong ?.
Intrusion detection system can dynamically collect a large amount of key information through the network and computer, and can analyze and judge the entire system environment in time.
Current status
Once the intrusion detection system finds that it violates the security policy or the system has traces of being attacked, it can implement blocking operations.
Intrusion detection system includes all software and hardware systems used for intrusion detection
The immersion detection system can be linked with firewalls and switches to become a powerful “assistant” for firewalls, to better and more accurately control inter-domain traffic
Volume visit
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 237
Which of the following options are encapsulation modes supported by IPSec VPN? (Multiple choices)
AH mode
Tunnel mode
Transmission mode
ESP mode
Correct Answer: BC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 238
Tunnel addresses at both ends of the GRE tunnel can be configured as addresses on different network segments
Page 67
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 239
Regarding the description of the packet during the iptables transmission, which of the following options is wrong?
When a data packet enters the network card, it first matches the PREROUTING chain
If the destination address of the packet is local, the system will send the packet to the INPUT chain.
If the destination address of the packet is not local, the system sends the packet to the OUTPUT chain
If the destination address of the data packet is not the local machine, the system sends the data packet to the FORWARD chain.
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 240
Regarding the description of the operating system, which of the following is wrong?
The operating system is the interface between the user and the computer
The operating system is responsible for managing all hardware resources of the computer system and controlling the execution of software.
The interface between the operating system and the user is a graphical interface
The operating system itself is software
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
QUESTION 241
Which of the following is not a requirement for dual-system hot backup of the firewall?
The firewall hardware model is the same
The firewall software version is the same
The type and number of the interfaces used are the same
The firewall interface IP address is the same
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 242
Regarding the NAT policy processing flow, which of the following options are correct?
(Multiple choice)
Page 68
Server-map is processed after state detection
Source NAT policy query is processed after session creation
Source NAT policy is processed after security policy matches
Server-map processing before security policy matching
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 243
Which of the following options are required for a dual-system hot backup scenario?
(Multiple choice)
hrp enable
hrp mirror session enable
hrp interface interface-type interface-number
hrp preempt [delay interval]
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 244
Manual audit is a supplement to tool evaluation. It does not need to install any software on the target system being evaluated.
Operation and status have no effect. Which of the following options is not included in the manual audit?
Manual detection of the host operating system
Manual inspection of the database
Manual inspection of network equipment
Manual inspection of the process of the administrator operating the equipment
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 245
Which of the following options belong to the default security zone of Huawei Firewall? (Multiple choices)
Zone
Trust area
Untrust Zone
Security area
Correct Answer: BC
Section: (none)
Page 69
Explanation
Explanation / Reference:
QUESTION 246
What level of early warning corresponds to a major cyber security event?
Red alert
Orange warning
Yellow warning
Blue warning
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 247
Regarding the source of electronic evidence, which of the following is incorrect?
Facsimile information, mobile phone recordings are electronic evidence related to communication technology.
Movies and TV series are electronic evidence related to network technology.
Database operation records, operating system logs are computer-related electronic evidence •
Operating system, e-mail, chat records can be used as the source of electronic evidence
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 248
Regarding the sequence of call establishment processes in the L2TP corridor, which of the following descriptions is correct?
Establish L2TP tunnel
Establish a PPP connection
3.LNS authenticates users
Users access intranet resources
Establish L2TP Session
1-> 2-> 3-> 5-> 4
1-> 5-> 3-> 2-> 4
2-> 1-> 5-> 3-> 4
2-> 3-> 1-> 5-> 4
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
Page 70
QUESTION 249
The protocol field in the IP packet header identifies the protocol used by its upper layer. Which of the following field values indicates that the upper layer protocol is
UDP protocol?
6
17
11
18
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 250
Carry out regular inspections of network security systems and equipment, upgrade patches, and organize cyber security emergency response drills in accordance with management specifications.
Which part of the MPDRR network security mode does the above action belong to?
Protection link
Testing
Response
Management
Correct Answer: BC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 251
Information security level protection is the basic system of national information security protection work
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 252
Which of the following options is not the identity of an IPSec SA?
SPI
Destination address
Source address
Security protocols
Correct Answer: C
Section: (none)
Explanation
Explanation / Reference:
Page 71
QUESTION 253
What is the difference between the pre-accident prevention strategy and the post-accident recovery strategy? (Multiple choices)
Prevention strategies focus on minimizing the possibility of accidents before the story begins. Recovery strategies focus on minimizing
Impact and loss
The role of pre-disaster prevention strategies does not include minimizing economic and reputational losses due to accidents
Recovery strategies to improve business high availability
Recovery strategies are part of the business continuity plan
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 254
During the administrator’s upgrade of the USG firewall software version, which of the following operations are necessary? (Multiple choices)
Upload firewall version software
Restart the device
Factory reset
Specify the software version to be loaded at the next startup
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 255
If the company’s structure changes in reality, the business continuity plan needs to be retested
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 256
HTTP packets are carried using UDP, while HTTPS protocol is based on TCP three-way handshake, so HTTPS is more secure and more recommended
Use HTTPS.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Page 72
Explanation / Reference:
QUESTION 257
Single sign-on for Internet users, users directly authenticate to the AD server, and the device does not interfere with the user authentication process. AD monitoring services require
Deployed on the USG to monitor the authentication information of the AD server
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 258
UDP port scanning refers to an attacker sending a zero-byte length UDP packet to a specific port on the target host. If the port is open,
An ICMP port reachable data message will be returned.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 259
Regarding the business continuity plan, what is the following statement correct? (Multiple choices)
The business continuity plan does not require senior company involvement during the scoping phase
BCP needs flexibility because it cannot predict all possible accidents
The business continuity plan does not require senior company involvement before it is formally documented
Not all security incidents must be reported to company executives
Correct Answer: BD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 260
When the USG series firewall hard disk is in place, which of the following logs can be viewed? (Multiple choices)
Operation log
Business logs
Alarm information
Threat log
Correct Answer: ABCD
Section: (none)
Page 73
Explanation
Explanation / Reference:
QUESTION 261
Social engineering is a kind of psychological trapping through victim’s psychological weakness, instinct reaction, curiosity, trust, greed, etc.
Harms such as deception and injury.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 262
Apply for emergency response special funds and purchase emergency response software and hardware equipment in which stage of the network’s full emergency response?
Preparation stage
Inhibition phase
Response phase
Recovery phase
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 263
Device sabotage attacks are generally not easy to cause information leakage, but usually cause network service interruption.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 264
Regarding the description of online user and VPN access user authentication, which of the following is wrong?
Internet users and VPN access users share data, and user attribute checks (user status, account expiration time, etc.) are also correct.
VPN access takes effect
Local users or server authentication processes are basically the same for online users. Both use the authentication domain to authenticate users.
The same
After VPN users access the network, they can access the network resources of the corporate headquarters. The firewall can control the accessible network resources based on user names
VPN access users will go online at the same time after being authenticated
Page 74
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 265
Which of the following descriptions of the patch is wrong?
A patch is a small program made by the original author of the software to find a vulnerability
Not patching does not affect the operation of the system, so whether it is patched or not is irrelevant.
Patches are constantly updated.
Computer users should download and install the latest patches in time to protect their systems
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 266
Regarding the description of the Intrusion Prevention System (IPS), which of the following is incorrect?
IDS equipment needs to cooperate with firewall to block intrusion
IPS equipment cannot be bypassed in the network
IPS devices can be connected at the network boundary and deployed online
Once the IPS device detects the intrusion behavior, it can realize real-time blocking
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 267
Guan Zihua’s routers and routers, which of the following statements are correct? (Multiple choices)
Routers can implement some security functions, and some routers can implement more security functions by adding security cards
The main function of the router is to forward data. When enterprises have security requirements, sometimes a firewall may be a more suitable choice.
The switch has some security functions, and some switches can implement more security functions by adding security cards.
Switches do not have security features
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 268
Which of the following options is not a log type for the windows operating system?
Business logs
Application logs
Security logs
Page 75
System logs
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 269
After the network intrusion event, obtain the identity of the intrusion, the source of the attack and other information according to the plan, and block the intrusion behavior. The above actions
What links belong to the PDRR network security model? (Multiple choices)
Protection link
Testing
Response
Recovery
Correct Answer: BC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 270
Regarding scanning of vulnerabilities, which of the following is wrong?
The loopholes were previously unknown and discovered afterwards.
Vulnerabilities are generally patchable
Vulnerabilities are security risks that can expose computers to hacking
Vulnerabilities are avoidable
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 271
When the user is configured for single sign-on, the PC message mode is used. The authentication process includes the following steps:
1 The visitor PC executes the login script and sends the user login information to the AD monitor
2 The firewall extracts the correspondence between the user and the IP from the login information and adds it to the online user table
3 The AD monitor connects to the AD server to query login user information, and forwards the queried user information to the firewall
4 The visitor logs in to the AD domain. The AD server returns a login success message to the user and issues a login script.
Which of the following is correct?
1-2-3-4
4-1-3-2
3-2-1-4
1-4-3-2
Correct Answer: B
Section: (none)
Page 76
Explanation
Explanation / Reference:
QUESTION 272
The administrator wants to create a web configuration administrator, the device web access port number is 20000, and the administrator is an administrator level. Which of the following commands
Is it correct?
A.
B.
C.
D.
Page 77
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 273
Regarding the description of security policy actions and security profiles, which of the following options are correct? (Multiple choices)
Forbidden If the action of the security policy is “Forbidden”, the device will discard this traffic and no further content security checks will be performed.
Security profiles can take effect without being applied to security policies whose actions are allowed
The security profile must be applied under a security policy whose action is allowed to take effect.
If the security policy action is “Allow”, the traffic will not match the security profile
Correct Answer: AC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 274
Which of the following options are the same characteristics of windows system and LINUX system? (Multiple choices)
Support for multitasking
Support graphical interface operation
Open source systems
Support for multiple terminal platforms
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 275
During the NAT configuration process, in which of the following situations, the device generates a server-map entry? (Multiple choices)
Automatically generate server-map entries when configuring source NAT
After the NAT server is successfully configured, the device will automatically generate a Server-map entry.
Server-map entries are generated when easy-ip is configured
After NAT No-PAT is configured, the device will create a server-map table for the configured multi-channel protocol data flow.
Correct Answer: BD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 276
NAT technology can realize data security transmission by encrypting data.
Page 78
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 277
Which of the following is the correct order for incident response management?
1 detection
2 reports
3 remission
4 summarize experience
5 fixes
6 recovery
7 responses
1-3-2-7-5-6-4
1-3-2-7-6-5-4
1-2-3-7-6-5-4
1-7-3-2-6-5-4
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 278
Which of the following statements about L2TP VPN is wrong?
Applicable to employees on business trip dial-up access to the intranet
Data will not be encrypted
Can be used with IPsec VPN
Belongs to Layer 3 VPN technology
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 279
Encryption technology can convert readable information into unreadable information through certain methods.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Page 79
Explanation / Reference:
QUESTION 280
ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application layer.
Implemented special security mechanisms. Which of the following statements about ASPF and server-map tables is correct? (Multiple choices)
ASPF monitors messages during communication
ASPF can create server-map dynamically
ASPF dynamically allows multi-channel protocol data to pass through the server-map table
The five-tuple server-map entry implements a similar function to the session table
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 281
The role of antivirus software and host firewall is the same.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 282
The process of electronic forensics includes: protecting the scene, obtaining evidence, preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 283
Page 80
The command is executed on the firewall and the above information is displayed. Which of the following descriptions is correct? (Multiple choices)
The status of this firewall VGMP group is Active
The virtual IP address of this firewall G1 / 0/1 interface is 202.38.10.2
The priority of the VRRP backup group whose firewall VRID is 1 is 100
Will not switch when the master device USG_A fails
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
QUESTION 284
In the USG series firewall system view, after the reset saved-configuration command is executed, the device configuration is restored to the default configuration.
No further action is required to take effect.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 285
Which of the following is the difference between Network Address Port Translation (NAPT) and No Network Address Translation (No-PAT)?
After No-PAT conversion, for external users, all packets are from the same IP address
No-PAT only supports protocol port conversion at the transport layer
NAPT only supports protocol address translation at the network layer
No-PAT supports protocol address translation at the network layer
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 286
Which of the following options is correct for the description of a buffer overflow attack?
Page 81
(Multiple choice)
Buffer overflow attack exploits the defect of the software system’s memory operation and runs the attack code with high operation authority
Buffer overflow attacks have nothing to do with the vulnerability and architecture of the operating system
Buffer overflow attacks are one of the common ways to attack software systems
Buffer overflow attacks are application-level attacks
Correct Answer: ACD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 287
Which of the following is not the business scope of the National Internet Emergency Center?
Emergency handling of security incidents
Early warning of security incidents
Provide security evaluation services for government departments, enterprises and institutions
Cooperate with other institutions to provide training services
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 288
The host firewall is mainly used to protect the host from attacks and intrusions from the network.
Yes
wrong
Correct Answer: A
Section: (none)
Explanation
Explanation / Reference:
QUESTION 289
Which of the following options belong to international organizations related to information security standardization? (Multiple choices)
International Organization for Standardization (ISO)
International Electrotechnical Commission (IEC)
International Telecommunication Union (ITU)
Wi-Fi Alliance
Correct Answer: ABC
Section: (none)
Explanation
Explanation / Reference:
Page 82
QUESTION 290
In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options is correct for the description of tracking technology? (Multiple choices)
The packet recording technology inserts trace data in the traced IP data packets, so
Marking packets
Link test technology determines the source of the attack by testing the network link between routers
Packet marking technology records the packets on the router and then uses data drilling techniques to extract the source of the attack
Shallow email behavior analysis can realize sending IP address, sending time, sending frequency, number of recipients, shallow email header
Analysis of information.
Correct Answer: ABD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 291
Digital signature technology obtains a digital signature by encrypting which of the following data?
User data
Recipient’s public key
Sender public key
Digital fingerprint
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 292
On Huawei USG series firewalls, the default security policy cannot be modified.
Yes
wrong
Correct Answer: B
Section: (none)
Explanation
Explanation / Reference:
QUESTION 293
In the classification of the information security level protection system, which of the following levels defines if the information system is damaged, it will affect social order and society.
Damage to the public interest? (Multiple choices)
First level
User autonomous protection level
Second level
System audit protection level
Third level
Security mark protection
Level 4
Structured protection
Page 83
Correct Answer: ABCD
Section: (none)
Explanation
Explanation / Reference:
QUESTION 294
In the Huawei SDSec solution, which of the following is an analysis layer device?
CIS
Agile Controller
switch
Firehunter
Correct Answer: D
Section: (none)
Explanation
Explanation / Reference:
QUESTION 295
Regarding the control action permit and deny of the firewall inter-domain forwarding security policy, which of the following options are correct? (Multiple choices)
The action of the firewall’s default security policy is deny
Packets are discarded immediately after the deny action of the inter-domain security policy is matched, and other inter-domain security policies will not continue to be executed.
Even if the packet matches the permit action of the security policy, it may not be forwarded by the firewall
Whether the packet matches the permit action or deny action of the security policy, it will be transferred to the UTM module for processing.
Correct Answer: ABC
Section: (none)
Learning often happens ONLINE for FREE and at your comfort zone. Enroll NOW.
Enjoy learning SWIFTLY.
For Homework/Academic Writing: homehubstudy@gmail.com
Quick Links
Resources
Registrations
Cookie Notice
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
