H12-724 HCIP-Security (Fast track) V1.0 Questions and Answers

True

False

True

False

True

False

Intrusion prevention is a new security defense technology that can detect and prevent intrusions.

Intrusion prevention is a security mechanism that detects intrusions (including buffer overflow attacks, Trojan horses, worms, etc.) by analyzing network traffic

Intrusion prevention can block attacks in real time.

Intrusion prevention technology, after discovering an intrusion, the firewall must be linked to prevent the intrusion

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

Centralized deployment

Distributed deployment

Hierarchical deployment

Two-machine deployment

The file filtering module will compare the application type, file type, and transmission direction of the file identified by the previous module with the file filtering rules configured by the administrator.

Then the lookup table performs matching from top to bottom.

If all the parameters of Wenzhu can match all file filtering rules, then the module will execute the action of this file filtering rule.

There are two types of actions: warning and blocking.

If the file type is a compressed file, then after the file filtering check, the female file will be sent to the file decompression module for decompression and decompression.

Press out the original file. If the decompression fails, the file will not be re-filed.

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

True

False

True

False

When the account number is reserved, only the sword type number cannot be authenticated on the bound terminal device, and it can be authenticated normally on other terminal devices.

The account is locked on all terminal devices and cannot be recognized.

If you want to lock out the account, the administrator can only delete the account from the list.

After the lock time, the account will be automatically unlocked

Directly discard data sent by devices that do not comply with regulations

Certification of non-compliant equipment.

Check for non-compliant terminals, Prohibit unsafe devices from accessing the network.

Send alarm information to notify the administrator to deal with it.

WLAN Is to adopt 80211 Technical WiFi

WLAN There are two basic architectures: FAT AP with AC+FIT AP

AC+FATAP The architecture is suitable for medium and large use scenarios

AC+FITAP Autonomous network architecture

True

False

True

False

Straight forward to return authentication failure information.

Discard user information.

User 91 Information sent to AD The server performs verification.

Synchronize the database again.

File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.

When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type

Detection.

When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.

When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.

True

False

True

False

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

Warning

Block

Declare

Delete attachments

True

False

Deploy the main DB

Deploy image DBO

Deploy witness DB

Deploy MC and SM dual machine backup

Isolation domain refers to the area that the terminal host can access before passing the identity authentication, such as DNS server, external authentication source, business controller (SC)c The area where the service manager (SM) is located.

Isolation domain refers to the area that is allowed to be accessed when the terminal user passes the identity authentication but fails the security authentication, such as patch server, virus database server. The area where the server is located.

Isolation domain refers to the area that terminal users can access after passing identity authentication and security authentication, such as ERP system, financial system database system. The area where you are.

End users can access the isolated domain regardless of whether they pass identity authentication.

TCP packets

UDP packet

ICMP message

FTP message

abcde

abcdde

abclde

abc+de

True

False

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

True

False

True

False

exist Any Office When logging in with an account for the first time, the terminal host is automatically bound to the current account, but the automatic binding process requires administrator approval

When other accounts need to be authenticated on the bound terminal host, there is no need to find the asset owner who is bound for the first time to authorize themselves.

Binding terminal hosts and accounts is only applicable to terminal users through Any Office Scenarios for authentication, Not applicable Web Agent Plugins and Web The scenario where the client authenticates.

There are only consoles in the account binding terminal host, which cannot be configured by the administrator.

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Install the operating system

Install the database

Install antivirus software

Import License

True

False

Discard message

URL Address redirected to Portal Authentication page

Direct travel

Send authentication information to authentication server

True

False

Software and Patch

sharing information and system account information

System Log

processes, services and startup

True

155955cc-666171a2-20fac832-0c042c0433

False

True

False

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

Resource pool mechanism

weighting mechanism

load balancing

Hot Standby

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

The priority of the coverage signature is higher than that of the signature in the signature set.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain either predefined signatures or custom signatures. 832335

router

switch

Firewall

IPS

ARP Message

DHCP Message P

DHCPv6 Message

ICMP Message

True

False

Server layer

Network device layer

Access control layer

User access layer

Policy routing back annotation,

GRE back note:

MPLS LSP back injection

BGP back-annotation

Infrastructure security

Tenant security

How to do a good job in management, operation and maintenance

Hardware maintenance

Both the aggregation layer and the access layer switches need to be turned on 802.1X Function.

Access layer switch needs to be configured 802. 1X Transparent transmission of messages.

The aggregation switch needs to be configured 802 1X Transparent transmission of messages.

No special configuration required

It can identify the application that carries the file, the file transfer direction, the file type and the file extension.

Even if the file type is modified, it can also identify the true type of the file

It can identify the type of files transmitted by itself, and can block, alert and announce specific types of files.

It supports filtering the contents of compressed files after decompression. "