Special Summer Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

H12-722_V3.0 HCIP-Security-CSSN V3.0 Questions and Answers

Questions 4

For the description of URPF technology, which of the following options are correct? (multiple choice)

Options:

A.

The main function is to prevent network attacks based on source address spoofing.

B.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

C.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

D.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

Buy Now
Questions 5

Regarding computer viruses, which of the following options is correct?

Options:

A.

Patching the system can completely solve the virus intrusion problem

B.

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

C.

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

D.

All computer viruses must be parasitic in files and cannot exist independently

Buy Now
Questions 6

Which of the following options belong to the keyword matching mode? (multiple choice)

Options:

A.

Text

B.

Regular expressions

C.

Community word

D.

Custom keywords

Buy Now
Questions 7

Which of the following elements does PDCA include? (Choose 3 answers)

Options:

A.

Plan

B.

Implementation

C.

termination

D.

Monitoring

Buy Now
Questions 8

Regarding the sequence of the mail transmission process, which of the following is correct?

1. The sender PC sends the mail to the designated SMTP Server.

2. The sender SMTP Server encapsulates the mail information in an SMTP message and sends it to the receiver SMTP Server according to the destination address of the mail

3. The sender SMTP Server encapsulates the mail information in an SMTP message according to the destination address of the mail and sends it to the receiver POP3/MAP Senver

4. The recipient sends an email.

Options:

A.

1->2->3

B.

1->2->4,

C.

1->3->2

D.

1->4->3

Buy Now
Questions 9

Regarding Huawei's anti-virus technology, which of the following statements is wrong?

Options:

A.

The virus detection system cannot directly detect compressed files

B.

The anti-virus engine can detect the file type through the file extension

C.

Gateway antivirus default file maximum decompression layer is 3 layers

D.

The implementation of gateway antivirus is based on proxy scanning and stream scanning

Buy Now
Questions 10

Regarding traditional firewalls, which of the following statements are correct? (multiple choice)

Options:

A.

Lack of effective protection against application layer threats.

B.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

C.

Ability to quickly adapt to changes in threats.

D.

Unable to accurately control various applications, such as P2P, online games, etc. .

Buy Now
Questions 11

Which of the following statement is correct about Policy Center system client function?

Options:

A.

NAC Agent support MAC account login.

B.

Web page login for authentication and can perform checks Strategy.

C.

Web Agent login for identity certification and security certification.

D.

NAC Agent cannot be installed on Windows Vista operating system.

Buy Now
Questions 12

After the user deploys the firewall anti-virus strategy, there is no need to deploy anti-virus software

Options:

A.

True

B.

False.

Buy Now
Questions 13

In the penetration stage of an APT attack, which of the following attack behaviors will the attacker generally have?

Options:

A.

Long-term latency and collection of key data.

B.

Leak the acquired key data information to a third party of interest

155955cc-666171a2-20fac832-0c042c044

C.

Through phishing emails, attachments with 0day vulnerabilities are carried, causing the user's terminal to become a springboard for attacks.

D.

The attacker sends a C&C attack or other remote commands to the infected host to spread the attack horizontally on the intranet.

Buy Now
Questions 14

Due to differences in network environment and system security strategies, intrusion detection systems are also different in specific implementation. From the perspective of system composition, the main

Which four major components are included?

Options:

A.

Event extraction, intrusion analysis, reverse intrusion and remote management.

B.

Incident extraction, intrusion analysis, intrusion response and on-site management.

C.

Incident recording, intrusion analysis, intrusion response and remote management.

D.

Incident extraction, intrusion analysis, intrusion response and remote management.

Buy Now
Questions 15

Which of the following types of attacks are DDoS attacks? 2I

Options:

A.

Single packet attack

B.

Floating child attack

C.

Malformed message attack

D.

Snooping scan attack

Buy Now
Questions 16

In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed

In the high-performance engine. Which of the following is not the content security detection function supported by this product?

Options:

A.

Application recognition and perception

B.

URL classification and filtering

C.

Video content filtering

D.

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

Buy Now
Questions 17

Regarding the strong statement of DNS Request Flood attack, which of the following options is correct?

Options:

A.

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

B.

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

C.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

D.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

Buy Now
Questions 18

The core technology of content security lies in anomaly detection, and the concept of defense lies in continuous monitoring and analysis.

Options:

A.

True

B.

False

Buy Now
Questions 19

When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Options:

A.

Planting malware

B.

Vulnerability attack

C.

Web application attacks

D.

Brute force

Buy Now
Questions 20

The user needs of a university are as follows:

1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

3. At the same time, some pornographic websites in the student area are prohibited.

The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

155955cc-666171a2-20fac832-0c042c0415

Options:

A.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

B.

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

C.

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

D.

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

Buy Now
Questions 21

The following figure shows the configuration of the URL filtering configuration file. Regarding the configuration, which of the following statements is correct?

Options:

A.

The firewall will first check the blacklist entries and then the whitelist entries.

B.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

C.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

D.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

Buy Now
Questions 22

Huawei WAF products are mainly composed of front-end execution, back-end central systems and databases. Among them, the database mainly stores the front-end detection rules and black

Whitelist and other configuration files.

A True

B. False

Options:

Buy Now
Questions 23

When the Anti DDoS system finds the attack flow, the state will redirect the attack flow to the cleaning device. After the cleaning device is cleaned, it will flow back.

Note to the original link, which of the following options does not belong to the method of re-injection?

Options:

A.

Policy routing back annotation,

B.

GRE back note:

C.

MPLS LSP back injection

D.

BGP back-annotation

Buy Now
Questions 24

Which of the following descriptions are correct for proxy-based anti-virus gateways? (multiple choice)

Options:

A.

The detection rate is higher than the flow scanning method

B.

System overhead will be relatively small

C.

Cache all files through the gateway's own protocol stack

D.

More advanced operations such as decompression, shelling, etc. can be performed

Buy Now
Questions 25

Anti-DDoS defense system includes: management center, detection center and cleaning center.

Options:

A.

True

155955cc-666171a2-20fac832-0c042c0421

B.

False

Buy Now
Questions 26

Threats detected by the big data intelligent security analysis platform will be synchronized to each network device at the same time C and then collected from the network device

Collect it in the log for continuous learning and optimization.

Options:

A.

True

155955cc-666171a2-20fac832-0c042c0433

B.

False

Buy Now
Questions 27

Terminal fault diagnosis tool can diagnose fault, also can collect terminal information.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

Among the following options, which attack is a malformed packet attack based on the TCR protocol?

Options:

A.

Teardrop attack

B.

Ping of Death attack

C.

IP Spoofng attack

D.

Land attack

Buy Now
Questions 29

For special message attacks, which of the following option descriptions is correct?

A Special control packet attack is a potential attack and does not have direct destructive behavior

B. The attacker probes the network structure by sending special control messages to launch a real attack.

C. Special control message attacks do not have the ability to detect the network structure. Only scanning attacks can detect the network.

D. Special control message items can only use ICMP to construct attack messages.

Options:

Buy Now
Exam Code: H12-722_V3.0
Exam Name: HCIP-Security-CSSN V3.0
Last Update: May 14, 2022
Questions: 196

PDF + Testing Engine

$79.2  $175.99

Testing Engine

$59.4  $131.99
buy now H12-722_V3.0 testing engine

PDF (Q&A)

$49.5  $109.99
buy now H12-722_V3.0 pdf