EMT Practice Test

1. Question Content...


Question List

Question1: Regarding the AH and ESP security protocols, which of the following statements are correct?
(Multiple Choice)

Question2: Which of the following descriptions about RADIUS are correct? (Multiple Choice)

Question3: The reason why OSPF is more commonly used than RIP is that OSPF has the device authentication function and is more secure.

Question4: Which of the following verification algorithms does IPsec use to compare ICVs to verify packet integrity and authenticity?

Question5: Please match the following application layer service protocols with the correct transport layer protocols and port numbers.

Question6: Which of the following is not an encryption algorithm in VPN?

Question7: There is no priority between custom signatures and predefined signatures. When traffic hits both custom signatures and predefined signatures, the final action will be based on the most stringent signature.

Question8: When a user uses the Web to log in to the firewall, the security policy between the user's security zone and which of the following security zones needs to be opened?

Question9: IDS is usually hung on the switch to detect intrusions and avoid single points of failure affecting the normal operation of the network.

Question10: MD5 is a hash function widely used in the field of computer security to provide message () protection.

Question11: Which of the following attacks can intrusion prevention detect? (Multiple Choice)

Question12: Which of the following descriptions about GRE security is correct?

Question13: Which of the following descriptions of investigation and evidence collection is correct?

Question14: Which of the following descriptions about the characteristics of L2TP over IPsec is incorrect?

Question15: Please match the following malicious code types with their corresponding descriptions.

Question16: Which of the following options can be operated in the advanced settings of Windows Firewall?
(Multiple Choice)

Question17: Which of the following options is not a hashing algorithm?

Question18: Which of the following options are suitable for business travelers to access the corporate intranet in a public network environment? (Multiple Choice)

Question19: Which of the following behaviors will be recognized as intrusions by the intrusion detection system?
(Multiple Choice)

Question20: As shown in the figure, when R1 receives a data packet accessing PC2, which of the following route prefixes will be matched?

Question21: The firewall executes the command and displays the above information. Which of the following descriptions is correct? (Multiple Choice)

Question22: Which of the following security zones can be deleted and the priority reconfigured?

Question23: After the firewall detects an intrusion, the administrator can view the intrusion log information in the firewall business log or () log.

Question24: Which of the following traffic matching the authentication policy will trigger authentication?

Question25: Regarding the description of the data packet during iptables transmission, which of the following options is incorrect?

Question26: Which of the following is a core part of the P2DR model?

Question27: Information security prevention technologies include : data encryption, identity authentication, intrusion prevention, anti-virus, etc.

Question28: Which of the following is not one of the top ten security risks of web applications?

Question29: SH3 is a commercial algorithm compiled by the State Cryptozoology Administration. It is used for digital signature and verification, message authentication code generation and verification, and random number generation in cryptographic applications. It can meet the security needs of a variety of cryptographic applications.

Question30: Which of the following does not belong to the levels classified in network security incidents?

Question31: When the administrator was loading the device license, he found that the loading failed. Which of the following items may cause the failure to load the license? (Multiple Choice)

Question32: ARP man-in-the-middle attack is a type of spoofing attack technology.

Question33: In single sign-on, both the third-party authentication server and the firewall need to participate in the authentication process and record the visitor's identity information.

Question34: Which of the following information is not included in the DHCP binding table?

Question35: The communicating parties in different security zones will exchange messages, so the direction of a traffic should be determined based on the first message that initiates the traffic.

Question36: Which of the following is not a characteristic of worm viruses? (Multiple Choice)

Question37: Which of the following options is not an identifier of IPsec SA?

Question38: Regarding the characteristics of firewall security zones, which of the following descriptions are correct? (Multiple Choice)

Question39: Which of the following descriptions about firewall single sign-on are correct? (Multiple Choice)

Question40: After the company network administrator configured dual-machine hot backup, he wanted to check the status of the current VGMP group, so he typed the command and the following information was displayed.
HRP_M<FW_A>__
Role: active, peer: active
Running priority: 45000, peer: 45000
Backup channel usage: 30X
Stable time: 1 days, 13 hours, 35 minutes
Last state change information: 2020-03-2216:01:56 HRP core state changed, old_state = normal (active), new_state=normal (active),1ocalpriority F 4 peer_priority = 45000.
Configuration:
hello interval: 1000ms
preempt: 60s
mirror configuration: off
mirror session: on
track trunk member: on
auto-sync configuration: on
auto-sync connection-status: on
adjust ospf cost: on
adjust ospfv3-cost: on
adjust bgp-cost: on
nat resource: off
Detail information:
Gigabit Ethernet 0/0/1: up
Gigabit Ethernet 0/0/3: up
ospf-cost: +0
Then the command he typed in the blank space is ().

Question41: Regarding the matching conditions of security policies, which of the following options are correct?
(Multiple Choice)

Question42: As shown in the figure is the process of AD single sign-on (querying the AD server security log mode). Please match the corresponding operation process.

Question43: When establishing an FTP connection using passive mode, use port 20 for the control channel and port 21 for the data channel.

Question44: Which of the following measures can be taken to deal with the risk of intranet users leaking secrets?

Question45: Which of the following options is not a certificate saving file format supported by USG6000 series devices?

Question46: The basic attributes of information security include () () availability and non-repudiation

Question47: When the company network administrator configures dual-machine hot backup, configure the status of VRRP backup group 1 as Active, and configure the virtual IP address as 10.1.1.1/24, then the command that needs to be typed in the blank space is?

Question48: In a networking environment where the round-trip paths of packets are inconsistent, the firewall may only receive subsequent packets during the communication process, but not the first packet. When the stateful inspection function is enabled, the firewall will discard the packet.

Question49: Match the following investigation methods with their descriptions.

Question50: Which of the following behaviors is relatively safer when connecting to Wi-Fi in public places?

Question51: Drag the stages of network security emergency response on the left into the box on the right, and arrange them from top to bottom in order of execution.

Question52: Information security level protection is the basic system for national information security work

Question53: Which of the following options are available for IPsec VPN peer authentication? (Multiple Choice)

Question54: RFC (Request For Comment) 1918 sets aside 3 IP addresses for private use, respectively 10.0.0.0- 10.255.255.255, () 192.168.0.0-192.168.255.255

Question55: In PKI, if you manually replace the CA and local certificate, please first ensure that the CA and local certificate are not used by the business.

Question56: IKE has a self-protection mechanism that can securely authenticate identities, distribute keys, and establish IPsec SA on insecure networks.
These self-protection mechanisms include which of the following? (Multiple Choice)

Question57: Which of the following does not belong to the Linux operating system?

Question58: Please sequence the following digital envelope encryption and decryption processes correctly.

Question59: What is the port number of the SMTP protocol?

Question60: A PKI system consists of four parts (), certification authority, certificate registration authority and certificate/CRL repository).

Question61: Which of the following aspects does the basic implementation mechanism of intrusion prevention include? (Multiple Choice)

Question62: Digital certificates authenticate public keys through third-party organizations to ensure non- repudiation of data transmission. Therefore, only the certificate of the communicating party is needed to confirm the correctness of the public key.

Question63: The protocol data unit PDU has different names at different layers. Which of the following is the name of the PDU at the transport layer?

Question64: After the firewall enables dual-machine hot backup, when the VGMP group priority of the local firewall is greater than the VGMP group priority of the peer firewall, the VGMP group status of the local firewall switches to Active.

Question65: When the switch receives a packet with the destination MC address 5489-981b-22ca on the E0/0/5 interface, it will discard it.
As shown in the picture, the picture shows the top of the MAC address forwarding table of a switch.
Which of the following descriptions of the table items are correct? (Multiple Choice)

Question66: Which of the following security zones can be deleted and the priority reconfigured?

Question67: GRE, as a Layer 2 VPN encapsulation technology, can solve the transmission problem of heterogeneous networks.

Question68: When deploying IPsec VPN tunnel mode, use the AH protocol for packet encapsulation.
In the new IP packet header field, which of the following parameters does not require data integrity check?

Question69: Commonly used scanning tools include: port scanning tools, vulnerability scanning tools, application scanning tools, database scanning tools, etc.

Question70: Which of the following descriptions of the default zone of Huawei firewall is correct?

Question71: The degree of harm to national security, social order, public interests, and the legitimate rights and interests of citizens, legal persons, and other organizations after the information system is destroyed shall be determined by factors such as the degree of harm. The security level of information systems is divided into () levels.

Question72: Which of the following protocols cannot be encrypted by SSL VPN?

Question73: Which of the following descriptions of firewall characteristics is correct?

Question74: Which of the following harms may be caused by buffer overflow attacks? (Multiple Choice)

Question75: Which of the following descriptions of cryptography are correct? (Multiple Choice)

Question76: Please match the worm attack process and attack description.

Question77: Which of the following protocols are application layer protocols? (Multiple Choice)

Question78: By default, the firewall does not authenticate the data flows passing through it. You need to configure the authentication policy to filter out the data flows that need to be authenticated and authenticate them.

Question79: Which of the following are remote authentication methods? (Multiple Choice)

Question80: Which of the following does not belong to the common application scenarios of digital certificates?

Question81: Which of the following options belong to the same characteristics of Windows system and LINUX system? (Multiple Choice)

Question82: Which layers in the OSI model does the network interface layer in the TCP/IP standard model correspond to? (Multiple Choice)

Question83: Encryption is the basis for transmitting information over the Internet. In layman's terms, encryption is the use of mathematical methods to convert plaintext (data that needs to be concealed) into ciphertext (unreadable data) to achieve the purpose of protecting data.

Question84: Which of the following malicious codes can be hidden in a program?

Question85: When we use digital signature technology, the receiver needs to use the sender's () to decode the digital signature and obtain the digital fingerprint.

Question86: Which of the following items does IKE's identity authentication mechanism include? (Multiple Choice)

Question87: Regarding Internet user management, which of the following is incorrect?

Question88: In the USG series firewall, you can use which of the following function to provide well-known application services for non-well-known ports?

Question89: Which of the following modules does a virus program generally consist of? (Multiple Choice)

Question90: IPv6 supports configuring the router authorization function on the device, verifying the identity of the peer through digital certificates, and selecting legal devices.

Question91: The security factor of digital signatures is very high. Even if an attacker obtains the sender's public key, he cannot spy on the private data.

Question92: Which of the following is a potential threat in the network?

Question93: Which of the following are the mitigation measures for ICMPV6 error message flooding attacks?
(Multiple Choice)

Question94: Which of the following descriptions of Huawei firewall security zones is correct?

Question95: Regarding the ordering of PKI work processes, which of the following is correct?

Question96: Security policy conditions can be divided into multiple fields, such as source address, destination address, source port, destination port, etc. There is an "AND" relationship between these fields, that is, only the information in the message and all fields If they all match, then this strategy is considered successful.

Question97: Regarding the anti-virus response method of the firewall gateway for the HTTP protocol, which of the following statements is incorrect?

Question98: The function of the security policy in the firewall is to inspect the data flow passing through the firewall. Only legal data flow that conforms to the security policy can pass the firewall.

Question99: Which of the following descriptions of key exchange in IPsec is incorrect?

Question100: Please match the following certificate types with the corresponding characteristics.

Question101: Which of the following algorithms are asymmetric encryption algorithms? (Multiple Choice)

Question102: The attacker sends a SYN message with the same source address and destination address, or the source address is a loopback address, to the target host (the source port and destination port are the same), causing the attacker to send a SYN-ACK message to its own address.
What kind of attack does this behavior belong to?

Question103: Regarding the description of Internet user and VPN access user authentication, which of the following is incorrect?

Question104: Which of the following descriptions of applying for a local certificate in PKI is correct? (Multiple Choice)

Question105: Intrusion attempts to destroy which of the following information attributes? (Multiple Choice)

Question106: A business impact analysis (BIA) does not include which of the following?

Question107: If internal employees access the Internet through the firewall and find that they cannot connect to the Internet normally, what view commands can be used on the firewall to troubleshoot interfaces, security zones, security policies, and routing tables?

Question108: An engineer needs to back up the firewall configuration. Now he wants to use one command to view all the current configurations of the firewall. What is the command he uses () (use the complete command)

Question109: Which of the following information is not included in the backup content of status information backup in dual-system hot backup?

Question110: Regarding Client-Initialized L2TP VPN, which of the following statements is incorrect?

Question111: In the MPS 2.0, which item stipulates that "spam should be detected and protected at key network nodes, and the upgrade and update of the spam protection mechanism should be maintained"?

Question112: Regarding the characteristics of TCP-based attacks, which of the following descriptions are correct?
(Multiple Choice)

Question113: As shown in the figure, in transmission mode, which of the following positions should the AH Header be inserted into?

Question114: Intrusion prevention system (IPS, intrusion prevention system) is a defense system that can block intrusions in real time when it detects intrusions.

Question115: Please sort the firewall DDoS attack prevention process in order.

Question116: Applying for special funds for emergency response and purchasing emergency response software and hardware equipment belong to which stage of the complete network emergency response?

Question117: When IPsec VPN technology uses the ESP security protocol and transmission mode to encapsulate data packets, ESP will encrypt the IP packet header.

Question118: Regarding NAT technology, which of the following descriptions is incorrect?

Question119: As shown is the application scenario of a NAT server, when using the web configuration method to perform this configuration.
Which of the following statements are correct? (Multiple Choice)

Question120: Network security situational awareness is the ability to dynamically and holistically gain insight into security risks based on the environment. It uses technologies such as data fusion, data mining, intelligent analysis, and visualization to intuitively display the real-time security status of the network environment to ensure network security. Provide technical support.

Question121: A standard Linux system generally has a set of programs called applications, which includes text editors, programming languages, Window7, office suites, Internet tools, databases, etc.

Question122: Classify servers according to their appearance. Which of the following types can they be divided into? (Multiple Choice)

Question123: Regarding the characteristics of the SMTP and POP3 protocols, which of the following descriptions are correct? (Multiple Choice)

Question124: If the virus file is an application exception, it will be processed according to the response action of the application exception.
Which of the following is not a response action for applying an exception?

Question125: The default authentication domain of USG6000 series firewall is () domain.

Question126: After an engineer completed the source NAT configuration, the internal network still could not access the external network. The engineer wanted to query the detailed information of address translation by using the command to query the session table, so the engineer directly used the () command in the user view to query the address translation information.

Question127: If there is an incident of foreign criminals using the Internet to steal our country's national secrets, what kind of early warning will the country activate?

Question128: Which of the following does the security inspection service need to check? (Multiple Choice)

Question129: When an employee of a company receives a suspicious email with an attachment, which of the following actions is correct?

Question130: In the DNS system, which type of server can serve as a proxy for the authorization server to relieve the pressure on the authorization server?

Question131: Which of the following information systems belong to the first level of protected information systems?
(Multiple Choice)

Question132: Which of the following does not belong to the certification, accreditation and audit guideline part of the ISO27000 information security management system family?

Question133: In the VGMP group status, if the device's own VGMP group priority is equal to the VGMP group priority of the peer device, the device's VGMP group status is ().

Question134: In the IS027001 certification process, which of the following items are part of the terminal security inspection in the formal audit? (Multiple Choice)

Question135: Which of the following options are characteristics of symmetric encryption algorithms? (Multiple Choice)

Question136: Regarding the description of the grading of the medium-level protection system in MSW 2.0, which of the following options are correct? (Multiple Choice)

Question137: Intrusion detection covers various authorized and unauthorized intrusion behaviors. Which of the following behaviors does not fall within the scope of intrusion detection?

Question138: Which of the following descriptions of the working principle of switches are correct? (Multiple Choice)

Question139: The sub-interface function can be enabled on the firewall interface G0/0/1 and can be divided into different VLANs, but the sub-interface cannot be added to the security zone.

Question140: As shown in the figure, the administrator tests the network quality from the 20.0.0.0/24 network segment to the 40.0.0.0/24 network segment on device B, and requires the device to send large data packets for a long time to test the network connectivity and stability. To meet its requirements, which of the following commands?

Question141: According to management specifications, network security systems and equipment are regularly inspected, patched and upgraded, and network security emergency response drills are organized. Which aspects of the above actions belong to the MPDRR network security model? (Multiple Choice)

Question142: Which of the following are disadvantages of packet filtering firewalls? (Multiple Choice)

Question143: Which of the following items belong to the information security prevention methods in the operation and maintenance management dimension? (Multiple Choice)

Question144: The goal of a business continuity plan is to provide a quick, calm and effective response in an emergency, thereby enhancing the enterprise's ability to immediately recover from a disruptive event.
Which of the following does it include? (Multiple Choice)

Question145: A firewall is actually an isolation technology that separates internal networks from public access networks.

Question146: Which of the following is the number range of Layer 2 ACL?

Question147: Which of the following services provides encrypted transmission by default?

Question148: Information security level protection is to improve the overall security level of the country, and at the same time reasonably optimize the allocation of security resources to maximize security and economic benefits.

Question149: In the configuration state, the TCP status detection function and the ICMP status detection function are independent of each other. Turning on or off the status detection of one data flow will not affect the status detection of the other data flow. By default, the maximum ICP segment length is () bytes.

Question150: Regarding NAT address translation, which of the following statements is incorrect?

Question151: Please sequence the following steps according to the hierarchical protection process.

Question152: Which of the following descriptions about heartbeat interface configuration is correct?

Question153: Which of the following messages are RADIUS messages? (Multiple Choice)

Question154: By default, firewall security policies only control packets from which of the following?

Question155: From the time when the original packet enters the GRE tunnel to when the GRE packet is transferred out by the firewall, the packet spans the relationship between two domains.
As shown in the figure, after the original packet is encapsulated by GRE, when the firewall forwards the packet, which of the following security zones does the packet pass through?

Question156: Netstream can perform traffic classification statistics based on the five-tuple in IPv4 packets.

Question157: Heartbeat message (Hello message): Two FWs send heartbeat messages to each other periodically (default period is () seconds) to detect whether the peer device is alive.

Question158: The data flow between security domains is directional, including inbound and outbound.

Question159: How many bits are the keys used by DES encryption technology, and how many bits are used by
3DES encryption technology.

Question160: Which of the following statements about L2TP VPN is incorrect?

Question161: Deploying HiSec Insight in the enterprise network can effectively discover potential threats and advanced threats in the network, and achieve network-wide security situation awareness within the enterprise.

Question162: On the USG series firewall, after configuring the web redirection function, the authentication page cannot be popped up. Which of the following is not a cause of the fault?

Question163: According to the session creation and query process of the firewall, drag the parameters that the firewall on the left checks when forwarding traffic to the box on the right, and arrange them from top to bottom in the order of checking.

Question164: When the company network administrator performs dual-machine hot backup, considering the possibility of inconsistent round-trip paths, and wants to enable the session fast backup function, the command that needs to be entered is ()

Question165: Server-map is used to store a mapping relationship. This mapping relationship can be a data connection relationship negotiated by control data, or it can be an address mapping relationship configured in NAT, so that the external network can actively access the internal network through the firewall.

Question166: Which of the following does not belong to the user authentication method in the USG firewall?

Question167: As shown in the figure, what is the range of the AH protocol authentication range in transmission mode?

Question168: Which of the following descriptions of the role of the HTTP protocol is correct?

Question169: As shown in the figure, in tunnel mode, the New IP Header should be in which of the following positions?

Question170: After the company network administrator configured dual-machine hot backup, he used commands to check VRRP and other information and obtained the following information.
HRP_M<FWA>
Gigabit Ethernet 0/0/3 Virtual Router 1
State: Master
Virtual IP: 10.3.0.3
Master IP: 10.3.0.1
Priority Run: 120
Priority Config: 100
Master Priority: 120
Preempt: YES
Delay Time: 0s
Timer Run: 60s
Timer Config: 60s
Auth type: NONE
Virtual MAC: 0000-5e00-0101
Check TIL: YES
Config type: vgmp Vrrp
Backup-forward: disabled
Create time: 2020-03-17 17: 35: 54UTC+08: 02
Last change time: 2020-03-22 16: 01: 56 UTC+08: 02
What is the view command he types in the blank space ()

Question171: The gateway anti-virus () method simply extracts the characteristics of files and matches them with the local signature library. Compared with the proxy scanning method, the detection speed is fast and the detection rate is relatively low.

Question172: Which of the following descriptions of the PKI life cycle is correct? (Multiple Choice)

Question173: Use the reset firewal1 session table command to clear all session table information. The end user needs to reinitiate the connection to restart communication.

Question174: Because UTM has the characteristics of parallel processing of multiple performances, UTM's processing performance and speed of network traffic are faster than NGFW.

Question175: Huawei's Agile Controller product is a () device in the HiSec solution.

Question176: Because a server is a type of computer, we can use our personal computers as servers in enterprises.

Question177: Configure authentication options. If you use web push page authentication, you also need to configure the corresponding security policy to allow the data flow with the default port number () to reach the firewall itself.

Question178: To prevent leaking the web server version, WAF can remove the () header in the HTTP Response.

Question179: The configuration command for the NAT address pool is as follows: nat address-group 1 section 0
202.202.168.10 202.202.168.20 mode no-pat. Among them, the meaning of the no-pat parameter is:

Question180: Use the public IP address of the outgoing interface as the address after NAT, and convert the address and port at the same time.
Which of the following types of NATs fit the above description?

Question181: Which of the following types of computer viruses can be divided into? (Multiple Choice)

Question182: In IP, after receiving the Hello message, the Standby end will respond with an ACK message, which will also carry its own priority and VRRP member status.

Question183: Some applications, such as Oracle database applications, have no data flow transmission for a long time, causing the firewall session connection to be interrupted, resulting in business interruption. Which of the following is the optimal solution?

Question184: Which of the following descriptions of HWTACACS are incorrect? (Multiple Choice)

Question185: VRRP backup group has three states: Initialize, Master and Backup.

Question186: The advantages of symmetric key encryption are high efficiency, simple algorithm, low system overhead, and suitable for encrypting large amounts of data.

Question187: The administrator wants to clear the current session table.
Which of the following commands is correct?

Question188: Intrusion prevention detects and analyzes all passing packets through a complete detection mechanism, and decides to allow or block them in real time.
Please sort the following processes according to the basic implementation mechanism of intrusion prevention.

Question189: During the electronic evidence collection process, any changes to system settings, damage to hardware, data destruction, or virus infection must be avoided.

Question190: Which of the following options belong to international organizations related to information security standardization? (Multiple Choice)

Question191: If there are actual changes to the company structure, the feasibility of the business continuity plan needs to be retested

Question192: The built-in Porral authentication method of Huawei firewall is only session authentication.

Question193: Which of the following options are encapsulation modes supported by IPsec VPN? (Multiple Choice)

Question194: Which of the following messages are needed when establishing an L2TP session? (Multiple Choice)

Question195: Which of the following descriptions about the transmission of information through the heartbeat in the dual-machine hot standby center is incorrect?

Question196: The tunnel addresses at both ends of the GRE tunnel can be configured as addresses on different network segments.

Question197: When browsing a web page, the user enters the string URL, but when the computer accesses the URL, what it really needs to know is the IP address of the domain name corresponding to the URL. In this case, the domain name resolution () protocol is required to perform domain name resolution.

Question198: Social engineering is a means of deceiving, harming, and other harmful means through psychological traps such as psychological weaknesses, instinctive reactions, curiosity, trust, and greed of victims.

Question199: IPsec can use which of the following protocols to complete the automatic distribution of keys for encryption and authentication processes?

Question200: Which of the following descriptions of the active and standby firewall session tables are correct?
(Multiple Choice)

Question201: Which of the following items does the information output by the display firewall session table verbose command include? (Multiple Choice)

Question202: The world's first worm - the "Morris Worm" made people realize that as people become increasingly dependent on computers, the possibility of computer networks being attacked is also increasing, and it is necessary to establish a complete emergency response system

Question203: When AntiDos statistics detect attack traffic, it will divert the attack traffic to the cleaning device.
After the cleaning device completes cleaning, it will inject the traffic back to the original link. Which of the following options does not belong to the back-injection method?

Question204: () Authentication is to configure user information (including the user name, password and various attributes of local users) on the network access server. The advantage is that it is fast.

Question205: In the security policy matching process, which of the following items belongs to the file content of the security configuration?

Question206: Which of the following descriptions about the status of the firewall VGMP group is correct? (Multiple Choice)

Question207: The hash algorithm is collision-resistant, that is, if you input different data, the output Hash value cannot be the same.

Question208: Which of the following NAT technologies supports external network devices to actively access internal network PCs through translated addresses and ports?

Question209: Which of the following descriptions about SSL VPN are correct? (Multiple Choice)

Question210: Which of the following descriptions of applying for a local certificate in the PKI system are correct?
(Multiple Choice)

Question211: Which of the following descriptions about the characteristics of firewall security policies is incorrect?

Question212: Which of the following descriptions of the centralized deployment scenario of the authentication server are correct? (Multiple Choice)

Question213: IPS supports customized intrusion prevention rules to respond to the latest threats to the greatest extent.

Question214: In the construction of information security system, a security model is needed to accurately describe the relationship between important aspects of security and system behavior.

Question215: Which of the following is not a default action of an intrusion prevention signature?

Question216: Which of the following is true regarding firewall security policies?

Question217: Which of the following status information can be backed up by the HRP (Huawei Redundancy Protocol) protocol? (Multiple Choice)

Question218: The European TCSEC guidelines are divided into two modules, functional and evaluation, and are mainly used in the military, government and commercial fields.

Question219: Information security violations by corporate employees may cause security threats to corporate networks

Question220: Evidence appraisal needs to address the integrity verification of evidence and determine whether it meets the admissible standards. Regarding the standards for evidence appraisal, which of the following descriptions is correct?

Question221: When the administrator upgrades the USG firewall software version, which of the following operations are necessary? (Multiple Choice)

Question222: Digital signature refers to the data obtained by encrypting the digital fingerprint with the sender's own public key.

Question223: HTTP messages are carried using UDP, while the HTTPS protocol is based on the TCP three-way handshake, so HTTPS is safer and it is more recommended to use HTTPS.

Question224: Which of the following items are advantages of NAT? (Multiple Choice)

Question225: Among the symmetric encryption algorithms, the () algorithm is used in data communication channels, browsers or network links.

Question226: Regarding SSL VPN technology, which of the following statements is incorrect?

Question227: The firewall will record the five-tuple information of the traffic when establishing a session. The five- tuple information specifically refers to the source port, destination port, source address, and destination address ().

Question228: Equipment destruction attacks generally do not easily lead to information leakage, but usually cause interruption of network communication services.

Question229: The intrusion prevention predefined signature has four default actions, namely release, alarm, blocking and adding to the blacklist.

Question230: In the L2TP configuration, which of the following statements are correct regarding the Tunnel Name command? (Multiple Choice)

Question231: Please sort the overall process for remote users to access corporate intranet resources through SSL VPN.

Question232: Classified protection has experienced nearly 20 years of development and has roughly gone through three stages, namely the initial stage, the development stage and ().

Question233: Regarding the characteristics of DNS, which of the following descriptions is incorrect?

Question234: In the classification of information security level protection systems, which of the following levels define the damage that will occur to social order and public interests if the information system is destroyed? (Multiple Choice)

Question235: In response to network security incidents that occur, remote emergency response is generally carried out first. If the problem cannot be solved for the customer through remote access, after the customer confirms, it will be transferred to the local emergency response process.

Question236: The firewall only needs to be deployed at the boundary between the internal network and the external network. There is no need to use a firewall for mutual access between different departments within the internal network.

Question237: Which of the following algorithms can be used for digital envelopes? (Multiple Choice)

Question238: In a stateful inspection firewall, when the stateful inspection mechanism is turned on, when the second message (SYN+ACK) of the three-way handshake reaches the firewall, if there is no corresponding session table on the firewall, which of the following descriptions is correct?

Question239: Which of the following descriptions of stateful inspection firewalls is correct?

Question240: Please sort according to the table processing priority of iptables from large to small.

Question241: In a dual-machine hot standby network, if the firewall does not receive the heartbeat message from the peer for five consecutive heartbeat cycles, it will determine that the peer device is faulty and trigger an active-standby switchover.

Question242: Which of the following descriptions of Huawei firewall's SYN Flood attack defense technology are correct? (Multiple Choice)

Question243: Digital certificate technology solves the problem of being unable to determine the owner of the public key in digital signature technology

Question244: When any of the following situations occurs in the VGMP group, the VGMP group will not actively send VGMP messages to the peer/

Question245: Which of the following methods can implement AD single sign-on? (Multiple Choice)

Question246: When an access user uses Client-Initiated VPN to establish a tunnel with the LNS, how many PPP connections can one tunnel carry?

Question247: The leakage of personal information belongs to the destruction of the () characteristics of the information.

Question248: Against the threat of eavesdropping, digital envelopes can be used to ensure the confidentiality of information.

Question249: Manual audit is a supplement to tool evaluation. It does not require the installation of any software on the target system being evaluated and has no impact on the operation and status of the target system.
Manual audit does not include which of the following options?

Question250: Please classify the following security defense methods into the correct categories.

Question251: Which of the following descriptions of the role of L2TP is correct? (Multiple Choice)

Question252: Special network security incidents do not belong to the levels classified in network security incidents.

Question253: Which of the following protocols are file transfer protocols? (Multiple Choice)

Question254: Which of the following is not an asymmetric encryption algorithm?

Question255: When a Layer 2 switch receives a unicast frame and the switch's MAC address table entry is empty, the switch will discard the unicast frame.

Question256: TCP/IP protocol stack data packet encapsulation includes :
1. Data
2.TCP/UDP
3. MAC
4. IP
Which of the following describes the packaging sequence?

Question257: The DMZ security area solves the problem of server placement very well. This security area can place equipment that needs to provide external network services, such as WWW servers, FTP servers, etc.

Question258: Check the HRP status information of the firewall as follows:
HRP S [USG_B] display hrp stateBbs.hh010.com The firewall's config state is: StandbyCurrent state of virtual routers configured as standby: GigabitEthernet1/0/0 vrid 1: standbyGigabitEthernet1/0/1Vrid 2:
standby
Based on the above information, which of the following descriptions is correct:

Question259: Security zone is an important concept of firewall. It is a combination of one or more interfaces on the firewall.
Which of the following does not belong to the firewall's default security zone?

Question260: Which of the following algorithms are block cipher algorithms? (Multiple Choice)

Question261: Which of the following is an action to be taken in the summary stage of network security emergency response? (Multiple Choice)

Question262: Which layer in the OSI model does the Layer 2 switch work at?

Question263: Regarding the control actions permit and deny of the firewall inter-domain forwarding security policy, which of the following options are correct? (Multiple Choice)

Question264: When an IPsec service is unavailable, the administrator can run the display ipsec sa command to view the IPsec SA information and find that the IPsec tunnel has been successfully established.
What are the possible reasons for the failure of this service? (Multiple Choice)

Question265: Which of the following service types can AAA authentication support? (Multiple Choice)

Question266: In the OSI seven-layer model, the data link layer defines the logical address of the device and provides media access

Question267: Please sort the different protocol layers of OSI in the correct order.

Question268: Which of the following descriptions about IPsec VPN are correct? (Multiple Choice)

Question269: The firewall considers that data flow within the same security zone does not pose security risks and does not require the implementation of any security policy.

Question270: Please match the following different NAT technologies with the corresponding application scenarios.

Question271: When users in the external network access the internal server, use the two-way NAT function to simultaneously convert the source and destination addresses of the packets, which can avoid setting up a gateway on the internal server and simplify configuration.

Question272: PEM format saves certificates in ASCII code format. What are the common suffixes? (Multiple Choice)

Question273: Which of the following descriptions about OSPF is correct? (Multiple Choice)

Question274: For the process of forwarding the first packet of a session between firewall domains, there are the following steps:
1. Find the routing table
2. Find inter-domain packet filtering rules
3. Find the session table
4. Search the blacklist
Which of the following sequences is correct?

Question275: On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands is correct?

Question276: Compared with IPsec VPN, () has the advantage of good compatibility, can encapsulate IPX, multicast packets, etc., and is widely used.

Question277: The attacker scans the ports to discover the ports currently open by the attacked object to determine the attack method. In a port scanning attack, attackers usually use Port Scan attack software to initiate a series of TCP/UDP connections and determine whether the host uses these ports to provide services based on the response messages. Such network detection behavior is called () scanning.

Question278: When the firewall is used as a bypass detection device, the detection interface needs to be set to a Layer 3 interface. Configuring the bypass detection function on the detection interface allows the firewall to only detect but not forward traffic.

Question279: In the IPsec VPN network with the headquarters-branch structure, when the headquarters configures the IPsec policy template, which of the following configurations are required? (Multiple Choice)

Question280: Which of the following is not a characteristic of digital envelopes?

Question281: Which of the following descriptions of security policies are correct? (Multiple Choice)

Question282: Which of the following authentication methods does IKEv1 support? (Multiple Choice)

Question283: Which of the following attacks is not a malformed packet attack?

Question284: When deploying IPsec VPN, which of the following is the main application scenario of tunnel mode?

Question285: Which of the following descriptions of firewall hot standby center heartbeat exchange messages is incorrect?

Question286: Digital signature technology not only proves that the information has not been tampered with. The identity of the sender is also proven. Digital signature and digital envelope technologies can also be used in combination.

Question287: Which of the following measures can prevent IP spoofing attacks?

Question288: The triggering methods of Portal authentication built into the firewall include pre-authentication and () authentication.

Question289: DDoS attack means that the attacker controls a large number of zombie hosts and sends a large number of attack messages to the attack target, causing link congestion on the network where the target is located, exhaustion of system resources, and the inability to provide services to normal users.

Question290: A PKI system consists of four parts: terminal entity, certificate certification authority, certificate registration authority and certificate/CRL repository.

Question291: The firewall supports the creation of custom security zones and allows network administrators to implement various special packet detection and security functions based on the security zones.

Question292: When configuring a GRE Tunnel interface, the Destination address generally refers to which of the following parameters?

Question293: () refers to the computer system's defects and deficiencies in specific matters of hardware, software, protocols, or system security policies.

Question294: Which of the following descriptions of the differences between firewalls, routers, and switches are correct? (Multiple Choice)

Question295: Regarding security policy configuration commands, which of the following is correct?

Question296: Information security prevention includes both management and technical measures. Which of the following measures does not belong to the prevention method of information security technology?

Question297: Compared with symmetric encryption algorithms, asymmetric encryption algorithms have a higher security factor.

Question298: Which of the following attacks belong to DDoS attack types? (Multiple Choice)

Question299: The data link layer is located between the network layer and the physical layer and can provide services to IP, IPv6 and other protocols of the network layer. PDUs at the data link layer are called packets.

Question300: Regarding the characteristics of firewalls, which of the following descriptions is correct?

Question301: Regarding the difference between HITP and HTTPS, which of the following descriptions are incorrect? (Multiple Choice)

Question302: Encryption technology can be divided into which of the following types? (Multiple Choice)

Question303: Regarding the description of firewall, which of the following is correct?

Question304: NAPT can map different internal addresses to the same public address to achieve many-to-one address translation.

Question305: HRP (Huawei Redundancy Protocol) protocol is used to synchronize data such as key firewall configurations and connection status to the backup firewall. Which of the following options does not fall within the scope of synchronization?

Question306: Regarding the relationship and function of VRRP/VGMP/HRP, which of the following statements are correct? (Multiple Choice)

Question307: Regarding firewall security policy, which of the following options is incorrect?

Question308: Which of the following descriptions of common hashing algorithms is incorrect?

Question309: Multi-channel protocol refers to a protocol that requires two or more ports during the communication process.

Question310: Antivirus software can detect and kill all viruses

Question311: Which of the following options belong to the certification areas of ISO27001? (Multiple Choice)

Question312: When the firewall enables ASPF and generates the Server-map table, if a data connection matches the Server-map entry, it can be forwarded normally by the firewall, and a session is created after matching the Server-map table to ensure that subsequent packets can Forward according to the conversation table.

Question313: The purpose of information security is to protect the hardware, software and data in the system from accidental or malicious reasons, and to ensure the continuous, reliable and normal operation of the system and information services. No interruption.

Question314: Which of the following descriptions of the VGMP protocol is incorrect?

Question315: As shown in the figure, which of the following is the encapsulation mode of the IPsec VPN shown in the figure?

Question316: To configure the NAT policy in the command line mode, you need to use it in the system view.
Command () to enter the NAT policy configuration view.

Question317: If a user/IP address is considered untrustworthy, the user/IP address can be added to the blacklist, and the device will discard all packets from or sent to these users/IP addresses, thereby achieving the purpose of protecting network security.

Question318: There are various security threats during the use of the server.
Which of the following options is not a server security threat?

Question319: After an engineer configures NAT-Server, in order to check the Server-map generated after the configuration, he needs to use the () command to query the Server-map.

Question320: Asymmetric encryption algorithms can only use the public key to encrypt data and the private key to decrypt data, and the process is irreversible.

Question321: In dual-machine hot backup, the heartbeat interfaces of the two firewalls must be directly connected, not through an intermediate device.

Question322: Which of the following SSL VPN functions can and can only access all TCP resources?

Question323: Under normal circumstances, the email protocols we often talk about include (), POP3, and SMTP.

Question324: Which of the following contents does the IPsec VPN protocol framework include? (Multiple Choice)

Question325: When the USG series firewall hard disk is in place, which of the following logs can be viewed?
(Multiple Choice)

Question326: In which of the following stages does the L2TP protocol allocate IP addresses?

Question327: Which of the following descriptions of IDS is correct? (Multiple Choice)

Question328: The firewall imports users locally and supports importing user information in () format files and database dbm files to the local device.

Question329: After configuring the command nat server test protocol tcp global 202.202.1.1 inside 192.168.1.1, the device will automatically generate Server-map entries.

Question330: In IPsec, ESP is an encapsulating security payload protocol and only provides data encryption functions.

Question331: Which of the following methods does the switch process for forwarding data frames? (Multiple Choice)

Question332: Regarding the description of ARP spoofing attack, which of the following is incorrect?

Question333: Regarding configuring firewall security zones, which of the following options are correct? (Multiple Choice)

Question334: When configuring NAT Server on the USG series firewall, a server-map table will be generated.
Which of the following does not belong to the content of this performance?

Question335: Regarding the description of Windows Firewall, which of the following options are correct? (Multiple Choice)

Question336: Which of the following descriptions about single sign-on is correct?

Question337: Please match the following nouns with the corresponding characteristics.

Question338: After enabling the GRE keepalive function, by default, the device will periodically send keepalive messages to the peer every how many seconds?

Question339: Even if the DHCP message matches the firewall authentication policy, authentication will not be triggered.

Question340: What is the authentication range of the AH protocol in tunnel mode?

Question341: The session information of some special business data flows needs to not be aged for a long time.
The firewall can ensure the normal operation of such services through the configuration () function.

Question342: In digital signature technology, we usually use the sender's () to encrypt the digital fingerprint.

Question343: After the automatic backup function is enabled, both commands and status information will be periodically backed up to the backup device.

Question344: In cryptography applications, which technology uses public key encryption and private key decryption?

Question345: Mutual access between users in the same firewall area does not require permission from the security policy.

Question346: Which of the following is the difference between Network Address Port Translation (NAPT) and Network Address Only Translation (No-PAT)?

Question347: In the digital signature process, which of the following is mainly used to perform the HASH algorithm to verify the integrity of data transmission?

Question348: In tunnel encapsulation mode. When configuring IPsec, there is no need to have a route to the destination private network segment, because the data will be re-encapsulated and the new IP header will be used to look up the routing table.

Question349: Which of the following descriptions about the difference between main mode and aggressive mode in the IPsec VPN negotiation process are correct? (Multiple Choice)

Question350: Because NAT technology can realize one-to-many address translation, with NAT technology, you no longer have to worry about insufficient IPv4 addresses.

Question351: Cooperating with other institutions to provide training services is not the business scope of the National Internet Emergency Center.

Question352: Host firewall is mainly used to protect the host from attacks and intrusions from the network.

Question353: The network environment is becoming increasingly complex, and network security incidents occur frequently. While accelerating the construction of informatization, enterprises must not only resist external attacks, but also prevent internal managers from being involved in data leaks and operation and maintenance accidents due to operational errors and other issues.
Which of the following options might reduce operational risk? (Multiple Choice)

Question354: Which of the following is not an asymmetric encryption algorithm?

Question355: When the intrusion detection system finds traces of an attack on the system. It will wait for the buffering time before activating relevant security mechanisms to respond.

Question356: The backup methods of dual-machine hot standby are divided into automatic backup, (), manual batch backup, and the configuration of the active and standby FW is automatically synchronized after the device is restarted.

Question357: Symmetric encryption, also known as shared key encryption, uses the same key to encrypt and decrypt data.

Question358: There are two ways for a PKI entity to apply for a local certificate from the CA: ()

Question359: Which of the following descriptions of symmetric encryption technology is incorrect?

Question360: Which of the following descriptions of the IKE security mechanism in IPsec are correct? (Multiple Choice)

Question361: Which of the following protocols can provide file transfer services? (Multiple Choice)

Question362: Please classify the following access control types correctly.

Question363: UDP is a connection-oriented, reliable transport layer communication protocol.

Question364: AAA supports remote authentication through the RADIUS protocol or HWTACACS protocol.

Question365: Which of the following options are included for encryption technology to protect data during data transmission? (Multiple Choice)

Question366: Please match the following functions provided by SSL VPN with their corresponding explanations

Question367: Regarding the description of an intrusion prevention system (IPS), which of the following is incorrect?

Question368: If there is no hard disk installed on the firewall, when a network intrusion event is discovered, the event will be recorded in the () log.

Question369: The initial priority of the USG9500VGMP group is related to which of the following factors? (Multiple Choice)

Question370: The attacker sends an ICMP reply request and sets the destination address of the request packet to the broadcast address of the victim network.
What kind of attack does this behavior belong to?

Question371: Which of the following does not include the steps of the security assessment method?

Question372: Data monitoring can be divided into two types: active analysis and passive acquisition.

Question373: When the heartbeat interface is not configured with an IP address, it will be in the invalid state.

Question374: Which of the following options are key elements of information security prevention? (Multiple Choice)

Question375: In the implementation steps of the IS027001 project, which of the following does not belong to the system design and release phase?

Question376: Which of the following levels of protection is generally adopted for extremely important systems in important national fields and departments?

Question377: Which of the following options are methods for a PKI entity to apply for a local certificate from the CA? (Multiple Choice)

Question378: Digital signature technology encrypts which of the following data to obtain a digital signature?

Question379: USG firewall NAT configuration is as follows:

Question380: The scenario for internal enterprise users to access the Internet is as shown in the figure. The user online process includes:

The following correct sequence of processes should:
1. The authentication is passed and the USG allows the connection to be established;
2. The user accesses the Internet and enters http://1.1.1.1;
3. USG pushes the authentication interface;
4. The user successfully accesses http://1.1.1.1, and the device creates a Session table;
5. The user enters the correct username and password
The following correct sequence of processes

Question381: TCP needs to complete the three-way handshake process when establishing a connection, and needs to wave four times when ending the session.

Question382: Regarding the description of security policy actions and security configuration files, which of the following options are correct? (Multiple Choice)

Question383: The visitor sends the username and password identifying his or her identity to the third-party authentication server. After passing the authentication, the third-party authentication server sends the visitor's identity information to the firewall. The firewall only records the visitor's identity information and does not participate in the authentication process. This method is called ()

Question384: As shown in the figure, when using the Client - Initiated VPN method to establish an L2TP VPN, which of the following is the destination of the PPP packet?

Question385: Please match the following protocols with the corresponding TCP/IP protocol layer stacks

Question386: Which of the following contents can be backed up by HRP? (Multiple Choice)

Question387: Which of the following is not a common transmission route for worm viruses?

Question388: Which of the following are the filtering conditions of the signature filter? (Multiple Choice)

Question389: Which of the following is not a symmetric encryption algorithm?

Question390: Which of the following descriptions about digital signatures is incorrect?

Question391: Which of the following is not a system requirement for configuring dual-machine hot standby?

Question392: What we usually call AAA includes authentication, (), and authorization.

Question393: The results seen through display ike sa are as follows. Which of the following statements is incorrect?

Question394: Which of the following descriptions of the AH protocol in IPsec VPN is incorrect?

Question395: Which of the following options correctly describes the sequence of the four phases of the Information Security Management System (ISMS)?

Question396: () can block discovered network intrusions in real time.

Question397: If there are multiple levels of CAs in the PKI system, a CA hierarchy will be formed. The top-level CA is the root CA, which has a CA "self-signed" certificate.

Question398: The core technology of PKI revolves around the entire life cycle of digital certificate application, issuance and use. During this entire life cycle, PKI will use symmetric key encryption, public key encryption, () and Digital signature technology.

Question399: When the FW is deployed at the network egress, if a failure occurs, Internet access services will be affected. In order to improve the reliability of the network, two FWs need to be deployed and formed ()

Question400: Which of the following passwords is a strong password?

Question401: Which of the following descriptions about the difference between the HWTACACS protocol and the RADIUS protocol is incorrect?

Question402: In the process of using digital envelopes, which of the following information will be encrypted?
(Multiple Choice)

Question403: Which of the following descriptions of intrusion prevention signatures are correct? (Multiple Choice)

Question404: If the firewall performs packet-by-packet inspection on all packets, it will cause a large consumption of device resources and a sharp decline in performance. Therefore, the firewall mainly detects the first packet.

Question405: Internet user single sign-on function. Users authenticate directly to the AD server. The device does not interfere with the user authentication process. The AD monitoring service needs to be deployed in the USG device to monitor the authentication information of the AD server.

Question406: When IPsec VPN uses transport mode to encapsulate packets, which of the following is not within the certification scope of the ESP security protocol?

Question407: Which of the following server authentications does Huawei firewall support? (Multiple Choice)

Question408: ASPF (Application specific Packet Filter) is a packet filtering technology based on the application layer and implements a special security mechanism through the server-map table.
Regarding ASPF and server-map tables, which of the following are correct? (Multiple Choice)

Question409: In the Linux system, if the user wants to enter the tmp folder in the root directory, the command that needs to be entered is () /tmp

Question410: Which of the following descriptions of operating systems are correct? (Multiple Choice)

Question411: In which of the following scenarios will a firewall generate a Server-map table? (Multiple Choice)

Question412: Which of the following options are part of the PKI architecture? (Multiple Choice)

Question413: Which of the following traffic will not trigger authentication even if it matches the authentication policy? (Multiple Choice)

Question414: NAPT technology can realize that one public network IP address can be used by multiple private network hosts.

Question415: In Huawei SDSec solution, which of the following is an analysis layer device?

Question416: Which of the following attacks is not a cyber attack?

Question417: UDP port scanning means that the attacker sends a zero-byte length UDP message to a specific port of the target host. If the port is open, an ICMP port reachable data message will be returned.

Question418: Database operation records can be used as () evidence to trace back security incidents.

Question419: Which of the following options belong to the default security zone of Huawei firewall? (Multiple Choice)

Question420: In anti-virus software, () technology can analyze compressed files, embellished files, and packaged files.

Question421: Which of the following methods is required to log in when the device is powered on for the first time?

Question422: As shown in the figure, GRE VPN is established between FW_A and FW_B, and PC_A and PC_B are accessed through GRE VPN. When encapsulating data packets, which of the following should the destination address be encapsulated into?

Question423: Being observant and skeptical can help us better identify security threats in the online world

Question424: Multiple security zones can be configured on Huawei firewalls. By default, high-priority security zones can access low-priority security zones.

Question425: The firewall detects that a virus file is carried in the SMTP protocol. Which of the following is not a response action that the firewall may take?

Question426: In the security assessment method, the purpose of security scanning is to use scanning analysis and assessment tools to scan the target system in order to discover relevant vulnerabilities and prepare for attacks.

Question427: The account permissions of a company employee have expired, but the account can still be used to access the company server.
What are the security risks of the above scenario? (Multiple Choice)

Question428: Which of the following is not a feature of GRE VPN?

Question429: In IPsec VPN transmission mode, which part of the data packet is encrypted?

Question430: In PKI, RA must be bound to the CA to help reduce the pressure on the CA and enhance the security of the CA system.

Question431: Which of the following items belong to information security standards organizations? (Multiple Choice)

Question432: RADIUS uses TCP as the transmission protocol and has high reliability

Question433: When deploying dual-machine hot backup on the firewall, which of the following protocols needs to be used to achieve overall status switching of the VRRP backup group?

Question434: Which of the following descriptions of manual batch backup in firewall hot backup are correct?
(Multiple Choice)

Question435: Which of the following descriptions of routing table characteristics are correct? (Multiple Choice)

Question436: Generally, the port number used by the RADIUS server when providing accounting services is ().

Question437: Which of the following descriptions of the working principles and functions of Huawei firewall intrusion prevention are correct? (Multiple Choice)

Question438: Antivirus software and host firewall have the same function.

Question439: In the future development trend of information security, terminal detection is an important part.
Which of the following methods fall under the category of terminal detection? (Multiple Choice)

Question440: ()'s goal is to provide a quick, composed, and effective response during an emergency, thereby enhancing an enterprise's ability to immediately recover from a disruptive event.

Question441: When A and B communicate with each other for data communication, if an asymmetric encryption algorithm is used for encryption, when A sends data to B, which of the following keys will be used to encrypt the data?

Question442: Use the Ping command on the firewall to test the reachability to the server (the security zone where the server is located is DMZ). If the security policy is configured to allow test traffic, the source security zone is ().

Question443: When using the () function of SSL VPN, the virtual gateway will assign an intranet IP address to the access user, which is used for the access user to access the IP resources of the intranet.

Question444: In the process of establishing IPsec VPN between peers FWA and FW B, they need to go through two stages to establish two types of security associations. In the first stage, establish () and verify the identity of the peers.

Question445: () Divide security management into four parts: planning, implementation, inspection, and improvement. It can continuously improve information security protection measures and is the most important part of enterprise security construction.

Question446: The data format transmitted between data link layers in the OSI model is called a frame.

Question447: Which of the following protocols are network layer protocols? (Multiple Choice)

Question448: HTTPS adds a TLS layer to HTTP to provide authentication, encryption and integrity verification for data transmission.

Question449: Which of the following categories are included in Huawei firewall user management? (Multiple Choice)

Question450: Which of the following descriptions about the characteristics of GRE over IPsec is incorrect?

Question451: According to the HiSec solution, please drag the device on the left into the logical architecture layer to which it belongs on the right.

Question452: SSH is a relatively secure remote login method. It provides two authentication methods, Password and RSA, for remote users.

Question453: Which of the following descriptions about digital certificates is incorrect?

Question454: The server can set or read the information contained in the cookie to maintain the state of the session between the user and the server.

Question455: DH algorithm is an asymmetric encryption and decryption algorithm and is generally used by both parties to negotiate a symmetric encryption key.

Question456: Which of the following stages has the development of information security gone through? (Multiple Choice)

Question457: The process of firewall session authentication is as shown in the figure. Please sort the following access processes.

Question458: In the cyber attack chain (Cyber Kil Chain), which of the following options belong to the steps in the implementation of the attack? (Multiple Choice)

Question459: Intrusion prevention equipment can effectively defend against which of the following attacks?

Question460: Free ARP can be used to detect () address conflicts, and can also refresh the switch MAC address table.

Question461: A certain basic ACL rule is configured as follows, rule permit source 1.1.1.0 0.0.0.255. Which of the following descriptions is correct?

Question462: Which of the following options are application risks? (Multiple Choice)

Question463: Which of the following is an advantage of public key encryption?

Question464: After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all information that can be backed up can be configured directly on the standby device, and the configuration on the standby device can be synchronized to the active device.

Question465: Which of the following statements about ARP functions is wrong?

Question466: Which of the following is the correct sequence for incident response management?
1. Detection _
2. Report _
3. Alleviation _
4. Summarize experience
5. Repair _
6. Recovery _
7. Response _