EMT Practice Test

1. Question Content...


Question List

Question1: Under the CLI command, which of the following commands can be used to view the AV engine and virus database version?

Question2: Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

Question3: The configuration command to enable the attack prevention function is as follows; n
[FW] anti-ddos syn-flood source-detect
[FW] anti-ddos udp-flood dynamic-fingerprint-learn
[FW] anti-ddos udp-frag-flood dynamic fingerprint-learn
[FW] anti-ddos http-flood defend alert-rate 2000
[Fwj anti-ddos htp-flood source-detect mode basic
Which of the following options is correct for the description of the attack prevention configuration? (multiple choice)

Question4: Which of the following iterations is correct for the description of the management center?

Question5: The core technology of content security lies in anomaly detection, and the concept of defense lies in continuous monitoring and analysis.

Question6: Regarding the description of file reputation technology in anti-virus engines, which of the following options is correct?

Question7: URL filtering technology can perform URL access control on users according to different time objects and address objects to achieve precise management of users.
The purpose of the Internet behavior.

Question8: After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

Question9: In order to protect the security of data transmission, more and more websites or companies choose to use SSL to encrypt transmissions in the stream. About using Huawei NIP6000 The product performs threat detection on (SSL stream boy, which of the following statements is correct?

Question10: Which of the following options is correct for the description of the Anti DDoS system configuration?

Question11: When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Question12: Place refers to the terminal environment when end-user use strategy management center access to controlled network office, which options are correct about place? (Choose 2 answers)

Question13: What content can be filtered by the content filtering technology of Huawei USG6000 products? (multiple choice)

Question14: Which of the following options is not a feature of Trojan horses?

Question15: In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed In the high-performance engine. Which of the following is not the content security detection function supported by this product?

Question16: Intrusion detection is a network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following What is the content of the intrusion detection knowledge base?

Question17: Which of the following options is not a special message attack?

Question18: The anti-virus feature configured on the Huawei USG6000 product does not take effect. Which of the following are the possible reasons? (multiple choice)

Question19: Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?
1. The Netflow analysis device samples the current network flow;
2. Send a drainage command to the cleaning center;
3. Discover the DDoS attack stream;
4.Netior: analysis equipment sends alarms to ATIC management center
5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;
6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage
7. The cleaning log is sent to the management center to generate a report;
8. The cleaned traffic is sent to the original destination server.

Question20: For the description of URPF technology, which of the following options are correct? (multiple choice)

Question21: Configure the following commands on the Huawei firewall:
[USG] interface G0/0/1
[USG] ip urpf loose allow-defult-route acl 3000
Which of the following options are correct? (multiple choice)

Question22: Analysis is the core function of intrusion detection. The analysis and processing process of intrusion detection can be divided into three phases; build an analyzer to perform analysis on actual field data.
Which of the analysis, feedback and refinement is the function included in the first two stages?

Question23: When configuring the URL filtering configuration file, www.bt.com is configured in the URL blacklist-item:
At the same time, set it in the custom URL category.
A URL is set as bt.com, and the action of customizing URL classification is a warning. Regarding the above configuration, which of the following statements are correct? (More select)

Question24: Regarding the description of intrusion detection technology, which of the following statements is correct?

Question25: Regarding firewall and IDS, which of the following statements is correct?

Question26: When using the two-way SSL function to decrypt HTTPS packets, the value of the reverse proxy level represents the number of times the packet can be decrypted.

Question27: The processing flow of IPS has the following steps;
1. Reorganize application data
2. Match the signature
3. Message processing
4. Protocol identification
Which of the following is the correct order of the processing flow?

Question28: In the penetration stage of an APT attack, which of the following attack behaviors will the attacker generally have?

Question29: Anti DDoS seven-layer defense can work from the dimensions of interface-based defense, global defense and defense object-based defense.

Question30: Which of the following technologies can achieve content security? (multiple choice)

Question31: Regarding the description of keywords, which of the following is correct? (multiple choice)

Question32: Huawei WAF products are mainly composed of front-end execution, back-end central systems and databases.
Among them, the database mainly stores the front-end detection rules and black Whitelist and other configuration files.

Question33: An enterprise administrator configures the Web reputation system as shown in the figure. Regarding the configuration, which of the following statements is correct?

Question34: Due to differences in network environment and system security strategies, intrusion detection systems are also different in specific implementation. From the perspective of system composition, the main Which four major components are included?

Question35: Which of the following options will not pose a security threat to the network?

Question36: Regarding the network intrusion detection system (NIDS), which of the following statements is wrong?

Question37: In the Policy Center strategy configuration, how many violations rating of definition are there?

Question38: Regarding the processing flow of file filtering, which of the following statements is wrong?

Question39: Which three aspects should be considered in the design of cloud platform security solutions? (multiple choice)

Question40: Single-packet attacks are divided into scanning and snooping attacks, malformed packet attacks, and special packet attacks. Ping of death is a special packet attack.

Question41: For special message attacks, which of the following option descriptions is correct?

Question42: Which of the following options are the possible reasons why a certain signature is not included after the IPS policy configuration is completed? (multiple choice)

Question43: In the deployment of Huawei NIP6000 products, only port mirroring can be used for streaming replication.

Question44: What are the typical technologies of anti-virus engines (multiple choice)

Question45: If the regular expression is "abc. de", which of the following will not match the regular expression?

Question46: What equipment do Policy Center supported servers include? (Choose 3 answers)

Question47: With regard to APT attacks, the attacker often lurks for a long time and launches a formal attack on the enterprise at the key point of the incident.
Generally, APT attacks can be summarized into four stages:
1. Collecting Information & Intrusion
2. Long-term lurking & mining
3. Data breach
4. Remote control and penetration
Regarding the order of these four stages, which of the following options is correct?

Question48: Regarding HTTP behavior, which of the following statements is wrong?

Question49: For the basic mode of HTTP Flood source authentication, which of the following options are correct?
(multiple choice)

Question50: The results of the RBL black and white list query on the firewall are as follows:

Based on the above information only, which of the following statements is correct? (multiple choice)

Question51: Malicious code usually uses RootKit technology in order to hide itself. RootKit modifies the kernel of the system by loading a special driver.
To hide itself and the role of designated files.

Question52: Which of the following protocols can be used to construct attack messages for special control message attacks? (multiple choice)

Question53: Use BGP protocol to achieve diversion, the configuration command is as follows
[sysname] route-policy 1 permit node 1
[sysname-route-policy] apply community no-advertise
[sysname-route-policy] quit
[sysname]bgp10029
[sysname-bgp] peer
[sysname-bgp] import-route unr
[sysname- bgpl ipv4-family unicast
[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export
[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community
[sysname-bgp-af-ipv4] quit
[sysname-bgp]quit
Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

Question54: The following figure is a schematic diagram of the detection file of the firewall and the sandbox system linkage.

The Web reputation function is enabled on the firewall, and website A is set as a trusted website and website B is set as a suspicious website.
Which of the following statements is correct

Question55: IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.
Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

Question56: Which of the following signature attributes cannot be configured for IP custom signature?

Question57: In the anti-virus policy configuration of Huawei USG6000 product, what are the response methods of HTTP protocol? (multiple choice)

Question58: Cloud sandbox refers to deploying the sandbox in the cloud and providing remote detection services for tenants. The process includes:
1. Report suspicious files
2. Retrospective attack
3. Firewall linkage defense
4. Prosecution in the cloud sandbox
For the ordering of the process, which of the following options is correct?

Question59: Fage attack means that the original address and target address of TOP are both set to the IP address of a certain victim. This behavior will cause the victim to report to it.
SYN-ACK message is sent from the address, and this address sends back an ACK message and creates an empty connection, which causes the system resource board to occupy or target The host crashed.

Question60: Which of the following statement is correct about Policy Center system client function?

Question61: For the description of the Anti DDOS system, which of the following options is correct? C

Question62: Which of the following descriptions about viruses and Trojans are correct? (multiple choices)

Question63: The user needs of a university are as follows:
1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.
2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.
3. At the same time, some pornographic websites in the student area are prohibited.
The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

Question64: The network-based intrusion detection system is mainly used to monitor the information of the critical path of the network in real time, listen to all packets on the network, collect data, and divide Analyze the suspicious object, which of the following options are its main features? (multiple choices)

Question65: What content can be filtered by the content filtering technology of Huawei USG6000 products?

Question66: Regarding the enhanced mode in HTTP Flood source authentication, which of the following descriptions are correct? Multiple choices