H12-724 HCIP-Security (Fast track) V1.0 Questions and Answers

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

S5720HI Series Switch:

AR Series router

USG6000 Series firewall

SVN5600 series

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

True

False

After the file decompression fails, the file will still be filtered. .

The application identification module can identify the type of application that carries the file.

Protocol decoding is responsible for analyzing the file data and file transmission direction in the data stream.

The file type recognition module is responsible for identifying the true type of the file and the file extension based on the file data

Install the operating system

Install the database

Install antivirus software

Import License

Block

Declare

Alarm

Execution

Plan

Implementation

termination

Monitoring

When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.

When the terminal NAC Agent uninstall, the scanner can send alarm information.

the scanner by the SNMP protocol to obtain network equipment resources information.

scanner and Policy Center controller linkage scan tasks.

The biggest difference between the two is MAC Bypass authentication belongs to 802 1X Certification, while MAC Certification does not belong to 802 1X Certification.

If a network can connect to dumb terminals(printer,IP telephone), The text may be connected to a portable computer, please use MAC Bypass authentication:First try 802 1X Authentication, try again if authentication fails MAC Certification

If a network will only connect to dumb terminals(printer,IP telephone),please use MAC Certification in order to shorten the certification time.

MAC Authentication MAC One more bypass authentication 802 In the instrument certification process, the open time is longer than MAC The bypass authentication time is long.

1-2-3-4

4-2-3-1

3-2-1-4

2-3-1-4

Directly discard data sent by devices that do not comply with regulations

Certification of non-compliant equipment.

Check for non-compliant terminals, Prohibit unsafe devices from accessing the network.

Send alarm information to notify the administrator to deal with it.

DHCP

ARP

CAPWAP

802.11MAC

all Ad-hoc The device will be directly judged as an illegal device

Not this AC Access AP Is illegal AP

Not this AC Access STA Is illegal STA

Not this AC Access STA,Also need to check access AP Does it contain law

True

False

MAC Certification

Password authentication

Not certified:

SN Certification

True

False

UDP fingerprint learning

Associated defense

current limit

First packet discarded

Hacking

Weak personal safety awareness

Open company confidential files

Failure to update the virus database in time

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so

Not vulnerable to attack.

The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes

Need a lot of monitors.

It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.

True

False

Threaten the security of the user's host and network.

Some viruses can be used as intrusion tools, such as Trojan horse viruses,

Control the host computer's accumulated limit and the user's data, and some viruses may even cause damage to the host's hardware.

Can easily pass the defense of Huawei USG6000 products

After completing the configuration, SACG can successfully link with the Agile Controller-Campus.

After completing the configuration, SACG cannot successfully link with Agile Contrlle-Campus. P

Can issue pre-authentication domain ACL.

The linkage cannot be successful but the terminal can access the pre-authentication domain server.

Exemption from approval

Administrator approval

Receptionist approval

Self-approved by visitors

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

Users can use Any Office Perform authentication.

User can't use web Way to authenticate.

Users can use Web Agent Perform authentication.

Users can use their own 802. 1X The client authenticates.

True

False

Address scanning

Buffer overflow p

Port scan

IP spoofing

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

example

www. abc. example. com

www.abc. example

example. com

True

False

True

False

Viruses are triggered by computer users

Viruses can replicate themselves

Trojan horses are triggered by computer users

Trojans can replicate themselves

Ordinary account

Guest account

Anonymous account

Mobile certificate account

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

htttp://www.abcd. com:8080/news/education. aspx

htttp://www.abcd. com:8080,te

/news/education. aspx

/news/education. aspx?name=tom&age=20

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

1812

1813

50200

50300

Resource pool mechanism

weighting mechanism

load balancing

Hot Standby

True

False

Fraggle and Smurt

Land and Smurf

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

Teardrop and Land35

Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.

Main IP is the Policy Center reaches the next-hop firewall device interface address

True

False

True

False

True

False

The detection rate is higher than the flow scanning method

System overhead will be relatively small

Cache all files through the gateway's own protocol stack

More advanced operations such as decompression, shelling, etc. can be performed

True

False

Deployment Management Center MC Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

SACG and IP address 2.1.1.1 server linkage is not successful

SACG linkage success with controller.

master controller IP address is 1.1.1.2.

master controller IP address is 2.1.1.1.