H12-724 HCIP-Security (Fast track) V1.0 Questions and Answers

the exception equipment IP is not in controlled network segment.

terminal in isolation domain can not access exception equipment .

only through security authentication terminals can access exception equipment.

through identity authentication terminals can access exception equipment.

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

True

False

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

True

False

SACG and IP address 2.1.1.1 server linkage is not successful

SACG linkage success with controller.

master controller IP address is 1.1.1.2.

master controller IP address is 2.1.1.1.

1812

1813

50200

50300

True

False

True

False

Computer is infected by U disk virus

Abnormal power interruption in the computer room

Tampering with Web pages

Copy/view sensitive data

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

Page customization stage

Account application stage

User authentication phase

Audit and cancellation stage

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

True

False

Deployment Management Center MC Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

The control server address is 10.1.10.34

The authentication device address is 10.1.31.78

Status is"Working"Indicates that the switch and Controller Linkage is successful

current Controller The server is backup n

IPS policy is not submitted for compilation

False Policy IDs are associated with IPS policy domains

The IPS function is not turned on

Bypass function is closed in IPS

bandwidth

Forwarding priority

Authority

Strategy

Use a common account to execute sh uninstall.sh in the Agile Controller/Uninstall directory to start the uninstallation program.

Use the root account to execute sh uninstall.sh in the Agile Controller directory to start the uninstallation program. :

On the Windows platform, select "Start > All Programs > Huawei > Agile Controller > Server Startup config".

On the Windows platform, select "Start > All Programs > Huawei > Agile Controller > Uninstall

True

False.

The aggregation layer device is not configured RADIUS Certification template.

Agile Controller-Campus The switch is not added on NAS equipment.

Connect to the terminal on the device to open 802.1X Function.

The Layer 2 link is used between the access device and the aggregation device, and it is not turned on 802 Instrument transparent transmission function

By IP addresses

By terminal type

By account

By user information

TRUE

FALSE

Patch management and Windows The patch check strategy can check whether the terminal host has installed the specified Windows Make system patches.

Windows Patch check strategy focuses on checking whether the terminal host is installed Windows Operating system patches.

When the terminal host does not install the specified Windows When making a system patch, according to Windows The patch check policy prohibits terminal hosts from accessing the controlled network.

Patch management focuses on checking whether the terminal host has installed the specified patch,Perform access control on the terminal host.

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

1- > 2- > 3

1- > 2- > 4,

1- > 3- > 2

1- > 4- > 3

Centralized deployment

Distributed deployment

Hierarchical deployment

Both centralized deployment and distributed deployment are possible

Keywords contained in the content of the uploaded file

Keywords contained in the downloaded file

File type

File upload direction 335

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources > Users > User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan > User > User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

UDP fingerprint learning

Associated defense

current limit

First packet discarded

2

3

4

5

The registry does not contain the mandatory requirements of the policy"Subkeys and key values".

The registry contains the mandatory requirements of the policy"Subkeys and key values",

The registry contains the prohibited"Subkeys and key values"W

The registry does not contain any prohibited by this policy"Subkeys and key values"

True

False

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

Discard message

URL Address redirected to Portal Authentication page

Direct travel

Send authentication information to authentication server

Straight forward to return authentication failure information.

Discard user information.

User 91 Information sent to AD The server performs verification.

Synchronize the database again.

True

False

When adding accounts individually, you can choose to create them individually.

If there are a lot of users, you can choose to create in batches.

If there are many users, you can choose database synchronization

In order to facilitate management and improve user experience, self-registration can be used.

True

False

True

False

The user domain is generally composed of various terminal users. The terminals in this area have the characteristics of large numbers, wide distribution, and strong mobility.

The business domain is a platform for the heavy load of business flows. According to the needs of the enterprise, security technology is used to logically divide the business to realize the security of the network.

The network domain is the most concerned security protection area of various enterprises, and it carries the important and core information assets of the enterprise.

The service domain is the area that provides security services for the corporate intranet. This area is generally composed of systems that provide security services such as antivirus servers, patch management servers, and terminal security servers.

CAPWAP The data tunnel can be used DTLS Encrypted.

DTLS Support two authentication methods:Certificate authentication(out AC,AP Already brought)with PSK Password authentication.

DTLS Encryption can guarantee AC The issued control messages will not be eavesdropped on.

Use the certificate method to carry out DTLS Negotiation, the certificate is only used to generate the key, not right AP Perform authentication.

Wired access

Wireless access

VPN Access

802.1X Access

The access layer switch does not start EAP Transparent transmission function.

wireless 02K In the scenario, the access control device is not equipped with a security board

AD The service controller is not added in the authentication scenario AD area.

The user account or password is incorrectly configured.

True

False

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

www file

PE file

Picture file

Mail

The firewall will first check the blacklist entries and then the whitelist entries.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

True

155955cc-666171a2-20fac832-0c042c0421

False

After the configuration is complete, the switch will automatically release the data flow to access the security controller,No need for manual configuration by the administrator.

This configuration allows users to access network resources before authentication.

After the configuration is complete, the administrator still needs to manually configure the release network segment

Only after the authentication is passed, the terminal can access 10.1.31.78 Host.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

③④①②

③④②①

④①②③

④②①③

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

True

False

exist Any Office When logging in with an account for the first time, the terminal host is automatically bound to the current account, but the automatic binding process requires administrator approval

When other accounts need to be authenticated on the bound terminal host, there is no need to find the asset owner who is bound for the first time to authorize themselves.

Binding terminal hosts and accounts is only applicable to terminal users through Any Office Scenarios for authentication, Not applicable Web Agent Plugins and Web The scenario where the client authenticates.

There are only consoles in the account binding terminal host, which cannot be configured by the administrator.

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

TCP packets

UDP packet

ICMP message

FTP message

MAC authentication does not require users to install any client software.

The user name format used by MAC authentication is only one of MAC address user name format.

MAC authentication actually uses 802 1X authentication method.

MAC bypass authentication solves the situation of both 802.1x client authentication and MAC authentication in the same network environment.

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

The biggest difference between the two is MAC Bypass authentication belongs to 802 1X Certification, while MAC Certification does not belong to 802 1X Certification.

If a network can connect to dumb terminals(printer,IP telephone), The text may be connected to a portable computer, please use MAC Bypass authentication:First try 802 1X Authentication, try again if authentication fails MAC Certification

If a network will only connect to dumb terminals(printer,IP telephone),please use MAC Certification in order to shorten the certification time.

MAC Authentication MAC One more bypass authentication 802 In the instrument certification process, the open time is longer than MAC The bypass authentication time is long.

Basic networking includes deploying one SM Server, one SC Server, one DB and a AE server.

AE In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SC server.

SC In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SM server.

DB In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup DB..

True

False

True

False

True

False

172.18.11.221 It is the server of the isolation domain.

The escape route was opened.

172.18.11.223 It is a post-domain server.

The terminal host stream is the default ACL Blocked.

4-1-2-3

1-4-2-3

1-3-2-4

2-4-1-3:

Install the operating system

Install the database

Install antivirus software

Import License

Configuration plane

Business plane

Log plane

Data forwarding plane

Press "0U" to synchronize

AO Synchronize by "group", "0U describes the organizational structure

AO Press "Group" "Synchronize," "Group" Jida organization structure

LDAP synchronization by "group"

Data analysis, data classification, post-processing

Data processing, data classification, post-processing

Data processing, attack classification, post-processing

Data processing, data classification, attack playback

WLAN Is to adopt 80211 Technical WiFi

WLAN There are two basic architectures: FAT AP with AC+FIT AP

AC+FATAP The architecture is suitable for medium and large use scenarios

AC+FITAP Autonomous network architecture

Through the entire authentication process, the terminal passes EAP The message exchanges information with the server.

Terminal and 802.1X Switch EAP Message interaction,802.1X Switch and server use Radius Message exchange information

802.1X Authentication does not require security policy checks.

use MD5 The algorithm checks the information.

True

False

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

The file extension does not match.

Unrecognized file type

File corruption

The file is compressed

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

default ACL The rule group number can be arbitrarily specified.

default ACL The rule group number can only be 3999.

due to SACG Need to use ACL3099-3999 To pick TSM The rules issued by the system, so in the configuration TSM Before linkage, you need to ensure these ACL Not referenced by other functions.

The original group number is 3099-3999 of ACL Even if it is occupied, it can be successfully activated TSM Linkage.

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

1-3-5-4-2-6-7-8

1-3-5-6-7-4-8-2

1-3-2-7-6-4-5-8

1-3-2-4-8-6-5-7

Authentication

Isolation repair'

Security check

Access control

A serious violation will prohibit access to the post-authentication domain.

The access control list of the post-authentication domain has not been delivered SACG.

ALC The number of rules issued is too many, and a lot of time is required to match, causing interruption of access services.

Agile Controller-Campus Wrong post-authentication domain resources are configured on the server.

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

Intrusion prevention is a new security defense technology that can detect and prevent intrusions.

Intrusion prevention is a security mechanism that detects intrusions (including buffer overflow attacks, Trojan horses, worms, etc.) by analyzing network traffic

Intrusion prevention can block attacks in real time.

Intrusion prevention technology, after discovering an intrusion, the firewall must be linked to prevent the intrusion

The security policy does not reference the anti-virus configuration file.

The anti-virus configuration file is configured incorrectly.

The virus signature database version is older.

No virus exceptions are configured.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

True

False

The black and white list is matched by extracting the destination IP address of the SMTP connection

The black and white list is matched by the sender's dns suffix

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

True

False

User use portal Page for authentication

Users follow WeChat for authentication.

User use IAC Client authentication

User use Pota At the first certification,RAOIUS Used by the server cache terminal MAC Address, if the terminal goes offline and then goes online again within the validity period of the cache,RAIUS The server directly searches the cache for the terminal's MAC The address is discussed.

True

155955cc-666171a2-20fac832-0c042c0433

False

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

strategy management center only support the default place

The default place only support by way of cable access network scenario

can be customized places

when allocation strategy template for the end user, need to select the corresponding places

The basic mode can effectively block the access from the Feng Explor client.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

True

False

Worms exist in a parasitic way

155955cc-666171a2-20fac832-0c042c0413

Viruses mainly rely on system vulnerabilities to spread

The target of the worm infection is other computer systems on the network.

The virus exists independently in the computer system.

True

False

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

Patching the system can completely solve the virus intrusion problem

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

All computer viruses must be parasitic in files and cannot exist independently

Configure RADIUS authentication and accounting on the RADIUS server.

Configure the Agile Controller-Campus for local data source authentication, receive the packets sent by the device, and perform authentication.

Configure RADIUS authentication and accounting on the device side. W"

Configure RADIUS authentication and authorization on the Agile Controller-Campus.

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

Access control

Encrypted access

Business isolation

Audit billing

True

False