H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

The administrator of a certain enterprise wants employees of Yangzhi to visit the shopping website during working hours. So a URL filtering configuration file is configured to divide the predefined

The shopping website in the category is selected as blocked. But employee A can still use the company ' s network to shop online during lunch break. Then what are the following possible reasons

some?

Regarding Huawei ' s anti-virus technology, which of the following statements is wrong?

Regarding the description of keywords, which of the following is correct? (multiple choice)

After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

Which of the following options belong to the network layer attack of the TCP/IP protocol stack? (multiple choice)

Which of the following are typical intrusions? " Multiple choice)

The most common form of child-like attack is to send a large number of seemingly legitimate packets to the target host through Flood, which ultimately leads to network bandwidth.

Or the equipment resources are exhausted. Which of the following options is not included in traffic attack packets?

Which of the following is the correct configuration idea for the anti-virus strategy?

1. Load the feature library

2. Configure security policy and reference AV Profile

3. Apply and activate the license

4. Configure AV Profile

5. Submit

Which of the following options is not a special message attack?

In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed

In the high-performance engine. Which of the following is not the content security detection function supported by this product?

In the big data intelligent security analysis platform, it is necessary to collect data from data sources, and then complete a series of actions such as data processing, detection and analysis, etc.

do. Which of the following options does not belong to the action that needs to be completed in the data processing part?

155955cc-666171a2-20fac832-0c042c0422

Regarding the network intrusion detection system (NIDS), which of the following statements is wrong?

Due to differences in network environment and system security strategies, intrusion detection systems are also different in specific implementation. From the perspective of system composition, the main

Which four major components are included?

Misuse detection is through the detection of similar intrusions in user behavior, or those that use system flaws to indirectly violate system security rules

To detect intrusions in the system. Which of the following is not a feature of misuse detection 2

Which of the following options are the possible reasons why a certain signature is not included after the IPS policy configuration is completed? (multiple choice)

The whitelist rule of the firewall anti-virus module is configured as ( " *example*, which of the following matching methods is used in this configuration?

Which of the following are the control items of HTTP behavior?) (multiple choice)

Regarding computer viruses, which of the following options is correct?

The administrator has configured file filtering to prohibit internal employees from uploading development files, but internal employees can still upload development files. Which of the following is not allowed Can the reason?

Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?

1. The Netflow analysis device samples the current network flow;

2. Send a drainage command to the cleaning center;

3. Discover the DDoS attack stream;

4.Netior: analysis equipment sends alarms to ATIC management center

5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;

6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage

7. The cleaning log is sent to the management center to generate a report;

8. The cleaned traffic is sent to the original destination server.

Which of the following attacks are attacks against web servers? (multiple choices)

If the regular expression is " abc. de " , which of the following will not match the regular expression?

Huawei USG6000 products can scan and process certain file transfer protocols for viruses, but which of the following protocols is not included?

Information security is the protection of information and information systems to prevent unauthorized access, use, leakage, interruption, modification, damage, and to improve

For confidentiality, integrity and availability. ,

When you suspect that the company ' s network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Which of the following is not an abnormal situation of the file type recognition result?

Which of the following options is not a defense against HTTP Flood attacks?

Anti DDoS seven-layer defense can work from the dimensions of interface-based defense, global defense and defense object-based defense.

Which aspects of information security will be caused by unauthorized access? (multiple choice)

With the continuous development of the network and the rapid development of applications, companies are making users more and more frequently start to transfer files on the network.

Virus threats are becoming more and more serious. Only by rejecting the virus outside the network can data security and system stability be guaranteed. So, which of the following are

What harm might be caused by illness? (multiple choices)

The security management system is only optional, and anti-virus software or anti-hacking technology can be a good defense against network threats.

If the user ' s FTP operation matches the FTP filtering policy, what actions can be performed? (multiple choice)

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

① WAF uses the pages in the cache to return to the client;

②WAF compares the watermark of the server page content with the page content in the cache

③Store the content of the page in the cache after learning

④ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user ' s visit to the website;

For the ordering of these steps, which of the following options is correct?

Malicious code usually uses RootKit technology in order to hide itself. RootKit modifies the kernel of the system by loading a special driver.

To hide itself and the role of designated files.

Regarding the description of intrusion detection technology, which of the following statements is correct?

Which of the following options describes the IntelliSense engine IAE incorrectly?

Which of the following descriptions are correct for proxy-based anti-virus gateways? (multiple choice)

If a company wants to detect image files, Shellcode code files and PDF files, which of the following types of sandboxes can be used? (More

155955cc-666171a2-20fac832-0c042c0420

select)

Which three aspects should be considered in the design of cloud platform security solutions? (multiple choice)

What are the typical technologies of anti-virus engines (multiple choice)

In the following options, which of the two attacks use similar attack methods, they will generate a large number of useless response packets, occupying network bandwidth,

Consume equipment resources?

The realization of content security filtering technology requires the support of the content security combination license.

When configuring the URL filtering configuration file, www.bt.com is configured in the URL blacklist-item: At the same time, set it in the custom URL category.

A URL is set as bt.com, and the action of customizing URL classification is a warning. Regarding the above configuration, which of the following statements are correct? (More

select)

When you suspect that the company ' s network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Regarding intrusion prevention, which of the following option descriptions is wrong

The configuration command to enable the attack prevention function is as follows; n

[FW] anti-ddos syn-flood source-detect

[FW] anti-ddos udp-flood dynamic-fingerprint-learn

[FW] anti-ddos udp-frag-flood dynamic fingerprint-learn

[FW] anti-ddos http-flood defend alert-rate 2000

[Fwj anti-ddos htp-flood source-detect mode basic

Which of the following options is correct for the description of the attack prevention configuration? (multiple choice)

Which of the following descriptions about the black and white lists in spam filtering is wrong? c

Under the CLI command, which of the following commands can be used to view the AV engine and virus database version?

Which of the following behaviors is a false positive of the intrusion detection system?

With regard to APT attacks, the attacker often lurks for a long time and launches a formal attack on the enterprise at the key point of the incident.

Generally, APT attacks can be summarized into four stages:

1. Collecting Information & Intrusion

2. Long-term lurking & mining

3. Data breach

4. Remote control and penetration

Regarding the order of these four stages, which of the following options is correct?