Huawei H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Exam Practice Test

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

Local reputation MD5 cache only has static cache, which needs to be updated regularly

File reputation database can only be upgraded by manual upgrade

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

File reputation database update and upgrade can only be achieved through linkage with sandbox

③④

①③④

⑤⑥

②④

③④①②

③④②①

④①②③

④②①③

The priority of the coverage signature is higher than that of the signature in the signature set.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain either predefined signatures or custom signatures. 832335

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

True

False

True

False

True

False

Use BGP to publish UNR routes to achieve dynamic diversion.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

The system starts traffic statistics.

System related configuration application, fingerprint learning.

The system starts attack prevention.

The system performs preventive actions.

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

The basic mode can effectively block the access from the Feng Explor client.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

True

False

The black and white list is matched by extracting the destination IP address of the SMTP connection

The black and white list is matched by the sender's dns suffix

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

Hacking

Weak personal safety awareness

Open company confidential files

Failure to update the virus database in time

Planting malware

Vulnerability attack"

We6 Application Click

Brute force

Web security protection

Global environment awareness

Sandbox and big data analysis

Intrusion prevention

The firewall has enabled the SYN Flood source detection and defense function

The firewall uses the first packet drop to defend against UDP Flood attacks.

HTTP Flood attack defense uses enhanced mode for defense

The threshold for HTTP Flood defense activation is 2000.

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

Configuration plane

Business plane

Log plane

Data forwarding plane

The detection rate is higher than the flow scanning method

System overhead will be relatively small

Cache all files through the gateway's own protocol stack

More advanced operations such as decompression, shelling, etc. can be performed