H12-722_V3.0 HCIP-Security-CSSN V3.0 Questions and Answers

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

True

155955cc-666171a2-20fac832-0c042c0433

False

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

After the file decompression fails, the file will still be filtered. .

The application identification module can identify the type of application that carries the file.

Protocol decoding is responsible for analyzing the file data and file transmission direction in the data stream.

The file type recognition module is responsible for identifying the true type of the file and the file extension based on the file data

True

False

Warning

Block

Declare

Delete attachments

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

strategy management center only support the default place

The default place only support by way of cable access network scenario

can be customized places

when allocation strategy template for the end user, need to select the corresponding places

The file filtering module will compare the application type, file type, and transmission direction of the file identified by the previous module with the file filtering rules configured by the administrator.

Then the lookup table performs matching from top to bottom.

If all the parameters of Wenzhu can match all file filtering rules, then the module will execute the action of this file filtering rule.

There are two types of actions: warning and blocking.

If the file type is a compressed file, then after the file filtering check, the female file will be sent to the file decompression module for decompression and decompression.

Press out the original file. If the decompression fails, the file will not be re-filed.

Threaten the security of the user's host and network.

Some viruses can be used as intrusion tools, such as Trojan horse viruses,

Control the host computer's accumulated limit and the user's data, and some viruses may even cause damage to the host's hardware.

Can easily pass the defense of Huawei USG6000 products

Text

Regular expressions

Community word

Custom keywords

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

The weight value is 8, you can visit the web page

The weight value is 10, and the page cannot be accessed

The weight value is 8, the page cannot be accessed

The weight value is 10, you can ask the web page before

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

True

False

lAE's content security detection functions include application identification and perception, intrusion prevention, and Web application security.

Full English name: intelligent Awareness Engine.

The core of C.IAE is to organically centralize all content security-related detection functions.

The security detection of the IAE engine is parallel, using a message-based file processing mechanism, which can receive file fragments and perform security checks.

Long-term latency and collection of key data.

Leak the acquired key data information to a third party of interest

155955cc-666171a2-20fac832-0c042c044

Through phishing emails, attachments with 0day vulnerabilities are carried, causing the user's terminal to become a springboard for attacks.

The attacker sends a C&C attack or other remote commands to the infected host to spread the attack horizontally on the intranet.

ID

Message length

Agreement

Direction

By IP addresses

By terminal type

By account

By user information

400.

404

200

503

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

Confidentiality

Integrity

Availability

Recoverability

The content in No. 2 must be configured.

In addition to this page configuration, you also need to enable the firewall and sandbox linkage, otherwise the page configuration is invalid

The content in No. 4 must be configured.

After the configuration is completed, you need to submit the configuration to take effect.

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.