HCIA-Security 3.
0 Course
1. After the firewall uses the hrp standby config enable command to enable :he
standby device configuration function all the information that can be backed up
can be directly configured on the standby device, and the configuration on the
standby device can be synchronized to the active device.
True
2. What are the advantages of address translation techniques included? (Multiple
choice)
A.
Address conversion that can handle the IP header of encryption
B.
Address conversion can block internal network users, improve the safety
of internal network
C.
Many host address conversion can make the internal LAN to share an IP
address on the Internet
D.
Address conversion can make internal network users (private IP
address) easy access to the Internet
3. In the USG series firewall, you can use the______function to
provide well-known application services for non-known ports.
a.
Port mapping
b.
Long connection
c.
Packet filtering
d.
MAC and IP address binding
� 4. For the process of forwarding the first packet of the session
between firewall domains, there are the following steps: 1) find the
routing table 2)find inter-domain packet filtering rules 3)find the
session table 4)find the blacklist. Which of the following is the
correct order?
a.
3…2…1…4
b.
4…3…1…2
c.
1…3…2…4
d.
3…4…1…2
5. Digital signatures are used to generate digital fingerprints by using
a hashing algorithm to ensure the integrity of data transmission
a.
True
b.
False
6. Information security level protection is to improve the overall
national security level, while rationally optimizing the distribution of
security resources, so that it can return the greatest security and
economic benefits
a.
True
b.
False
� 7. Under the tunnel encapsulation mode. IPSec configuration does
not need to have a route to the destination private network
segment, because the data will be re-encapsulated using the new
IP header to find the routing table.
a.
False
b.
True
8. Which of the following are the standard port numbers for the FTP
protocol? (Multiple choice)
A.
23
B.
80
C.
21
D.
20
9. Digital signature is to achieve the integrity of data transmission by using a
hash algorithm to generate digital fingerprints.
a.
True
b.
False
� [Link] administrator wants to know the current session table. Which of the
following commands is correct?
a.
Reset firewall session table
b.
Display firewall session table
c.
Clear firewall session table
d.
Display session table
[Link] policy conditions can be divided into multiple fields, such as
source address, destination address, source port, destination port, etc.
These fields are "and " , that is, only information in the message and all
fields If you match, you can hit this strategy
a.
False
b.
True
[Link] of the following is the encryption technology used in digital
envelopes?
a.
Streaming algorithm
b.
Asymmetric encryption algorithm
c.
Hash algorithm
d.
Symmetric encryption algorithm
� [Link] of the following does not belong to the user authentication method
in the USG firewall?
a.
Free certification
b.
Fingerprint authentication
c.
Password authentication
d.
Single sign-on
[Link] of the following are the response actions after the gateway
antivirus detects the mail virus? (Multiple choice)
A.
Announcement
B.
Blocking
C.
Delete attachments
D.
Alarm
15. Firewall update signature database and Virus database online throjgh
security service center, requises the firewall can connect to the Internet
first, and then need to configure the correct DNS addresses.
a.
TRUE
b.
FALSE
� [Link] configuring security policy, a security policy can reference an
address set or configure multiple destination IP addresses.
a.
true
b.
false
[Link] configuring NAT Server on the LSG series firewall, the server-map
table will be generated. Which of the following does not belong in the
table?
a.
Destination IP
b.
Agreement number
c.
Destination port
d.
Source IP
[Link] of the following options is the correct sequence of the four phases
of the Information Security Management System (ISMS)?
a.
Plan->Check->Action->Do
b.
Plan->Do->Check->Action
c.
Check->Plan->Do->Action
d.
Plan->Check->Do->Action
� [Link] a computer to store information about criminal activity is not a
comouter crime
a.
False
b.
True
[Link] VPN. Which of the following scenarios can be applied by tunnel
mode?
a.
Between tunnel mode and transport mode
b.
between security gateways
c.
between the host and the host
d.
between hosts and security gateways
[Link] analysis technology is to find and -natch keywords or key ohrases in
the acquired data stream or information flow, and analyze: he correlation
of time. Which of the following is not an evidence analysis technique?
a.
Document Digital Abstract Analysis Technology
b.
Password deciphering, data decryption technology
c.
Techniques for discovering the connections between different evidences
d.
Spam tracking technology
� [Link] Prevention System (IPS) is a defense system that can block in
real time when an intrusion is discovered
a.
True
b.
False
[Link] of the following types of attacks does the DDos attack belong to?
a.
Traffic attack
b.
Malformed packet attack
c.
Snooping scanning attack
d.
Special packet attack
[Link] of the following option does not belong to symmetric encryption
algorithm?
a.
3DES
b.
RSA
c.
DES
d.
AES
� [Link] the USG series firewall, after the web redirection function is
configured, the authentication page cannot be displayed. Which of the
following is not the cause of the fault?
a.
The port of service of authentication page is set to 8887
b.
The authentication policy is not configured or the authentication policy is incorrectly
configured
c.
Web authentication is not enabled.
d.
The browser SSL version does not match the SSL version of the firewall authentication page.
[Link] of the following are key elements of information security
prevention? (Multiple choice)
A.
Asset management
B.
Security products and technologies
C.
Personnel
D.
Security operation and management
[Link] of the following is not a rating in the network security incident?
a.
Special network security incidents
b.
General network security incidents
c.
Major network security incidents
� [Link] Firewall does dual-system hot backup networking, in order to
achieve the overall status of the backup group switching, which of the
following protocol technology need to be used?
a.
VGMP
b.
VRRP
c.
OSPF
d.
HRP
[Link] information security prevention, commonly used security products are
firewalls, AntiDDos devices and IPS/IDS devices.
a.
True
b.
False
[Link] scanning attacks include: port scanning tools, vulnerability
scanning tools, application scanning tools, database scanning tools, etc
a.
False
b.
True
� [Link] of the following is not a hash algorithm?
a.
SHA1
b.
SHA2
c.
SM1
d.
MD5
[Link] the tunnel encapsulation mode. IPSec configuration does not need
to have a route to the destination private network segment, because the
data will be re-encapsulated using the new IP header to find the routing
table.
a.
true
b.
false
[Link] certificates are fair to public keys through third-party agencies,
thereby ensuring the non-repudiation of data transmission. Therefore, to
confirm the correctness of the public key, only the certificate of the
communicating party is needed.
a.
false
b.
true
� [Link] preservation of electronic evidence is directly related to the legal
effect of evidence, and it is in conformity with the preservation of legal
procedures, and its authenticity and reliability are guaranteed. Which of
the following is not an evidence preservation technique?
a.
Digital signature technology
b.
Digital certificate technology
c.
Encryption technology
d.
Packet tag tracking technology
[Link] the USG series firewall, which of the following commands can be used
to query the NAT translation result?
a.
display current nat
b.
display firewall session table
c.
display nat translation
d.
display firewall nat translation
[Link] security level protection is to improve the overall national
security level, while rationally optimizing the distribution of security
resources, so that it can return the greatest security and economic benefits
a.
True
b.
False
� [Link] of the following types of attacks does the DDoS attack belong to?
a.
Traffic attack
b.
Malformed packet attack
c.
Snooping scanning attack
d.
Special message attack
[Link] of the following statements is wrong about the firewall gateway's
anti-virus response to the HTTP protocol?
a.
When the gateway device blocks the HTTP connection, push the web page to the client and
generate a log.
b.
Alarm mode device only generates logs and sends them out without processing the files
transmitted by the HTTP protocol.
c.
Response methods include announcement and blocking
d.
Blocking means that the device disconnects from the HTTP server and blocks file transfer.
[Link] servers based on the shape, what types of the following can be
divided into? (Multiple choice)
A.
Tower server
B.
Blade sen/er
C.
X86 server
D.
Rack server
� [Link] SIP protocol establishes a session using an SDP message, and the
SDP message contains a remote address or a multicast address
a.
True
b.
False
[Link] evidence preservation is directly related to the legal effect of
evidence, in line with the preservation of legal procedures, and its
authenticity and reliability are guaranteed. Which of the following is not
an evidence preservation technology?
a.
Digital certificate technology
b.
Digital signature technology
c.
Message tag tracking technology
d.
Encryption technology
[Link] of the following is wrong about the management of Internet users?
a.
Each user group can include multiple users and user groups
b.
The system has a default user group by default, which is also the system default
authentication domain.
c.
Each user group can belong to multiple user groups
d.
Each user belongs to at least one user group, also can belong to multiple user groups
� [Link] configuring a GRE tunnel interface, the destination address
generally refers to which of the following parameters?
a.
IP address of the peer tunnel interface
b.
Local tunnel interface IP address
c.
Local end network export IP address
d.
Peer external network export IP address
[Link] repair of anti-virus software only needs to be able to repair some
system files that were accidentally deleted when killing the virus to
prevent the system from crashing
a.
False
b.
True
[Link] the following conditions occur in the VGMP group, the VGMP
message will not be sent to the peer end actively?
a.
Firewall service interface failure
b.
Manually switch the active and standby status of the firewall.
c.
Session table entry changes
d.
Dual hot backup function enabled
� [Link] of the following is the encryption technology used by digital
envelopes?
a.
Symmetric encryption algorithm
b.
Asymmetric encryption algorithm
[Link] the firewall uses the hrp standby config enable command to enable
:he standby device configuration function all the information that can be
backed up can be directly configured on the standby device, and the
configuration on the standby device can be synchronized to the active
device.
a.
False
b.
True
[Link] the information security system construction management cycle, which
of the following actions is required to be implemented in the "check' link?
a.
Risk assessment
b.
Safety management system design
c.
Safety management system operation monitoring
d.
Implementation of the safety management system
� [Link] of the following behaviors is relatively safer when connecting to
Wi-Fi in public places?
a.
Connect Wi-Fi hotspots that are not encrypted
b.
Connect unencrypted free Wi-Fi for online shopping
c.
Connect encrypted free Wi-Fi for online transfer operations
d.
Connect to the paid Wi-Fi hotspot provided by the operator and only browse the
web
[Link] the Client-Initiated VPN configuration, generally it is recommended to
plan the address pool and the headquarters or need to of the network
address for the different network or need to open proxy forwarding on the
gateway device
a.
True
b.
False
[Link] the server is a kind of computer, we can use our pc in the
enterprise as our server,
a.
True
b.
False
[Link] the VRRP (Virtual Router Redundancy Protocol) group, the primary
firewall periodically sends advertisement packets to the backup firewall.
The backup firewall is only responsible for monitoring advertisement
packets and will not respond.
a.
True
b.
False
� [Link] of the following guarantees "should detect and protect spam at
critical network nodes and maintain upgrades and updates of the spam
protection mechanism" in security 2.0?
a.
Malicious code prevention
b.
Border protection
c.
Centralized control
d.
Communication transmission
[Link] the administrator uses ’the default authentication domain to authenticate
a user, you only need to enter a user name when the user logs, if
administrators use the newly created authentication domain to
authenticate the user, the user will need to enter login "username @
Certified domain name"
a.
False
b.
True
[Link] of the following are correct regarding the matching conditions of
the security policy? (Multiple choice)
A.
"Time period" in the matching condition is an optional parameter
B.
'The source security zone' is an optional parameter in the matehing condition.
C.
"Apply" in the matching condition is an optional parameter
D.
"Service" is an optional parameter in the matching condition
� [Link] Huawei Redundancy Protocol (HRP) is used to synchronize the main
firewall configuration and connection status and other data on the backup
firewall to synchronize . Which of the following options is not in the
scope of synchronization?
a.
IPS signature set
b.
Security policy
c.
NAT policy
d.
Blacklist
[Link] built-in Portal authentication, firewall also supports custom Portal
authentication, when using a custom Portal authentication, no need to
deploy a separate external Portal sever.
a.
True
b.
False
[Link] technology can implement a public network IP address for multiple
private network hosts
a.
True
b.
False
� [Link] of the following are multi-user operating systems? (Multiple
choice)
A.
UNIX
B.
MSDOS
C.
Windows
D.
LINUX
[Link] applications, such as Oracle database application, there is no data
transfer for a long time, so that firewall session connection is interrupted,
thus resulting in service interruption, which of the following technology
can solve this problem?
a.
Configure default session aging time
b.
Configure a long business connection
c.
Turn fragment cache
d.
Optimization of packet filtering rules
[Link] identification needs to resolve the integrity verification of the
evidence and determine whether it meets the applicable standards. Which
of the following statements is correct about the standard of evidence
identification?
a.
Relevance criterion means that if the electronic evidence can have a substantial
impact on the facts of the case to s certain extent, the court should determine that
it is relevant.
b.
Legality standard is to ensure that the electronic evidence is collected from the initial
collection, and there is no change in the content of the evidence submitted as evidence.
�c.
Objective standard means that the acquisition, storage, and submission of electronic evidence
should be legal, and the basic rights such as national interests, social welfare, and personal
privacy are not strictly violated
d.
Fairness standard refers to the evidence obtained by the legal subject through egal means,
which has the evidence ability.
[Link] of the following options can be used in the advanced settings of
Windows Firewall? (Multiple choice)
A.
Change notification rules
B.
Restore defaults
C.
Set connection security rules
D.
Set out inbound rules
[Link] certificates can be divided into local certificates. CA certificates,
root certificates and self-signed certificates according to different usage
scenarios
a.
True
b.
False
64.‘Being good at observation’ and 'keeping suspicion’ can help us better
identify security threats in the online world
a.
False
b.
True
� [Link] the firewall security policy, which of the following options is
wrong?
a.
When configuring the security policy name, you cannot reuse the same name
b.
If the security policy is permit, the discarded message will not accumulate the
number of hits.
c.
Adjust the order of security policies with immediate effect, no need to save the configuration
file.
d.
H D. Huawei’s USG series firewalls cannot have more than 128 security policy entries.
[Link] the firewall hard disk is in place, which of the following is correct
description for the firewall log?
a.
The administrator can use the threat log to understand the user's security risk behavior and the
reason for being alarmed or blocked.
b.
The administrator knows the user's behavior, the keywords explored, and the effectiveness of
the audit policy configuration through the user activity log.
c.
The administrator can advertise the content log to view the detection and defense records of
network threats.
d.
The administrator can learn the security policy of the traffic hit through the
policy hit log. And use it for fault location when the problem occurs.
[Link] technology can implement a public network IP address for multiple
private network hosts
a.
False
b.
True
� [Link] implement the " anti-virus function " in the security policy, you must
perform a License activation
a.
True
b.
False
[Link] of the following is true about the description of SSL VPN?
a.
Can be used without a client
b.
There is a NAT traversal problem
c.
No authentication required
d.
May encrypt to IP layer
[Link] European TCSEC Code is divided into two modules, Function and
Evaluation, which are mainly used in the military, government and
commercial fields
a.
False
b.
True
� [Link] (Application Specific Packet Filter) is a kind of packet filtering
based on the application layer, it checks the application layer protocol
information and monitor the connection state of the application layer
protocol. ASPF by Server Map table achieves a special security
mechanism. Which statement about ASPF and Server map table are
correct? (Multiple choice)
A.
Quintuple server-map entries achieve a similar functionality with session table
B.
ASPF monitors the packets in the process of communication
C.
ASPF through server map table realize dynamic to allow multi-channel protocol
data to pass
D.
ASPF dynamically create and delete filtering rules
[Link] the USG series firewall, you can use the______function to provide
well-known application services for non-known ports.
a.
Packet filtering
b.
Port mapping
c.
MAC and IP address binding
d.
Long connection
� [Link] the GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If
the area connected to GE1/0/1 can access the area connected to GE1/0/2,
which of the following is correct?
a.
No need to do any configuration
b.
Need to configure the security policy from Local to DMZ
c.
Need to configure an interzone security policy
d.
Need to configure security policy from DMZ to local
[Link] of the following is not a key technology for anti-virus software?
a.
Format the disk
b.
Self-protection
c.
Real-time upgrade ofthe virus database
d.
Shelling technology
[Link] of the following statement about the L2TP VPN of Client-
initialized is wrong?
a.
LNS device receives user L2TPconnection request, can verify based on user name and
password.
b.
After the remote user access to internet, can initiate L2TP tunneling request to the remote
LNS directly through the client software
c.
LNS assign a private IP address for remote users
d.
remote users do not need to install VPN client software
� [Link] of the following is the correct description of the investigation and
evidence collection?
a.
Evidence is not necessarily required during the investigation
b.
In the process of all investigation and evidence collection, there are law
enforcement agencies involved.
c.
Evidence obtained by eavesdropping is also valid
d.
Document evidence is required in computer crime
[Link] signatures are used to generate digital fingerprints by using a
hashing algorithm to ensure the integrity of data transmission
a.
True
b.
False
[Link] VPN technology does not support NAT traversal when
encapsulating with ESP security protocol, because ESP encrypts the
packet header
a.
False
b.
True
� [Link] of the following are parts of the PKI architecture? (Multiple
Choice)
A.
Certificate Registration Authority
B.
Certification Authority
C.
End entity
D.
Certificate Storage organization
[Link] of the following description about the group management for
VGMP is wrong?
a.
Periodically sends Hello packets between VGMP of master/slave firewall
b.
Master/slave status change of VRRP backup group needs to notify its VGMP management
group
c.
The interface type and number of two firewalls heartbeat port may be different,
as long as they can communicate with each other
d.
master/slave devices exchange packets to understand each other through the heartbeat line,
and backup the related commands and status information
� [Link] ofthe following is the username / password for the first login ofthe
USG series firewall?
a.
User name admin, password admin
b.
User name admin, password Admin123
c.
User name admin, password admin@123
d.
Username admin, password Admin@123
[Link] the construction of information security system, the security model is
needed to accurately describe the relationship between important aspects
of security and system behavior
a.
False
b.
True
83. What are the advantages of address translation techniques
included? (Multiple choice)
A.
Address conversion that can handle the IP header of encryption
B.
Address conversion can block internal network users, improve the safety
of internal network
C.
Many host address conversion can make the internal LAN to share an IP
address on the Internet
D.
Address conversion can make internal network users (private IP
address) easy access to the Internet
� [Link] the construction of information security system, the security model is
needed to accurately describe the relationship between important aspects
of security and system behavior
a.
False
b.
True
85. For the process of forwarding the first packet of the session
between firewall domains, there are the following steps: 1) find the
routing table 2)find inter-domain packet filtering rules 3)find the
session table 4)find the blacklist. Which of the following is the
correct order?
a.
3…2…1…4
b.
4…3…1…2
c.
1…3…2…4
d.
3…4…1…2
86. Under the tunnel encapsulation mode. IPSec configuration
does not need to have a route to the destination private network
segment, because the data will be re-encapsulated using the new
IP header to find the routing table.
a.
False
b.
True
� 87. Security technology has different approaches at different
technical levels and areas. Which of the following devices can be
used for network layer security protection? (Multiple choice)
A.
IPS/IDS equipment
B.
Firewall
C.
Anti-DDoS equipment
D.
Vulnerability scanning device
88. Which of the following option does not belong to symmetric
encryption algorithm?
a.
DES
b.
3DES
c.
RSA
d.
AES
� 89. Which of the following are core elements of the IATF
(Information Assurance Technology Framework) model? (Multiple
choice)
A.
Environment
B.
Operation
C.
Technology
D.
person
90. The matching principle of the security policy is: firstly, find the
inter-domain security policy configured manually, and if there is no
match, the data packet is directly discarded
a.
True
b.
False
91. Which of the following is not the main form of computer
crime?
a.
Use scanning tools to collect network information without permission
b.
Using a computer for personal surveys
c.
Implant a Trojan to the target host
d.
Hacking the target host
� 92. Digital certificate technology solves the problem that public
key owners cannot determine in digital signature technology.
a.
False
b.
True
93. To implement the " anti-virus function " in the security policy,
you must perform a License activation
a.
True
b.
False
94. Except built-in Portal authentication, firewall also supports
custom Portal authentication, when using a custom Portal
authentication, no need to deploy a separate external Portal sever.
a.
False
b.
True
95. Which of the following is not a hash algorithm?
a.
SHA2
b.
SHA1
c.
MD5
d.
SM1
� 96. Because the server is a kind of computer, we can use our pc in the enterprise as
our server,
a.
True
b.
False
97. Digital certificates can be divided into local certificates, CA
certificates, root certificates, and self-signed certificates according
to different usage scenarios
a.
False
b.
True
98. Which of the following are correct about configuring the
firewall security zone? (Multiple Choice)
A.
When data flows between different security zones, the device security check is triggered
and the corresponding security policy is implemented
B.
Firewall can have 12 security zones at most.
C.
The firewall has four security zones by default, and the four security zone priorities do
not support modification.
D.
The firewall can create two security zones of the same priority
� 99. The preservation of electronic evidence is directly related to
the legal effect of evidence, and it is in conformity with the
preservation of legal procedures, and its authenticity and reliability
are guaranteed. Which of the following is not an evidence
preservation technique?
a.
Packet tag tracking technology
b.
Digital signature technology
c.
Digital certificate technology
d.
Encryption technology
100. Which of the following types of attacks does the DDos attack
belong to?
a.
Snooping scanning attack
b.
Malformed packet attack
c.
Special packet attack
d.
Traffic attack
101. Intrusion Prevention System (IPS) is a defense system that
can block in real time when an intrusion is discovered
a.
False
b.
True
� 102. Which of the following descriptions about windows logs is
wrong?
a.
Windows server 2008 system logs stored in the [Link]
b.
Windows seiver 2008 security lug is sluied in [Link]
c.
The application log contains events logged by the application or system program, mainly
recording events in the running of the program.
d.
The system log is used to record the events generated by the operating system
components, including the crash of the driver, system components and application
software, and data
103. When configuring security policy, a security policy can
reference an address set or configure multiple destination IP
addresses.
a.
True
b.
False
104. In the security assessment method, the purpose of the
security scan is to scan the target system with a scan analysis
evaluation tool to discover related vulnerabilities and prepare for
the attack.
a.
True
b.
False
� 105. Which of the following is not included in the design principles
of the questionnaire?
a.
Specificity
b.
Consistency
c.
Integrity
d.
Openness
106. Firewall update signature database and Virus database
online throjgh security service center, requires the firewall can
connect to the Internet first, and then need to configure the correct
DNS addresses.
a.
FALSE
b.
TRUE
107. Which of the following descriptions is wrong about the root
CA certificate?
a.
The certificate subject name is CA.
b.
Signature is generated by CA public key encryption
c.
Public key information is the public key ofthe CA
d.
The issuer is CA
� 108. The SIP protocol establishes a session using an SDP
message, and the SDP message contains a remote address or a
multicast address
a.
True
b.
False
109. About the contents of HRP standby configuration consistency
check, which of the following is not included?
a.
Next hop and outbound interface of static route
b.
Certification strategy
c.
NAT policy
d.
If the heartbeat interface with the same serial number configured
110. Being good at observation’ and 'keeping suspicion’ can help
us better identify security threats in the online world
a.
True
b.
False
� 111. Which of the following is not part of the method used in the
Detection section of the P2DR model?
a.
Testing
b.
Real-time monitoring
c.
Shut down the service
d.
Alarm
112. Which of the following is the GRE protocol number?
a.
47
b.
89
c.
50
d.
46
113. Terminal detection is an important part of the future
development of information security. Which of the following
methods belong to the category of terminal detection? (Multiple
Choice)
A.
Monitor the host registry modification record
B.
Install host antivirus software
C.
Monitor and remember the external device
D.
Prevent users from accessing public network search engines
� 114. In the Client-Initiated VPN configuration, generally it is
recommended to plan the address pool and the headquarters or
need to of the network address for the different network or need to
open proxy forwarding on the gateway device
a.
True
b.
False
115. About the description of firewall active-standby, which of the following is
correct? (Multiple Choice)
A.
The firewall active-standby requires the information such as the session table. MAC
table, routing table and so on synchronous backup between primary devices and slave
devices.
B.
It requires the state of all the VRRP backup groups in the same VGMP management
group on the same firewall should be consistent.
C.
VGMP is to ensure all VRRP backup groups' consistency of switching
D.
When a plurality of regions on the firewall needs to provide dual-machine backup
function, you need to configure multiple VRRP backup groups on the firewall.
116. In the construction of information security system, the
security model is needed to accurately describe the relationship
between important aspects of security and system behavior
a.
True
b.
False
� 117. Which of the following are malicious programs? (Multiple
choice)
A.
Worm
B.
Trojan horse
C.
Virus
D.
Vulnerabilities
118. Security policy conditions can be divided into multiple fields,
such as source address, destination address, source port,
destination port, etc. These fields are "and " , that is, only
information in the message and all fields If you match, you can hit
this strategy
a.
False
b.
True
119. Which of the following is not a key technology for anti-virus
software?
a.
Shelling technology
b.
Self-protection
c.
Format the disk
d.
Real-time upgrade ofthe virus database
� 120. For the occurrence of network security incidents, the remote
emergency response is generally adopted first. If the problem
cannot be solved for the customer through remote access, after the
customer confirms, it is transferred to the local emergency
response process.
a.
False
b.
True
121. Which of the following is the core part of the P2DR model?
a.
Response
b.
Policy Strategy
c.
Detection
d.
Protection
122. In the VRRP (Virtual Router Redundancy Protocol) group, the
primary firewall periodically sends advertisement packets to the
backup firewall. The backup firewall is only responsible for
monitoring advertisement packets and will not respond.
a.
False
b.
True
� 123. In the USG series firewall, which of the following commands
can be used to query the NAT translation result?
a.
display firewall session table
b.
display nat translation
c.
display current nat
d.
display firewall nat translation
124. The repair of anti-virus software only needs to be able to
repair some system files that were accidentally deleted when killing
the virus to prevent the system from crashing
a.
True
b.
False
125. Use ip tables to write a rule that does not allow the network
segment of [Link]/16 to access the devise. Which of the
following rules is correct?
a.
iptables -t filter -P INPUT -d [Link]/16 -p all -j ACCEPT
b.
Iptables -t filter -A INPUT -s [Link]/16 -p all -j DROP
c.
Iptables -t filter -P INPUT -s [Link]/16 -p all -j DROP
d.
Iptables -t filter -P INPUT -s 172.1G.0.0/1G -p all -j ACCEPT
� 126. Which of the following protection levels are included in the
TCSEC standard? (Multiple Choice)
A.
Verify protection level
B.
Passive protection level
C.
Independent protection level
D.
Forced protection level
127. Which of the following description about the group
management for VGMP is wrong?
a.
Periodically sends Hello packets between VGMP of master/slave firewall
b.
Master/slave status change of VRRP backup group needs to notify its VGMP
management group
c.
master/slave devices exchange packets to understand each other through the heartbeat
line, and backup the related commands and status information
d.
The interface type and number of two firewalls heartbeat port may be
different, as long as they can communicate with each other
� 128. When Firewall does dual-system hot backup networking, in
order to achieve the overall status of the backup group switching,
which of the following protocol technology need to be used?
a.
VRRP
b.
HRP
c.
VGMP
d.
OSPF
129. In Huawei SDSec solution, which layer of equipment does the
firewall belong to?
a.
Monitoring layer
b.
Executive layer
c.
Control layer
d.
Analysis layer
130. If the administrator uses ’the default authentication domain to
authenticate a user, you only need to enter a user name when the
user logs, if administrators use the newly created authentication
domain to authenticate the user, the user will need to enter login
"username @ Certified domain name"
a.
True
b.
False
� 131. Which of the following are correct regarding the matching
conditions of the security policy? (Multiple choice)
A.
"Service" is an optional parameter in the matching condition
B.
"Apply" in the matching condition is an optional parameter
C.
"Time period" in the matching condition is an optional parameter
D.
'The source security zone' is an optional parameter in the matehing condition.
132. Which of the following are parts of the PKI architecture?
(Multiple Choice)
A.
End entity
B.
Certificate Registration Authority
C.
Certificate Storage organization
D.
Certification Authority
133. Which of the following descriptions about IKE SA is wrong?
a.
IKE SA is two-way
b.
IKE is a UDP- based application layer protocol
c.
IKE SA servers for IPSec SA
d.
The encryption algorithm used by user data packets is determined by IKE SA.
� 134. Which of the following attacks is not a malformed message
attack?
a.
ICMP unreachable packet attack
b.
TCP fragment attack
c.
Smurf attack
d.
Teardrop attack
135. Common scanning attacks include: port scanning tools,
vulnerability scanning tools, application scanning tools, database
scanning tools, etc
a.
False
b.
True
