Improve Your Knowledge with H12-711_V4.0-ENU Exam Dumps

Category:

Comments:

0 Comments

Post Date:

March 26, 2023

Practicing with H12-711_V4.0-ENU questions can help you identify areas where you need to improve your knowledge. By answering H12-711_V4.0-ENU questions and reviewing your responses, you can identify gaps in your understanding and focus your study efforts on those areas. The H12-711_V4.0-ENU exam has a strict time limit, and you need to manage your time effectively to answer all the questions. Practicing with Huawei H12-711_V4.0-ENU dumps questions can help you develop time management skills by simulating the exam's time constraints. You'll learn how to pace yourself, manage your time effectively, and ensure that you complete the H12-711_V4.0-ENU exam within the allotted time. Test Huawei H12-711_V4.0-ENU exam free dumps below.

Page 1 of 29

1. The limitation of misuse detection technology is that it only detects suspicious behaviors in the system based on known intrusion sequences and system defect patterns, but cannot handle the detection of new intrusion attacks and unknown and potential system defects.

True

False

2. If there are actual changes to the company structure, the feasibility of the business continuity plan needs to be retested

True

False

3. Which of the following messages are needed when establishing an L2TP session? (Multiple Choice)

SCCRP

ICRP

ICRQ

SCCRQ

4. From the time when the original packet enters the GRE tunnel to when the GRE packet is transferred out by the firewall, the packet spans the relationship between two domains.

As shown in the figure, after the original packet is encapsulated by GRE, when the firewall forwards the packet, which of the following security zones does the packet pass through?

DMZ-->Trust

Trust-->DMZ

Untrus-->Local

Local-->Untrust

5. Which of the following statements about electronic evidence sources is incorrect?

Fax materials and mobile phone recordings are electronic evidence related to communication technology.

Movies and TV series are electronic evidence related to network technology.

Database operation records and operating system logs are computer-related electronic evidence•

Operating system logs, e-mail, and chat records can all be used as sources of electronic evidence.

6. Establish L2TP session

1->2->3->5->4

1->5->3->2->4

2->1->5->3->4

2->3->1->5->4

7. When a user uses the Web to log in to the firewall, the security policy between the user's security zone and which of the following security zones needs to be opened?

Trust

DMZ

Local

Untrust

8. In anti-virus software, () technology can analyze compressed files, embellished files, and packaged files.

9. Which of the following descriptions of symmetric encryption technology is incorrect?

The system overhead is small.

Good scalability.

High efficiency and simple algorithm.

Suitable for encrypting large amounts of data.

10. As shown in the figure, a TCP connection has been established between PC1 and PC2. PC1 issued a FIN request for this connection, and PC2 responded with an ACK. Which of the following descriptions is correct?

The TCP connection from PC1 to PC2 has been completely closed.

The TCP connection from PC1 to PC2 is in a semi-closed state, and PC1 can still send data to PC2.

The TCP connection from PC1 to PC2 is in a semi-closed state, and data can no longer be sent through this connection.

The TCP connection from PC1 to PC2 is in a semi-closed state, and PC2 can still send data to PC1.

Page 2 of 29

11. Huawei USG firewall VRRP advertisement messages are multicast messages, so each firewall in the backup group must be able to achieve direct Layer 2 interoperability.

True

False

12. Netstream can perform traffic classification statistics based on the five-tuple in IPv4 packets.

True

False

13. RADIUS uses TCP as the transmission protocol and has high reliability

True

False

14. Drag the warning levels of network security emergency response on the left into the box on the right, and arrange them from top to bottom in order of severity from high to low.

Orange Alert

Yellow Alert

Red Alert

Blue Alert

15. Commonly used scanning tools include: port scanning tools, vulnerability scanning tools, application scanning tools, database scanning tools, etc.

True

False

16. By default, the firewall does not authenticate the data flows passing through it. You need to configure the authentication policy to filter out the data flows that need to be authenticated and authenticate them.

True

False

17. After the device is restarted, which of the following configurations will be synchronized during automatic configuration synchronization of the active and standby firewalls? (Multiple Choice)

OSPF

BGP

Security policy

NAT strategy

18. In IPsec VPN transmission mode, which part of the data packet is encrypted?

Network layer and upper layer data messages

Original IP header

New IP header

Transport layer and upper layer data messages

19. Which of the following authentication methods does IKEv1 support? (Multiple Choice)

Pre-shared key

RSA signature

Digest Verification

Digital Envelope Authentication

20. When AntiDos statistics detect attack traffic, it will divert the attack traffic to the cleaning device. After the cleaning device completes cleaning, it will inject the traffic back to the original link. Which of the following options does not belong to the back-injection method?

Policy routing back injection

GRE back injection

MPLS LSP reinjection

BGP back-injection

Page 3 of 29

21. Which of the following protection levels are included in the TCSEC standard? (Multiple Choice)

Verify protection level

Mandatory protection level

Autonomous protection level

Passive protection level

22. Among the following options, which one is not a private IP address?

192.168.254.254/16

172.32.1.1/24

10.32.254.254/24

10.10.10.10/8

23. As shown in the figure, in transmission mode, which of the following positions should the AH Header be inserted into?

24. Which of the following methods can implement AD single sign-on? (Multiple Choice)

Install the single sign-on service program to receive messages from the PC

Install the single sign-on service program to receive messages from the server

Install the single sign-on service program to query the AD server security log

Firewall monitors AD authentication messages

25. Regarding firewall security policy, which of the following options is incorrect?

If the security policy is permit, the discarded packets will not accumulate the "number of hits"

When configuring the security policy name, the same name cannot be reused

Adjust the order of security policies. There is no need to save the configuration file. It will take effect immediately.

The number of security policy entries for Huawei USG series firewalls cannot exceed 128.

26. Which of the following configurations can implement the NAT ALG function?

nat alg protocol

alg protocol

nat protocol

detect protocol

27. Which of the following descriptions about digital signatures is incorrect?

A digital signature is data obtained by encrypting a digital fingerprint with the sender's own private key.

Digital signature technology proves that the information has not been tampered with

Use the public key to decrypt the digital signature to obtain the digital fingerprint

Digital signature technology proves the identity of the recipient

28. Which of the following attacks can DHCP Snooping prevent? (Multiple Choice)

DHCP Server Bogus Attack

Man-in-the-middle and IP/MAC spoofing attacks

IP spoofing attack

Attack using fake DHCP lease renewal messages using the option82 field

29. In the firewall authentication policy, () allows the user to obtain the corresponding relationship between the user and IP without entering the user name and password, so as to conduct policy management based on the user.

30. Network anti-virus technology deploys anti-virus strategies on security gateways.

True

False

Page 4 of 29

31. Which of the following messages are RADIUS messages? (Multiple Choice)

Accounting-Request

Access-Accept

Access-Request

Accounting-Response

32. Please match the following nouns with the corresponding characteristics.

33. Please match the following certificate types with the corresponding characteristics.

34. Which of the following descriptions of the iptables table functions is incorrect?

NAT table: function of address translation.

Raw table: determines whether the data packet is processed by the status tracking mechanism.

Mangle table: modify security policy

Filter table: Policies that are allowed or not allowed in the data packet.

35. After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all information that can be backed up can be configured directly on the standby device, and the configuration on the standby device can be synchronized to the active device.

True

False

36. According to the logical architecture of the HiSec solution, please drag the levels divided by the HiSec solution on the left to the box on the right, and arrange them in order from top to bottom.

37. The company administrator uses the ping command to test the network connectivity. If he needs to specify the source address of the ehco-request message, what parameters does he need to append?

-i

-a

-c

-f

38. GRE, as a Layer 2 VPN encapsulation technology, can solve the transmission problem of heterogeneous networks.

True

False

39. IPSEC VPN technology does not support NAT traversal when encapsulated by ESP security protocol, because ESP encrypts the message header.

True

False

40. Regarding the problem that users with two-way binding in authentication-free mode cannot access network resources, which of the following options are possible reasons? (Multiple Choice)

Authentication-free users and authenticated users are in the same security area

Authentication-free users do not use PCs with specified IP/MAC addresses

The authentication action in the authentication policy is set to "Do not acknowledge account/Authentication-free"

The number of online users has reached the maximum number

Page 5 of 29

41. If the virtual group ID of VRRP is 2, which of the following is the MAC of the virtual router?

00-01-5E-00-01-02

00-10-5E-00-01-02

00-00-5E-00-00-02

00-00-5E-00-01-02

42. Which of the following descriptions of firewall characteristics is correct?

A firewall can prevent unauthorized information from the external network from being sent to the internal network.

The firewall is a comprehensive security device with a variety of security features and can defend against zero-day vulnerabilities.

Firewalls can protect against all external network threats

The firewall has an anti-virus function, so there is no need to deploy an anti-virus system in the network where the firewall is deployed.

43. When the switch receives a packet with the destination MC address 5489-981b-22ca on the E0/0/5 interface, it will discard it.

As shown in the picture, the picture shows the top of the MAC address forwarding table of a switch. Which of the following descriptions of the table items are correct? (Multiple Choice)

When the switch receives a packet with the destination MC address 5489-981b-22ca on the E0/0/5 interface, it will discard it.

The switch will flood when receiving packets with the destination MAC address 5489-7053-a24c on other active interfaces.

When the switch receives a packet with the destination MAC address 5489-7053-a24c on the EO/0/10 interface, it will discard it.

The switch will forward the packet received with the destination MAC address 5489-981b-22ca on the EO/0/5 interface.

44. Which of the following are multi-user operating systems? (Multiple Choice)

MSDOS

UNIX

LINUX

Windows

45. In the cloud-network integration scenario, AC-DCN issues the created virtual system commands to the NGFW through the () protocol.

46. Which of the following types of computer viruses can be divided into? (Multiple Choice)

Backdoor program

File virus

Trojan horse

Snailworm

47. Which of the following is used to encrypt digital fingerprints in digital signature technology?

Sender’s public key

Sender’s private key

Receiver’s public key

Receiver’s private key

48. SSL is a security protocol that provides secure connections for TCP-based application layer protocols.

True

False

49. NAT technology can achieve secure data transmission by encrypting data.

True

False

50. When forwarding unicast data, the Layer 2 switch needs to decapsulate the Layer 3 header of the message before forwarding it.

True

False

Page 6 of 29

51. The goal of a business continuity plan is to provide a quick, calm and effective response in an emergency, thereby enhancing the enterprise's ability to immediately recover from a disruptive event. Which of the following does it include? (Multiple Choice)

BCP documentation

Continuity Planning

Business Impact Assessment

Project Scope and Planning

52. In the firewall forwarding process, the matching order of the Server-map entries generated by the ASPF/NAT ALG function precedes the security policy. After the data packet matches the Server-map table of the ASPF/NAT ALG type, the security policy still needs to be released.

True

False

53. There are various security threats during the use of the server.

Which of the following options is not a server security threat?

Natural disaster

DDos attack

Hacker attack

Malicious programs

54. Which of the following protocols does not belong to the protocol type that ASPF can detect?

MSTP

FTP

DNS

PPTP

55. Please classify the following security defense methods into the correct categories.

56. Triplet NAT allows external devices to actively access the internal PC through the translated address and port. The firewall allows such access packets to pass even if no corresponding security policy is configured.

True

False

57. In the () view of the firewall, you can use the reboot command to restart the firewall.

58. Which of the following is not a default action of an intrusion prevention signature?

Redirect

Alarm

Block

release

59. Regarding NAT configuration, which of the following is incorrect?

Configure source NAT in transparent mode. The firewall does not support easy-ip mode.

The IP address in the address pool can overlap with the public IP address of the NAT server.

When there is VoIP service in the network, there is no need to configure NAT AL

The firewall does not support NAPT conversion of ESP and AH packets.

60. Network security situational awareness is the ability to dynamically and holistically gain insight into security risks based on the environment. It uses technologies such as data fusion, data mining, intelligent analysis, and visualization to intuitively display the real-time security status of the network environment to ensure network security. Provide technical support.

True

False

Page 7 of 29

61. Which of the following does not belong to the levels classified in network security incidents?

Major cybersecurity incidents

Special cybersecurity incidents

General cybersecurity incidents

Larger network security incidents

62. A business impact analysis (BIA) does not include which of the following?

Business priorities

Incident handling priority

Impact Assessment

Risk identification

63. In IPsec, data encapsulation has two modes: transmission and tunnel.

True

False

64. The firewall detects that a virus file is carried in the SMTP protocol. Which of the following is not a response action that the firewall may take?

Block

Alarm

Delete attachments

Declare

65. Which of the following descriptions of intrusion prevention signatures are correct? (Multiple Choice)

Incorrect custom signature settings may cause the configuration to be invalid, or even cause problems such as accidental packet discarding or service interruption.

Predefined signatures are signatures included in the intrusion prevention signature database

Intrusion prevention signatures are used to describe the characteristics of attack behavior in the network

The content of predefined signatures is not fixed and can be created, modified or deleted.

66. Deploying HiSec Insight in the enterprise network can effectively discover potential threats and advanced threats in the network, and achieve network-wide security situation awareness within the enterprise.

True

False

67. Which of the following functions can be achieved by shelling technology? (Multiple Choice)

Decoration file

Packed file

Packaging files

Compressed files

68. In response to network security incidents that occur, remote emergency response is generally carried out first. If the problem cannot be solved for the customer through remote access, after the customer confirms, it will be transferred to the local emergency response process.

True

False

69. Which of the following descriptions about the working principle of routers are correct? (Multiple Choice)

The router works at the data link layer

The router supports broadcast packets

The router needs to decapsulate the matching routing entry before forwarding the data packet, and then re-encapsulate it.

Routers can forward packets between different networks

70. Among the following options, which two attacks use similar attack methods, both of which generate a large number of useless response messages, occupy network bandwidth, and consume device resources?

Fraggle and Smurf

Land and Smurf

Fraggle and Land

Teardrop

Page 8 of 29

71. Which of the following options are methods of pseudonymizing data? (Multiple Choice)

Encryption

Generalization

Hash

Tokenize

72. In the security assessment method, the purpose of security scanning is to use scanning analysis and assessment tools to scan the target system in order to discover relevant vulnerabilities and prepare for attacks.

True

False

73. Which of the following operations cannot improve the anti-virus capability of the system?

It is not easy for users to open files from unknown sources.

Organize the hard drive to free up space.

Regularly upgrade anti-virus software.

Apply security patches regularly

74. Regarding the single sign-on supported by the firewall, which of the following is not included?

RADIUS single sign-on

ISM single sign-on

AD single sign-on

HWTACACS single sign-on

75. IPsec implements security protection of original messages through two security protocols () and ESP.

76. Which of the following descriptions about the harm of denial of service attacks is incorrect?

Cause the target machine to stop services or resource access

Causing irreparable physical damage to the target server

Use IP spoofing to force the target server to be unable to be connected by legitimate users

Force the target server's buffer to be full and not accept new requests.

77. What is the absolute number for logging in through the Console port?

78. The built-in Porral authentication method of Huawei firewall is only session authentication.

True

False

79. Drag the steps of the security assessment on the left into the box on the right, and arrange them from top to bottom in the order of execution.

80. Which of the following items are characteristics of LDAP? (Multiple Choice)

Optimize queries and read data faster

Distributed data storage to support data

Provide a unified access point to the outside world

Organize data in directory format

Page 9 of 29

81. When a network security incident occurs, investigate intrusions, viruses or Trojans, and patch and strengthen the host.

Which stage of network security emergency response does the above action belong to?

Recovery phase

Detection phase

Eradication phase

Inhibition stage

82. In the Client-Initiated VPN configuration, it is generally recommended to plan the address pool and the headquarters network address as different network segments. Otherwise, the proxy forwarding function needs to be enabled on the gateway device.

True

False

83. The key used for IPsec encryption can only be configured manually.

True

False

84. When an information security incident occurs, priority is given to using emergency response to provide technical support to customers.

85. Which of the following descriptions about patches is incorrect?

A patch is a small program made by the original author of the software to address the discovered vulnerabilities.

Not patching will not affect the operation of the system, so whether to patch or not is irrelevant.

Patches are generally updated continuously.

Computer users should promptly download and install the latest patches to protect their systems

86. Which of the following protocols can ensure the confidentiality of data transmission? (Multiple Choice)

Telnet

SSH

FTP

HTTPS

87. () Divide security management into four parts: planning, implementation, inspection, and improvement. It can continuously improve information security protection measures and is the most important part of enterprise security construction.

88. When configuring GRE VPN on the firewall, which of the following parameters need to be configured? (Multiple Choice)

Tunneling protocol

Tunnel interface and IP address

Security policy

Tunnel source and destination IP addresses

89. Compared with asymmetric encryption algorithms, symmetric encryption algorithms have fast encryption speed and high efficiency.

True

False

90. Classify servers according to their appearance. Which of the following types can they be divided into? (Multiple Choice)

Blade server

Tower server

Rack server

x86 server

Page 10 of 29

91. Send an ABP broadcast to the entire network, requesting the MAC address of host C.

as the picture shows. When host A accesses host C, it checks that there is no MAC address entry for the destination address in the ARP entry. Which of the following methods does host A use to find the destination MAC address?

Send an ABP broadcast to the entire network, requesting the MAC address of host

Send an ARP broadcast to the subnet, requesting the gateway's MAC address.

Find the routing table of host

Send an ARP broadcast to the subnet. Request the MAC address of host

92. Which of the following does not include the design principles of questionnaire surveys?

Completeness

Publicity

Concreteness

Consistency

93. Which of the following NAT technologies belongs to the destination NAT technology?

Easy-ip

NAT No-PAT

NAPT

NAT Server

94. UDP is a connection-oriented, reliable transport layer communication protocol.

True

False

95. Which of the following options are part of the PKI architecture? (Multiple Choice)

End entity

Certificate Certification Authority

Certificate Registration Authority

Certificate repository

96. Which of the following descriptions of PKI architecture are correct? (Multiple Choice)

Certificate Certification Authority CA is a trusted entity used to issue and manage digital certificates.

CA usually adopts a multi-level hierarchical structure. According to the level of the certificate issuing authority, it can be divided into root CA and subordinate C

A PKI system consists of three parts: terminal entity, certificate certification authority and certificate registration authority.

PKI entity, which is the end user of PKI products or services, can be an individual, organization, device (such as router, firewall) or a process running in a computer.

97. In inter-domain packet filtering, which of the following applies to the Inboud direction?

Untrust>Trust

Local>Trust

DME>Untrust

Local>DNZ

98. Which of the following descriptions of the role of the HTTP protocol is correct?

HTTP is used to access various pages on the WWW server

HTTP provides a way for file transfer, which allows data to be transferred from one host to another.

HTTP is used to achieve conversion from host domain name to IP address

HTTP resolves known IP addresses into MAC addresses

99. In the L2TP configuration, which of the following statements are correct regarding the Tunnel Name command? (Multiple Choice)

Used to specify the local tunnel name

Used to specify the tunnel name of the peer

The Tunnel Nname at both ends must be consistent.

If Tunnel Name is not configured, the tunnel name is the local system name.

100. In response to enterprise network security threats, which of the following aspects can be strengthened? (Multiple Choice)

Terminal Security

Export Security

Transmission Security

Physical device security

Page 11 of 29

101. Which of the following are the basic functions of anti-virus software? (Multiple Choice)

Prevent viruses

Find viruses

Remove viruses

Replicating viruses

102. Which of the following are standard port numbers for the FTP protocol? (Multiple Choice)

103. By default, the aging time of long connections is 24 hours.

True

False

104. Which of the following descriptions of HWTACACS are correct? (Multiple Choice)

Compared with RADIUS, HTACACS has more reliable transmission and encryption features. More suitable for security control.

The implementation of HWTACACS is the same as that of standard TACACS, and HWTACACS and standard TACACS servers can communicate with each other.

HWTACACS is a security protocol with enhanced functions based on the TACACS protocol.

HWTACACS uses the browser/server mode to implement communication between HWTACACS and TACACS+ server.

105. What is the agreement number of the AH agreement?

106. In Huawei SDSec solution, which layer of equipment does the firewall belong to?

Analysis layer

Control layer

Execution layer

Monitoring layer

107. An employee of a company received an email about the company’s salary adjustment and saved the email attachment. A few days later, the company administrator discovered that most of the company’s employees’ computers were infected with viruses and could not operate properly.

Which of the following attack methods might the hacker use in this case? (Multiple Choice)

Worm virus

Phishing emails

Denial of Service Attack

Social engineering

108. TCP needs to complete the three-way handshake process when establishing a connection, and needs to wave four times when ending the session.

True

False

109. An employee of a company accesses the company's internal Web server through a firewall and can open the website's web page using a browser. However, the Ping command is used to test the reachability of the Web server and it shows that it is unreachable. What are the possible reasons?

The security policy deployed on the firewall allows the TCP protocol, but does not allow the ICMP protocol.

The web server is down

The security policy deployed on the firewall allows the HTTP protocol, but does not allow the ICMP protocol.

The interface connecting the firewall to the server is not added to the security zone.

110. Which of the following modules does a virus program generally consist of? (Multiple Choice)

Infection process

Trigger program

Infection markers

Destroy the program

Page 12 of 29

111. Which of the following information is not included in the DHCP binding table?

Port number

VLAN ID

MAC address

IP address

112. Please sequence the following digital envelope encryption and decryption processes correctly.

A uses B's public key to encrypt the symmetric key and generate a digital envelope.

After receiving A's encrypted information, B uses his own private key to open the digital envelope and obtains the symmetric key

A uses the symmetric key to encrypt the plain text and generate cipher text information.

B uses the symmetric key to decrypt the ciphertext information and obtains the original plaintext

A sends the digital envelope and ciphertext information to

113. TCP session hijacking is an attack method in which attackers snoop on user messages and forge TCP messages with legal sequence numbers.

True

False

114. Regarding business continuity planning, which of the following statements is correct? (Multiple Choice)

Business continuity planning does not require senior company involvement during the project scope determination phase.

Thinking that it is impossible to predict all possible accidents, so BCP needs to be flexible

The business continuity plan does not require the involvement of senior management of the company before it is formally documented.

Not all safety incidents must be reported to company executives

115. Vulnerabilities that have not yet been discovered are zero-day vulnerabilities.

True

False

116. SSL VPN routing mode determines the route of messages sent by customers. In () mode, no matter what resource is accessed, the data will be intercepted by the virtual network card and forwarded to the virtual gateway for processing.

117. Which of the following protocols cannot be encrypted by SSL VPN?

HTTP

UDP

PPP

118. Regarding the description of firewall hot backup, which of the following options are correct? (Multiple Choice)

When multiple areas on the firewall need to provide dual-machine backup functions, multiple VRRP backup groups need to be configured on the firewall.

The status of all VRRP backup groups in the same VGMP management group on the same firewall is required to be consistent.

Firewall dual-machine hot backup requires synchronized backup of session table, MAC table, routing table and other information between the master device and the slave device.

VGMP is used to ensure the consistency of all VRRP backup group switching

119. HTTPS adds a TLS layer to HTTP to provide authentication, encryption and integrity verification for data transmission.

True

False

120. D. Certificates saved in ER format may or may not contain the private key.

True

False

Page 13 of 29

121. Regarding the description of the grading of the medium-level protection system in MSW 2.0, which of the following options are correct? (Multiple Choice)

Level 1: The destruction of the information system will cause serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, but will not damage national security, social order and public interests.

Level 5: The damage to the information system will cause particularly serious damage to national security.

Level 4: The destruction of the information system will cause particularly serious damage to social order and public interests, or cause serious damage to national security.

Level 3: The damage to the information system will cause serious damage to the legitimate rights and interests of citizens, legal persons and other organizations, or damage to social order and public interests, as well as damage to national security.

122. Regarding Client-Initiated VPN, which of the following statements are correct? (Multiple Choice)

A tunnel is established between each access user and LN

Each tunnel carries only one L2TP session and PPP connection

Each tunnel carries multiple L2TP sessions and PPP connections.

Each tunnel carries multiple L2TP sessions and one PPP connection.

123. Which of the following attacks is not a malformed packet attack?

Teardrop attack

Smurf attack

TCP fragmentation attack

ICMP unreachable message attack

124. The attacker sends a SYN message with the same source address and destination address, or the source address is a loopback address, to the target host (the source port and destination port are the same), causing the attacker to send a SYN-ACK message to its own address.

What kind of attack does this behavior belong to?

SYN flood attack

TCP spoofing attack

Smurf attack

Land attack

125. Which of the following options are application risks? (Multiple Choice)

Internet virus

Email Security

Database system configuration security

WEB service security

126. Which of the following descriptions of common hashing algorithms is incorrect?

Hashing algorithms can transform inputs of any length into fixed-length outputs.

SHA-1 has faster calculation speed and higher security than the MD5 algorithm.

The SM3 algorithm is a domestic encryption algorithm. It is used for digital signature and verification, message authentication code generation and verification, and random number generation in cryptographic applications. It can meet the security needs of a variety of cryptographic applications.

SHA-2 is an enhanced version of SHA-1, and its security performance is much higher than SHA-1

127. In a PKI system, the CA certificate cannot be a self-signed certificate.

True

False

128. A firewall is actually an isolation technology that separates internal networks from public access networks.

True

False

129. Which of the following descriptions about single sign-on is correct?

Visitors send the username and password identifying their identity to the firewall through the Portal authentication page. The password is not stored on the firewall. The firewall sends the username and password to a third-party authentication server, and the verification process is performed on the authentication server.

The visitor obtains the SMS verification code through the Portal authentication page, and then enters the SMS verification code to pass the authentication.

The visitor sends the username and password identifying his or her identity to the third-party authentication server. After passing the authentication, the third-party authentication server sends the visitor's identity information to the firewall. The firewall only records the visitor's identity information and does not participate in the authentication process.

The visitor sends the username and password identifying his or her identity to the firewall through the Portal authentication page. The password is stored on the firewall, and the verification process is performed on the firewall.

130. When the FW is deployed at the network egress, if a failure occurs, Internet access services will be affected. In order to improve the reliability of the network, two FWs need to be deployed and formed ()

Page 14 of 29

131. Which of the following attacks are single packet attacks? (Multiple Choice)

IP spoofing attack

Smurf attack

IP address scanning attack

ICMP redirect attack

132. Normally, the port used by the FTP active mode server for data transmission is the TCP () port.

133. What are the advantages of NAT? (Multiple Choice)

The address transfer process is transparent to users

Save IP addresses

More convenient for monitoring and reprocessing

Provide special privacy protection for intranet users

134. Which of the following protocols are file transfer protocols? (Multiple Choice)

NFS

FTP

POP3

HTTP

135. Which of the following algorithms are asymmetric encryption algorithms? (Multiple Choice)

AES

IDEA

RSA

136. SMTP is a Simple Mail Transfer Protocol that provides Internet email services.

What is the SMTP port number?

137. Intrusion prevention detects and analyzes all passing packets through a complete detection mechanism, and decides to allow or block them in real time.

Please sort the following processes according to the basic implementation mechanism of intrusion prevention.

138. Please correctly categorize the following common security threats and corresponding defense methods.

139. Which of the following does not belong to the common application scenarios of digital certificates?

FTP

HTTPS

IPSEC VPN

SSL VPN

140. In IPsec, the security association SA consists of a triplet.

Which of the following is not an attribute of a triplet?

Destination IP address

Port number

Security protocol number

Security Parameter Index SPI

Page 15 of 29

141. Mutual access between users in the same firewall area does not require permission from the security policy.

True

False

142. As shown in the figure, some packets were captured on a terminal device using packet capture software. Regarding the packet information, which of the following statements is correct?

The terminal initiated a TCP connection termination request to 192.168.1.1.

The terminal uses Telnet to log in to other devices.

The terminal initiated a TCP connection establishment request to 192.168.1.1.

The terminal uses Http to log in to other devices.

143. The two firewalls in dual-machine hot backup learn the health status of the other end through (), and back up configurations and table entries (such as session tables, etc.) to the opposite end.

144. When the intrusion detection system finds traces of an attack on the system. It will wait for the buffering time before activating relevant security mechanisms to respond.

True

False

145. What security threats may the server encounter during use? (Multiple Choice)

System vulnerabilities

Malicious programs

SQL function injection attack

DDoS attack

146. In the VGMP group status, if the device's own VGMP group priority is equal to the VGMP group priority of the peer device, the device's VGMP group status is ().

147. Most of the data sent by the device contains IP five-tuples, such as ARP protocol request messages and HTTP protocol messages.

True

False

148. Which of the following are algorithms used in digital signature technology? (Multiple Choice)

Asymmetric encryption algorithm

Symmetric encryption algorithm

Hashing algorithm

Hybrid encryption algorithm

149. Regarding the characteristics of DNS, which of the following descriptions is incorrect?

The function of DNS is to convert difficult-to-remember IP addresses into easy-to-remember character forms.

DNS uses TCP protocol, and the port number is 53.

DNS domain name hijacking resolves the target domain name to the wrong IP address by forging a domain name resolution server and other means, causing users to access the wrong website.

DNS is managed hierarchically. The highest level is the root domain, followed by the top-level domain name. CN is the top-level domain name, representing China.

150. Which of the following descriptions about the VGMP group is correct?

The priority of VRRP in the VGMP group will change as VGMP changes.

VGMP is a protocol used to control the status of VRRP groups

The default priority of USG6000 is 65000

The default priority of USG9000 is 45000

Page 16 of 29

151. Which of the following security zones can be deleted and the priority reconfigured?

DMZ

ISP

Untrust

Trust

152. When configuring user single sign-on, if you use the mode of querying the AD server security log, please sort the following authentication processes.

The AD monitor forwards the user login message to the FW, and the user goes online on the F

The AD monitor connects to the AD server through the WMI interface provided by the AD server to query the security log and obtain user login information.

The visitor logs in to the AD domain, and the AD server records the user's online information in the security log.

The AD monitor starts from the time when the AD single sign-on service starts, and regularly queries the security logs generated on the AD server.

153. In the construction of information security system, a security model is needed to accurately describe the relationship between important aspects of security and system behavior.

True

False

154. Which of the following are external security threats faced by enterprises? (Multiple Choice)

Trojan horse

Employee information security violations

DDoS attack

worm

155. Which of the following service types can verify identity through AAA authentication? (Multiple Choice)

SSH

Telnet

Web

FTP

156. When administrators use the command line to configure the remote login firewall, they need to create multiple users and assign different device permissions to different users. Therefore, the administrator needs to create a user in ().

157. IPsec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.

True

False

158. The default authentication domain of USG6000 series firewall is () domain.

159. Which of the following does not belong to the stage of the negotiation process between the Telnet server and the client?

Version negotiation

Key exchange

User authentication

Port number negotiation

160. Which of the following descriptions of applying for a local certificate in the PKI system are correct? (Multiple Choice)

The local certificate is digitally signed and issued by the CA

PKI entity information is the identity information of the PKI entity. The CA uniquely identifies the certificate applicant based on the identity information provided by the PKI entity.

The PKI entity does not necessarily need to send the certificate registration request message containing the PKI entity information to the C

When the certificate expires, the PKI certificate needs to be updated. At this time, you can reapply for the certificate.

Page 17 of 29

161. After an engineer completed the source NAT configuration, the internal network still could not access the external network. The engineer wanted to query the detailed information of address translation by using the command to query the session table, so the engineer directly used the () command in the user view to query the address translation information.

162. Which layer in the OSI model does the Layer 2 switch work at?

Network layer

Physical layer

Data link layer

Session layer

163. When the firewall enables ASPF and generates the Server-map table, if a data connection matches the Server-map entry, it can be forwarded normally by the firewall, and a session is created after matching the Server-map table to ensure that subsequent packets can Forward according to the conversation table.

True

False

164. Regarding the relationship and function of VRRP/VGMP/HRP, which of the following statements are correct? (Multiple Choice)

VRRP is responsible for sending free ARP to guide traffic to the new primary device during a master/slave switchover.

VGMP is responsible for monitoring equipment failures and controlling rapid equipment switching.

HRP is responsible for data backup during dual-machine hot standby operation.

The VGMP group in the Active state may contain a VRRP group in the Standby state.

165. Which of the following are the main implementation methods of gateway anti-virus? (Multiple Choice)

Proxy scanning method

Stream scanning method

Package scanning and killing method

File scanning and killing methods

166. As shown in the figure, there are two Server Map entries generated after configuring NAT Server. Regarding the information presented in the figure, which of the following descriptions is incorrect?

*Type: Nat Server. ANY→1.1.1.1[192.168.1.1] Type: Nat Server Reverse. 192.168.1.1[1.1.1.1] →ANY

The second Server Map function is that when 192.168.1.1 accesses any address, the source address will be converted to 1.1.1.1 after passing through the firewall.

The function of the first Server Map is that when any address accesses 192.168.1.1, the destination IP will be converted to 1.1.1.1 after passing through the firewall.

The Server Map with the Reverse logo can be deleted using the command.

These two Server Map entries are static, that is, after the NAT Server is configured, the two Server Maps will be automatically generated and will exist permanently.

167. SSL does not support which of the following encryption algorithms?

RC4

DES

3DES

AES

168. Regarding the description of GRE VPN tunnel configuration, which of the following options are correct? (Multiple Choice)

The tunnel interface numbers of the devices at both ends must be consistent.

The tunnel address must be reachable at the network layer

The tunnel interface must be configured with an IP address

The tunnel interface must be added to the security zone

169. Regarding the characteristics of the SMTP and POP3 protocols, which of the following descriptions are correct? (Multiple Choice)

SMTP and POP3 protocols lack strict user authentication, thus leading to spam problems.

SMTP stipulates that the terminal sends and delivers emails to the server, and POP3 stipulates that the terminal accepts and downloads emails from the server.

SMTP and POP3 protocols transmit data in plain text, so there is a possibility of data leakage.

POP3 stipulates that the terminal sends and delivers mail to the server, and SMTP stipulates that the terminal accepts and downloads mail from the server.

170. The administrator PC is directly connected to the USG firewall management port and uses the web method to perform initialization operations. Which of the following statements are correct? (Multiple Choice)

Access http; //192.168.0.1 through the browser of the management PC

Manually set the IP address of the management PC to 192.168.0.2-192.168.0.254

Access http://192.168.1.1 on the management PC’s browser

Set the network card of the management PC to automatically obtain an IP address

Page 18 of 29

171. Which of the following descriptions of IPsec definitions of interesting flows are correct? (Multiple Choice)

The ACL method defines the IPsec flow of interest. The permit keyword in the ACL rule indicates that the matching traffic requires IPsec protection, while the deny keyword indicates that the matching traffic does not need IPsec protection.

IPsec interesting flows can be defined through ACL and routing methods

Routing mode defines IPsec interesting flows, which increases the complexity of IPsec configuration.

The advantage of the ACL method of defining interesting flows is that packets can be filtered based on IP address, port information, protocol type and other information.

172. What is the corresponding early warning level for major network security incidents that occur?

Red Alert

Orange Alert

Yellow Alert

Blue Alert

173. Regarding Huawei routers and switches, which of the following statements are correct? (Multiple Choice)

Routers can implement some security functions, and some routers can implement more security functions by adding security boards.

The main function of a router is to forward data. When an enterprise has security requirements, sometimes a firewall may be a more appropriate choice.

The switch has some security functions, and some switches can implement more security functions by adding security boards.

The switch does not have security features.

174. Man-in-the-middle attacks are data security threats.

True

False

175. Which of the following is not an advantage of NAT?

Tracing packets will be more difficult and troubleshooting more challenging

Save public IP addresses

Increased flexibility to effectively prevent external network attacks

Hide internal IP addresses to improve security

176. () refers to the computer system’s defects and deficiencies in specific matters of hardware, software, protocols, or system security policies.

177. In which of the following stages does the L2TP protocol allocate IP addresses?

Link establishment phase

LCP Negotiation Phase

CHAP stage

NCP negotiation stage

178. User authentication is the verification of client identity by the SSL virtual gateway, including: (), server authentication, certificate anonymous authentication and certificate challenge authentication.

179. When configuring dual-machine hot backup, the company network administrator configured the status of VRRP backup group 1 as Active and configured the virtual IP address as 10.1.1.1/24.

system-view

[sysname]

interface GigabitEthernet 0/0/1

[sysname-GigabitEthernet0/0/1]

()

Then the command that needs to be typed in the blank space is ()

180. Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, destination port, etc. There is an "AND" relationship between these fields, that is, only the information in the message and all fields If they all match, then this strategy is considered successful.

True

False

Page 19 of 29

181. Which of the following options can be operated in the advanced settings of Windows Firewall? (Multiple Choice)

Restore default values

Change notification rules

Set connection security rules

Set up inbound and outbound rules

182. When A and B communicate with each other for data communication, if an asymmetric encryption algorithm is used for encryption, when A sends data to B, which of the following keys will be used to encrypt the data?

A’s public key

A’s private key

B’s public key

B’s private key

183. Digital signatures generate digital fingerprints by using a hash algorithm to ensure the integrity of data transmission.

True

False

184. Intrusion prevention signatures are used to describe the characteristics of attack behavior in the network. Firewalls detect and prevent attacks by comparing data flows with intrusion prevention signatures.

True

False

185. What are the default roles of Huawei firewall administrators? (Multiple Choice)

Audit Administrator

Configuration Administrator

Monitoring Administrator

System administrator

186. When we use digital signature technology, the receiver needs to use the sender’s () to decode the digital signature and obtain the digital fingerprint.

187. Manual audit is a supplement to tool evaluation. It does not require the installation of any software on the target system being evaluated and has no impact on the operation and status of the target system.

Manual audit does not include which of the following options?

Manual detection of the host operating system

Manual inspection of the database

Manual inspection of network equipment

Manual inspection of the administrator’s equipment operation process

188. A Web server is deployed in an enterprise's intranet to provide web access services to internal and external network users. In order to protect the access security of the server and the intranet, it is usually divided into the () zone of the firewall.

189. Compared with packet filtering firewalls, proxy firewalls can control the session process and are more secure.

True

False

190. Which of the following is an "information destruction incident" in the classification of network security incidents?

Software and hardware failure

Information counterfeiting

Network scanning plagiarism

Listen to Trojan attacks

Page 20 of 29

191. A PKI system consists of four parts (), certification authority, certificate registration authority and certificate/CRL repository).

192. Which of the following descriptions of the main implementation methods of single sign-on is incorrect?

Accept PC message mode

Query the AD server security log mode

Query syslog server mode

Firewall monitors AD authentication messages

193. Which of the following types of firewalls has the highest processing efficiency when processing non-first packet data flows?

Proxy firewall

Packet filtering firewall

Stateful Monitoring Firewall

Software firewall

194. The administrator wants to know the current session table. Which of the following commands is correct?

clear firewall session table

reset firewall session table

display firewall session table

display session table

195. Regarding the description of IP spoofing, which of the following is incorrect?

IP spoofing attacks are launched by taking advantage of the normal trust relationship between hosts based on IP addresses.

After a successful IP spoofing attack, the attacker can use any forged IP address to imitate a legitimate host to access key information.

The attacker needs to disguise the source IP address as a trusted host and send a data segment with SYN annotation to request a connection.

Hosts with trust relationships based on IP addresses can log in directly without entering password verification.

196. Under normal circumstances, the email protocols we often talk about include (), POP3, and SMTP.

197. Which of the following NAT technologies can realize one public network address to provide source address translation for multiple private network addresses? (Multiple Choice)

NAPT

NAT Server

Easy-ip CT fine path

NAT No-PAT

198. Which of the following is not part of the digital certificate?

Public key

Private key

Validity period

Issuer

199. Which of the following login methods can be used by users to configure the firewall for the first time? (Multiple Choice)

Web login

Ssh login

Console login

200. When two firewalls are running normally and a dual-machine hot standby relationship has been established, every time a backup-supporting command is executed on one FW, this configuration command will be immediately backed up to the other FW, but not all configuration commands support backup. If the configuration command supports backup, when the command is executed on the FW, there will be a + () identifier after the command.

Page 21 of 29

201. The degree of harm to national security, social order, public interests, and the legitimate rights and interests of citizens, legal persons, and other organizations after the information system is destroyed shall be determined by factors such as the degree of harm. The security level of information systems is divided into () levels.

202. The simplest certificate contains a public key, name and certificate authority ()

203. Which of the following descriptions about heartbeat interface configuration is correct?

The heartbeat interfaces of two firewalls do not need to join the same security zone.

The MGMT interface cannot be used as a heartbeat interface.

The MTU of the interface can be less than 1500 bytes

The types of heartbeat interfaces on the two FWs can be different.

204. During the electronic evidence collection process, any changes to system settings, damage to hardware, data destruction, or virus infection must be avoided.

True

False

205. In an actual network environment, the session information of some special service data flows needs to not be aged for a long time. By configuring the long connection function, you can ensure the normal operation of this type of business. You can enable the long connection function by executing the command () enable.

206. Which of the following descriptions about firewall hot backup is incorrect?

In a dual-machine hot standby network, the heartbeat line is the channel through which two FWs exchange messages to understand the status of the other end and backup configuration commands and various table entries.

If the hardware and software of the two FWs are different, dual-machine hot backup can be configured.

When one FW fails, the business traffic can be smoothly switched to another device for processing so that the business is not interrupted.

The heartbeat interface can be connected directly or through a switch or router.

207. VPN is a virtual private network, which is used to build a private virtual network on a public network and transmit private network traffic in this virtual network.

True

False

208. Which of the following items does AAA certification include? (Multiple Choice)

Audit

Authentication

Accounting

Authorization

209. In the process of using digital envelopes, which of the following information will be encrypted? (Multiple Choice)

Symmetric key

User Data

Receiver’s public key

Receiver’s private key

210. Which of the following descriptions of security policies are correct? (Multiple Choice)

If you want intrazone traffic to be controlled by the default security policy, the administrator needs to execute the default packet-filterintrazone enable command.

Traffic between different security zones is controlled by the default security policy

Traffic sent from the firewall and traffic received by the firewall are not controlled by the default security policy

Traffic within the same security zone is not controlled by the default security policy by default, and the default forwarding action is allow.

Page 22 of 29

211. Please match the following malicious code types with their corresponding descriptions.

212. When IKEv1 negotiation phase 1 adopts aggressive mode, only three pieces of information are used. Which of the following is the function of message ③ ?

Responder authentication initiator

Exchange Diffie-He11man public values, necessary auxiliary information, and identity information

Negotiate IKE security proposals

The responder sends identity information for the initiator to authenticate

213. Because NAT technology can realize one-to-many address translation, with NAT technology, you no longer have to worry about insufficient IPv4 addresses.

True

False

214. Which of the following descriptions of ESP characteristics is incorrect?

ESP adds an ESP header after the standard IP header of each data packet.

ESP supports data source verification

When using transmission mode, the integrity verification scope of the ESP protocol is the entire IP message.

ESP supports NAT traversal

215. Regarding the description of the four-way handshake when disconnecting a TCP connection, which of the following is incorrect?

The active closing party sends the first FIN to perform active closing, and the other party receives this FIN and is closed.

When the passive shutdown receives the first FIN, it will send back an ACK and randomly generate an acknowledgment sequence number.

The passive closing party needs to send an end-of-file character to the application, and the application closes its connection and causes a FIN to be sent.

After the passive closing party sends FIN, the active closing party must send back a confirmation and set the confirmation sequence number to the received sequence number plus 1

216. Regarding the characteristics of the TCP/IP protocol stack, which of the following descriptions is incorrect?

When the device receives data, it will remove the protocol header according to the TCP/IP model and analyze the payload information. This action is called decapsulation.

The communication process of the network is carried out at the peer-to-peer level of the protocol stack, such as network layer and network layer communication, data link layer and data link layer communication.

When the device encapsulates data, the TCP/IP protocol sets a verification mechanism for the data at each layer.

When the device sends data, it will add specific protocol header information to the data according to the ICP/IP model. This action is called encapsulation.

217. Through business logs, what activities of users can the administrator view? (Multiple Choice)

User’s IP address

Password change

Online duration

218. Please sort the overall process for remote users to access corporate intranet resources through SSL VPN.

219. Which of the following items belong to information security standards organizations? (Multiple Choice)

ISMS

CCSA

CITS

IS0

220. In the process of establishing IPsec VPN between peers FWA and FW B, they need to go through two stages to establish two types of security associations. In the first stage, establish () and verify the identity of the peers.

Page 23 of 29

221. Data monitoring can be divided into two types: active analysis and passive acquisition.

True

False

222. Which of the following SSL VPN functions can and can only access all TCP resources?

Network expansion

File sharing

WEB proxy

Port forwarding

223. After the automatic backup function is enabled, both commands and status information will be periodically backed up to the backup device.

True

False

224. Which of the following technologies can hide the internal network of a private network while preventing external attacks on internal servers?

IP spoofing

NAT _

VRRP

Address filtering

225. Please associate the following IPsec functions with their corresponding explanations

226. Regarding the difference between pre-accident prevention strategies and post-accident recovery strategies, which of the following statements are correct? (Multiple Choice)

Recovery strategies are part of the business continuity plan.

Prevention strategies focus on minimizing the likelihood of an accident before it occurs. Recovery strategies focus on minimizing the impact and damage to the business after an incident occurs.

The role of pre-disaster prevention strategies does not include minimizing economic, reputational and other losses caused by accidents.

Recovery strategies are used to improve business high availability.

227. The session information of some special business data flows needs to not be aged for a long time. The firewall can ensure the normal operation of such services through the configuration () function.

228. Please sort the different protocol layers of OSI in the correct order.

229. When using NAT No-PAT, in order to prevent routing loops, blackhole routing needs to be configured for the address pool. In the address pool view, what command can be used to directly generate blackhole routing for the address pool?

Route enable () mode: two devices, one master and one backup. Under normal circumstances, service traffic is handled by the active device. When the active device fails, the backup device takes over the active device to process business traffic to ensure uninterrupted services.

230. UDP port scanning means that the attacker sends a zero-byte length UDP message to a specific port of the target host. If the port is open, an ICMP port reachable data message will be returned.

True

False

Page 24 of 29

231. WAF can precisely control and manage users' online behavior and user traffic.

True

False

232. The sub-interface function can be enabled on the firewall interface G0/0/1 and can be divided into different VLANs, but the sub-interface cannot be added to the security zone.

True

False

233. There are two ways for a PKI entity to apply for a local certificate from the CA: ()

234. Huawei's Agile Controller product is a () device in the HiSec solution.

235. Regarding the difference between HITP and HTTPS, which of the following descriptions are incorrect? (Multiple Choice)

The HTTP protocol is stateful, and each request is associated.

HITPS requires an SSL certificate, but HIIP does not.

The HITPS standard port is 80, and the HTTP standard port is 445.

HITP is plain text transmission, and HITPS is encrypted transmission.

236. Which of the following does not belong to the Linux operating system?

CentOS

RedHat

Ubuntu

MAC OS

237. Which of the following contents does the IPsec VPN protocol framework include? (Multiple Choice)

Key exchange

Security Protocol

Encapsulation mode

Security Alliance

238. Due to changes in user identity, user public key, or user business suspension, users need to revoke their digital certificates, that is, cancel the binding relationship between the public key and user identity information. In PKI, CA mainly uses CCSP protocol and () protocol to revoke certificates.

239. After a network intrusion event occurs, obtain the identity of the intruder, attack source and other information according to the plan, and block the intrusion behavior. Which links in the PDRR network security model do the above actions belong to? (Multiple Choice)

Protection link

Detection link

Response link

Recovery phase

240. The account permissions of a company employee have expired, but the account can still be used to access the company server.

What are the security risks of the above scenario? (Multiple Choice)

Managing security risks

Access security risks

System security risks

Physical Security Risks

Page 25 of 29

241. Please sequence the following steps according to the hierarchical protection process.

Rating

Evaluation

Rectification

Supervision

Filing

242. As shown in the figure, in tunnel mode, the New IP Header should be in which of the following positions?

243. MD5 is a hash function widely used in the field of computer security to provide message () protection.

244. Which of the following verification algorithms does IPsec use to compare ICVs to verify packet integrity and authenticity?

AES

DES

HMAC

MD5

245. Predefined signatures are signatures included in the intrusion prevention signature database. The contents of predefined signatures (except actions) are not fixed and can be created, modified or deleted.

True

False

246. The data flow between security domains is directional, including inbound and outbound.

True

False

247. When the company network administrator configures dual-machine hot backup, configure the status of VRRP backup group 1 as Active, and configure the virtual IP address as 10.1.1.1/24, then the command that needs to be typed in the blank space is?

rule name c Source-zone untrust Destination-zone trust Destination-address 202.106.1.132 Action permit

rule name d Source-zone untrust Destination-zone trust Destination-address 10.10.1.132 Action permit

security-policy Rule name a Source-zone untrust Source-address 202.106.1.132 Action permit

rule name b Source-zone untrust Destination-zone trust Source-address 10.10.1.1 32 Action permit

248. The process of electronic evidence collection includes: protecting the scene, obtaining evidence, preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence.

True

False

249. We should choose the encryption algorithm according to our own usage characteristics. When we need to encrypt a large amount of data, it is recommended to use the () encryption algorithm to improve the encryption and decryption speed.

250. SSL VPN is a VPN technology that realizes remote secure access. Encryption only takes effect on the application layer, and users do not need to use a VPN client, so it has wide applicability.

True

False

Page 26 of 29

251. Which of the following authentication methods does AAA support? (Multiple Choice)

Authentication through HWTACACS protocol

Authentication via RADIUS protocol

Not certified

Local certification

252. Using the proxy () method, the virtual gateway will encrypt the real URL that the user wants to access, and can adapt to different terminal types.

253. Which of the following descriptions of the IKE security mechanism in IPsec are correct? (Multiple Choice)

The IKE protocol is divided into two versions: IKEv1 and IKEv2.

IKE has a self-protection mechanism that can securely authenticate identities, distribute keys and establish IPsec SA on the network.

The authentication algorithms supported by IKE include MD5, SHA1 and SM3.

The identity data is encrypted and transmitted after the key is generated, thus protecting the identity data.

254. Which of the following mechanisms are used to implement MAC flooding attacks? (Multiple Choice)

MAC learning mechanism of switch

Switch forwarding mechanism

ARP learning mechanism

Limit on the number of MAC table entries

255. Which of the following are the characteristics of intrusion prevention? (Multiple Choice)

Deep protection

Comprehensive protection

Block attacks in real time

Precise protection

256. The data link layer is located between the network layer and the physical layer and can provide services to IP, IPv6 and other protocols of the network layer. PDUs at the data link layer are called packets.

True

False

257. In VRRP, if the virtual group device receives an ARP request message sent by the terminal device.

Which of the following processing methods is correct?

Responded by the Master device.

Master will respond when looking at Backup.

Responded by the Backup device.

Neither Master nor Backup will respond. Because the destination IP address of the AP request message received is the virtual IP address.

258. Evidence preservation is directly related to the legal effect of evidence. Which of the following is not an evidence preservation technology?

Digital certificate technology

Encryption Technology

Data mining technology

Digital signature technology

259. Which of the following items belong to information security standards and specifications? (Multiple Choice)

ITSEC

CCSA

ISO 27001

TCSEC

260. Which of the following is the number range of Layer 2 ACL?

3000~3999

2000~2999

1000~1999

4000~4999

Page 27 of 29

261. Which of the following options are malicious programs? (Multiple Choice)

Trojan horse

Vulnerabilities

Worms

Virus

262. Which of the following statements about L2TP VPN is incorrect?

Suitable for employees on business trips to dial up to access the intranet

Data will not be encrypted

Can be used in conjunction with IPsec VPN

Belongs to three-layer VPN technology

263. The most common level 3 standard for classification protection includes three aspects: physical security, data security and network security.

True

False

264. Which of the following descriptions of firewall hot standby center heartbeat exchange messages is incorrect?

Heartbeat link detection messages are used to synchronize configuration commands and status of two firewalls.

Configuration consistency check messages are used to detect whether the key configurations of two firewalls are consistent.

The two firewalls periodically send heartbeat messages to each other to detect whether the peer device is alive.

VGMP messages are used to determine the status of the peer device to determine whether switching is required.

265. If there are multiple levels of CAs in the PKI system, a CA hierarchy will be formed. The top-level CA is the root CA, which has a CA "self-signed" certificate.

True

False

266. Which of the following are the response actions of firewall and anti-virus? (Multiple Choice)

Attachment deletion

Declare

Alarm

block

267. Common information security standards and specifications mainly include the National Level Protection System (GB), (), the American standard TCSEC and the European Union standard ITSEC.

268. By default, in the description of setting the administrator password for the firewall device, which items are correct? (Multiple Choice)

The password is in the form of a string, and the length range is 8 to 64

The password cannot contain more than two consecutive identical characters.

Password needs to contain special characters

Require the administrator to change the password after logging in for the first time

269. For the drag-and-drop question, please match the following information security risks with information security incidents one by one.

270. Which of the following descriptions of the automatic backup mode in firewall hot backup is incorrect?

Every time a configuration command that can be backed up is executed on one firewall, the configuration command will be immediately synchronized and backed up to another firewall.

Automatic backup needs to be enabled manually by the administrator.

Automatic backup can automatically back up configuration commands and periodic backup status information in real time, and is suitable for various dual-machine hot standby networks.

The active device will periodically back up the status information that can be backed up to the standby device.

Page 28 of 29

271. Which of the following descriptions about firewall logs is incorrect?

Administrators can learn the security policies that traffic hits through the policy matching log, which can be used to locate faults when problems occur.

Administrators can learn user behavior, search keywords, and the effectiveness of audit policy configurations through user activity logs.

Among the log levels, Emergency is the most serious level.

According to the severity or urgency of the information, logs can be divided into 8 levels. The more serious the information, the greater the log level value.

272. In the Linux system, if the user wants to enter the tmp folder in the root directory, the command that needs to be entered is () /tmp

273. Which of the following behaviors is relatively safer when connecting to Wi-Fi in public places?

Connect to an unencrypted Wi-Fi hotspot

Connect to a paid Wi-Fi hotspot provided by the operator and only browse the web

Connect to unencrypted free Wi-Fi for online shopping

Connect to encrypted free Wi-Fi for online transfer operations

274. Which of the following is not an encryption algorithm in VPN?

3DES

DES

AES

RIP

275. IPv6 supports configuring the router authorization function on the device, verifying the identity of the peer through digital certificates, and selecting legal devices.

True

False

276. Which of the following is not a block cipher algorithm among symmetric encryption algorithms?

RC5

RC4

RC6

RC2

277. Please sort the following project implementation steps starting from project launch.

Risk assessment

System design and release

Project Initiation and Gap Analysis

Certification and Continuous Improvement

System operation and monitoring

278. If the firewall performs packet-by-packet inspection on all packets, it will cause a large consumption of device resources and a sharp decline in performance. Therefore, the firewall mainly detects the first packet.

True

False

279. Which of the following descriptions about the transmission of information through the heartbeat in the dual-machine hot standby center is incorrect?

The two firewalls periodically send heartbeat messages to each other to detect whether the peer device is alive.

Heartbeat link detection messages are used to synchronize configuration commands and status of the two firewalls.

Configuration consistency check messages are used to check whether the key configurations of two firewalls are consistent.

VGMP messages are used to determine the status of the peer device to determine whether switching is required.

280. Which of the following options are correct regarding the description of a buffer overflow attack? (Multiple Choice)

Buffer overflow attacks take advantage of flaws in the software system's memory operations to run attack code with high operating privileges.

Buffer overflow attacks have nothing to do with operating system vulnerabilities and architecture.

Buffer overflow attacks are one of the common methods of attacking software systems.

Buffer overflow attacks are application layer attacks.

Page 29 of 29

281. () is a flaw in the specific implementation of hardware, software, protocols, or system security policy, which allows an attacker to access or destroy the system without authorization.

282. Regarding the ordering of PKI work processes, which of the following is correct?

1-2-6-5-7-4-3-8

1-2-7-6-5-4-3-8

6-5-4-1-2-7-3-8

6-5-4-3-1-2-7-8

TAGS:

H12-711_V4.0-ENU, H12-711_V4.0-ENU exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

Huawei Free Dumps

Get H12-711_V4.0-ENU Dumps Full Version

Q&As: 943
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Improve Your Knowledge with H12-711_V4.0-ENU Exam Dumps

Related

Posts

Valid H12-831_V1.0-ENU Exam Dumps are Your best Choice to Pass

Get Certified Easily with Online H19-401_V1.0 Dumps

Test Online H11-851_V3.0-ENU Dumps Questions to Be Certified

Valid H19-338_V3.0 Exam Dumps are Your best Choice to Pass

About Us

EMAIL

Services

Opening Hours