EMT Practice Test

1. Question Content...


Question List

Question1: The access control server is the implementer of the corporate security policy, responsible for implementing the corresponding access control in accordance with the security policy formulated by the customer's network(Allow, deny, leave or restrict).

Question2: According to the user's access5W1H Conditions determine access rights andQoS Strategy for5W1Ho[Which of the following descriptions are correct? (Multiple choice)

Question3: The service free mobility function of the Agile Controller can guide the flow to the security center for processing according to the service, improving the utilization of physical equipment.

Question4: Tianyu Nei answered the role of safety filtering technology, which of the following is still correct? (multiple choice)

Question5: Regarding patch management and Windows patch checking strategies, which of the following descriptions is wrong?

Question6: Use BGP protocol to achieve diversion, the configuration command is as follows
[sysname] route-policy 1 permit node 1
[sysname-route-policy] apply community no-advertise
[sysname-route-policy] quit
[sysname]bgp100
155955cc-666171a2-20fac832-0c042c04
29
[sysname-bgp] peer
[sysname-bgp] import-route unr
[sysname- bgpl ipv4-family unicast
[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export
[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community
[sysname-bgp-af-ipv4] quit
[sysname-bgp]quit
Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

Question7: Regarding the identity authentication method and authentication type, which of the following descriptions is correct?

Question8: For the URL is htpt://www.abcd. com:8080/news/education. aspx?name=tom&age=20, which option is path?

Question9: Regarding intrusion detection I defense equipment, which of the following statements are correct? (multiple choice)

Question10: Regarding the processing flow of file filtering, which of the following statements is wrong?

Question11: Visitor management can authorize visitors based on their account number, time, location, terminal type, access method, etc., and can also push personalized pages to visitors based on time, location, and terminal type.

Question12: Regarding the file filtering technology in the USG6000 product, which of the following options is wrong?

Question13: In the visitor reception hall of a company, there are many temporary terminal users, and the administrator hopes that users do not need to provide any account numbers and passwords. access Internet. Which of the following authentication methods can be used for access?

Question14: The administrator of a certain enterprise wants employees of Yangzhi to visit the shopping website during working hours. So a URL filtering configuration file is configured to divide the predefined The shopping website in the category is selected as blocked. But employee A can still use the company's network to shop online during lunch break. Then what are the following possible reasons some?

Question15: Regarding traditional firewalls, which of the following statements are correct? (multiple choice)

Question16: In order to increase AP The security can be AC Going online AP Perform authentication. Currently Huawei AC What are the supported authentication methods? (Multiple choice)

Question17: The whitelist rule of the firewall anti-virus module is configured as ("*example*, which of the following matching methods is used in this configuration?

Question18: The most common form of child-like attack is to send a large number of seemingly legitimate packets to the target host through Flood, which ultimately leads to network bandwidth.
Or the equipment resources are exhausted. Which of the following options is not included in traffic attack packets?

Question19: Huawei NIP6000 products have zero-setting network parameters and plug-and-play functions, because the interfaces and interface pairs only work on layer 2 without Set the IP address.

Question20: Which of the following technologies can achieve content security? (multiple choice)

Question21: According to the different user name format and content used by the access device to verify user identity, the user name format used for MAC authentication can be changed.
There are three types. Which of the following formats is not included?

Question22: If the regular expression is "abc. de", which of the following will not match the regular expression?

Question23: The core technology of content security lies in anomaly detection, and the concept of defense lies in continuous monitoring and analysis.

Question24: Regarding the application scenarios of Agile Controller-Campus centralized deployment and distributed deployment, which of the following options are correct? (Multiple select)

Question25: Regarding the network intrusion detection system (NIDS), which of the following statements is wrong?

Question26: When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Question27: If you deploy Free Mobility, in the logic architecture of Free Mobility, which of the following options should be concerned by the administrator?

Question28: Viruses can damage computer systems. v Change and damage business data: spyware collects, uses, and disperses sensitive information of corporate employees.
These malicious pastoral software seriously disturb the normal business of the enterprise. Desktop anti-disease software can solve the problem of central virus and indirect software from the overall situation.

Question29: Agile Controller-Campus All components are supported Windows System and Linux system.

Question30: Which of the following options is wrong for the description of the cleaning center?

Question31: Install Agile Controller-Campus Which of the following steps do not need to be completed before?

Question32: After enabling the IP policy, some services are found to be unavailable. Which of the following may be caused by? (multiple choice)

Question33: SACG Inquire right-manager The information is as follows, which options are correct? (Multiple choice)

Question34: Which of the following options does not belong to the basic DDoS attack prevention configuration process?

Question35: Regarding the description of the ACL used in the linkage between SACG equipment and the TSM system, which of the following statements is correct!?

Question36: An account can only belong to one user group, that is, a user can only belong to one department.

Question37: USG6000V software logic architecture is divided into three planes: management plane, control plane and

Question38: Which of the following options are relevant to MAC Certification and MAC The description of bypass authentication is correct? (Multiple choice)

Question39: Which of the following cybersecurity threats exist only in WLAN In the network?

Question40: Which of the following options is right PKI The sequence description of the work process is correct?
1. PKI Entity direction CA ask CA Certificate. .
2. PKI Entity received CA After the certificate, install CA Certificate.
3. CA receive PKI Entity CA When requesting a certificate, add your own CA Certificate reply to PKI entity.
4. PKI Entity direction CA Send a certificate registration request message.
5. PKI When the entities communicate with each other, they need to obtain and install the local certificate of the opposite entity.
6. PKI Entity received CA The certificate information sent.
7. PKI After the entity installs the local certificate of the opposite entity,Verify the validity of the local certificate of the peer entity. When the certificate is valid,PC The public key of the certificate is used for encrypted communication between entities.
8. CA receive PKI The entity's certificate registration request message.

Question41: Typical application scenarios of terminal security include: Desktop management, illegal outreach and computer peripheral management.

Question42: Deploying on Windows platform, using SQL Server database About the HA function of Agile Cotoller-Campus, which of the following descriptions Is it correct? (multiple choice)

Question43: Regarding the 3 abnormal situations of the file type recognition result, which of the following option descriptions is wrong?

Question44: Which of the following options belong to the upgrade method of the anti-virus signature database of Huawei USG6000 products? (multiple choice)

Question45: For compressed files, the virus detection system can directly detect them.

Question46: Windows in environment,Agile Controller-Campus After the installation is successful, how to manually start the management center(MC)? (Multiple choice)

Question47: Secure email is Any ffice Solution for corporate office 0A The killer application provided, it provides powerful email business capabilities and rich email strategies. For secure mail, which of the following descriptions are correct? (Multiple choice)

Question48: With regard to APT attacks, the attacker often lurks for a long time and launches a formal attack on the enterprise at the key point of the incident.
Generally, APT attacks can be summarized into four stages:
1. Collecting Information & Intrusion
2. Long-term lurking & mining
3. Data breach
4. Remote control and penetration
Regarding the order of these four stages, which of the following options is correct?

Question49: Which of the following options belong to a third-party server account? (Multiple choice)

Question50: Traditional network single--The strategy is difficult to cope with the current complex situations such as diversified users, diversified locations, diversified terminals, diversified applications, and insecure experience.

Question51: Which of the following elements does PDCA include? (Choose 3 answers)

Question52: Which of the following features does Huawei NIP intrusion prevention equipment support? (multiple choice)

Question53: Which of the following is the correct configuration idea for the anti-virus strategy?
1. Load the feature library
2. Configure security policy and reference AV Profile
3. Apply and activate the license
4. Configure AV Profile
5. Submit

Question54: The following figure is a schematic diagram of the detection file of the firewall and the sandbox system linkage.

The Web reputation function is enabled on the firewall, and website A is set as a trusted website and website B is set as a suspicious website.
Which of the following statements is correct

Question55: Analysis is the core function of intrusion detection. The analysis and processing process of intrusion detection can be divided into three phases; build an analyzer to perform analysis on actual field data.
Which of the analysis, feedback and refinement is the function included in the first two stages?

Question56: In a WLAN network, when the AP is in monitoring mode, what kind of packets does the AP use to determine the device type?

Question57: Jailbroken mobile terminal\Mobile terminals with non-compliant applications installed or terminals with non-compliant lock screen passwords connecting to the corporate network for office operations are not safe for companies. Any 0fice How to solve the problem of mobile office system?

Question58: A policy template is a collection of several policies. In order to audit the security status of different terminal hosts and the behavior of end users, the administrator needs to customize.
The same policy template is used to protect and manage terminal hosts. Regarding the policy template, which of the following option descriptions are correct? (multiple choice)

Question59: For the scenario where the authentication server adopts distributed deployment, which of the following descriptions are correct? (multiple choice)

Question60: In the campus network, employees can use 802.1X, Portal,MAC Address or SACG Way to access. Use different access methods according to different needs to achieve the purpose of user access control.

Question61: Regarding WLAN, which of the following descriptions is correct?

Question62: Regarding Huawei's anti-virus technology, which of the following statements is wrong?

Question63: Regarding the strong statement of DNS Request Flood attack, which of the following options is correct?

Question64: When the device recognizes a keyword during content filtering detection, which response actions can the device perform? (multiple choice)

Question65: Under the CLI command, which of the following commands can be used to view the AV engine and virus database version?

Question66: If the self-determined meter function is enabled on the Agile Controller-Campus and the account PMAC address is bound, Within a period of time, the number of incorrect cipher input by the end user during authentication exceeds the limit. Which of the following descriptions is correct? (multiple choice)

Question67: Agile Controller-Campus The product architecture includes three levels. Which of the following options does not belong to the product architecture level?

Question68: Regarding MAC authentication and MAC bypass authentication, which of the following descriptions are correct? (multiple choice)

Question69: MAC Certification refers to 802.1x In the protocol authentication environment, the terminal does not respond to the connection control device after accessing the network 802.1x When protocol authentication is requested, the access control does not automatically obtain the terminal's MAC The address is sent as a credential to access the network RADIUS The server performs verification.

Question70: Use on the terminal Portal The authentication is connected to the network, but you cannot jump to the authentication page. The possible reason does not include which of the following options?

Question71: In some scenarios, an anonymous account can be used for authentication. What are the correct descriptions of the following options for the anonymous account?? (Multiple choice)

Question72: In the scenario of SACG linkage in bypass mode, only the traffic initiated by the terminal user will pass through the firewall, and the server will return to the terminal in use.
The traffic does not need to go through the firewall y. For the firewall, it belongs to the scenario of inconsistent traffic back and forth paths, this needs to turn off the session state check function.

Question73: A network adopts 802. 1X To authenticate access users, the access control equipment is deployed at the convergence layer, and after the deployment is completed, it is used on the access control equipment t-aa The command test is successful, but the user cannot access the network. The failure may be caused by the following reasons? (Multiple choice)

Question74: Which of the following options is not a challenge brought by mobile office?

Question75: When performing terminal access control, the authentication technology that can be used does not include which of the following options?

Question76: Intrusion detection is a network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following What is the content of the intrusion detection knowledge base?

Question77: Which of the following options are right 802. 1X The description of the access process is correct? (Multiple choice).

Question78: In the Agile Controller-Campus admission control scenario, regarding the role description of the RADIUS server I client, which of the following is positive True?

Question79: When configuring the URL filtering configuration file, www.bt.com is configured in the URL blacklist-item:
At the same time, set it in the custom URL category.
A URL is set as bt.com, and the action of customizing URL classification is a warning. Regarding the above configuration, which of the following statements are correct? (More select)

Question80: Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

Question81: Wired 802.1X During authentication, if the access control equipment is deployed at the Jiangju layer, this deployment method has the characteristics of high security performance, multiple management equipment, and complex management.

Question82: Deployed by an enterprise network managerAgile Controller-Campus withSACG Later;Identity authentication is successful but cannot access the post-authentication domain, This phenomenon may be caused by any reason? (Multiple choice)

Question83: In the deployment of Huawei NIP6000 products, only port mirroring can be used for streaming replication.

Question84: Content filtering is a security mechanism for filtering the content of files or applications through Huawei USCG00 products. Focus on the flow through deep recognition Contains content, the device can block or alert traffic containing specific keywords.

Question85: Which of the following is not an abnormal situation of the file type recognition result?

Question86: For the description of the principles of HTTP Flood and HTTPS Flood blow defense, which of the following options are correct? (multiple choice)

Question87: An enterprise administrator configures a Web reputation website in the form of a domain name, and configures the domain name as www. abc; example. com. .
Which of the following is the entry that the firewall will match when looking up the website URL?

Question88: What content can be filtered by the content filtering technology of Huawei USG6000 products?

Question89: Which of the following options is not a defense against HTTP Flood attacks?

Question90: When using the two-way SSL function to decrypt HTTPS packets, the value of the reverse proxy level represents the number of times the packet can be decrypted.

Question91: Which of the following options is not a feature of big data technology?

Question92: According to different reliability requirements, centralized networking can provide different reliability networking solutions. Regarding these solutions, which of the following descriptions are correct? (Multiple choice)

Question93: Information security is the protection of information and information systems to prevent unauthorized access, use, leakage, interruption, modification, damage, and to improve For confidentiality, integrity and availability. ,

Question94: If a company wants to detect image files, Shellcode code files and PDF files, which of the following types of sandboxes can be used? (More
155955cc-666171a2-20fac832-0c042c0420
select)

Question95: Portal At the time of certification, pass Web After the browser enters the account password for authentication, it prompts"Authenticating.."The status lasts for a long time before it shows that the authentication is successful. Which of the following reasons may cause this phenomenon?

Question96: Regarding the sequence of the mail transmission process, which of the following is correct?
1. The sender PC sends the mail to the designated SMTP Server.
2. The sender SMTP Server encapsulates the mail information in an SMTP message and sends it to the receiver SMTP Server according to the destination address of the mail
3. The sender SMTP Server encapsulates the mail information in an SMTP message according to the destination address of the mail and sends it to the receiver POP3/MAP Senver
4. The recipient sends an email.

Question97: After the user is successfully authenticated, Agile Controller-Campus Which of the following actions can be performed on the user(Multiple choice)

Question98: In the WLAN wireless access scenario, which of the following network security technologies belong to user access security? (Multiple choice)

Question99: When configuring the antivirus software policy, if you set"The required antivirus software violation level is not installed or running"for"generally"And check"out Now serious violation of the rules prohibits access to the network"Options. When the user uses Any office Certify, The certification is passed, but the result of the security check Can the user access the network when the virus software is not turned on?

Question100: In the construction of information security, the intrusion detection system plays the role of a monitor. It monitors the flow of key nodes in the information system.
In-depth analysis to discover security incidents that are occurring. Which of the following are its characteristics?. c0O

Question101: The user accesses the network through the network access device, and the third-party RADIUS server authenticates and authorizes the user. Regarding the certification process, which of the following options is wrong?

Question102: When managing guest accounts, you need to create a guest account policy and set the account creation method. For the account creation method, which of the following descriptions is wrong?

Question103: Security zone division means to better protect the internal network security,Based on the business type and security requirements of the intranet, divide the intranet into several granularities.
Logical area. Which of the following options does not belong Agile Controller-Campus Security domain?

Question104: Visitors refer to users who need temporary access to the network at a specific location.

Question105: The terminal host access control function does not take effect, the following is SACG View information on:<FW> display right- manager role-id rule Advanced ACL 3099 ,25 rules,not bingding with vpn-instance Ad's step is 1 rule 1000 permit ip (1280 times matched) rule 1001 permit ip destination 172.18.11.2210 (581 times matched) rule 1002 permit ip destination 172:18.11.2230 (77 times matched) rule 1003 permit ip destination 172.19.0.0 0.0 255.255 (355 Book times matched) rule 1004 deny ip (507759 times matched) Which of the following statements is correct?

Question106: Which of the following methods can be used to protect enterprise terminal security?

Question107: When you suspect that the company's network has been attacked by hackers, you have carried out a technical investigation. Which of the following options does not belong to the behavior that occurred in the early stage of the attack?

Question108: Which of the following options belong to the keyword matching mode? (multiple choice)

Question109: In the park, users frequently enter and leave the wireless signal coverage area due to office needs. If you need to ensure the user's Internet experience, after the user passes an authentication, when he accesses the network again, no important authentication is required:Which of the following authentication methods is recommended?

Question110: There is a three-layer forwarding device between the authentication client and the admission control device:If at this time Portal The certified three-layer authentication device can also obtain the authentication client's MAC address,So you can use IP Address and MC The address serves as the information to identify the user.

Question111: The relationship between user groups and accounts in user management is stored in a tree on the Agile Controller-Campus. An account belongs to only one user group.
Consistent with the corporate organizational structure: If the OU (OnizbonUnit) structure stored in the AD/LDAP server is consistent with the corporate organizational structure, users are stored Under 0OU, when the Agile Controller-Campus synchronizes AD/LDAP server accounts, which synchronization method can be used?

Question112: When configuring the terminal visits, we put some equipment configured exception equipment ,which of the following statements are true about the exception equipment?

Question113: On WIDS functional WLAN Regarding the judgment of illegal devices in the network, which of the following statements are correct? (Multiple choice)

Question114: There are two types of accounts on the Agile Controller-Campus: one is a local account and the other is an external account.
Which of the following is not a local account?

Question115: Fage attack means that the original address and target address of TOP are both set to the IP address of a certain victim. This behavior will cause the victim to report to it.
SYN-ACK message is sent from the address, and this address sends back an ACK message and creates an empty connection, which causes the system resource board to occupy or target The host crashed.

Question116: The anti-virus feature configured on the Huawei USG6000 product does not take effect. Which of the following are the possible reasons? (multiple choice)

Question117: How to check whether the MC service has started 20?

Question118: Which of the following options are relevant to Any Office The description of the solution content is correct?
(Multiple choice)

Question119: Which of the following options cannot be triggered MAC Certification?

Question120: SQI Server2005 may not be properly installed, which of the following may be the possible reasons?

Question121: VIP Experience guarantee, from which two aspects are the main guarantees VIP User experience? (Multiple choice)

Question122: Portal page push rules have priority, and the rules with higher priority are matched with the user's authentication information first. If none of the configured rules match, The default rules are used.

Question123: Which of the following descriptions about the black and white lists in spam filtering is wrong? c

Question124: URL filtering technology can perform URL access control on users according to different time objects and address objects to achieve precise management of users.
The purpose of the Internet behavior.

Question125: Which of the following options are correct for the configuration description of the management center ATIC?
(multiple choice)

Question126: Web Standards that come with the client and operating system 8021 The instrument client only has the function of identity authentication: It does not support the execution of inspection strategies and monitoring strategies. Any Office The client supports all inspection strategies and monitoring strategies.

Question127: SACG query right-manager information as follows, which options are correct? (Select 2 answers)

Question128: Traditional access control policy passed ACL or VLAN Can not be achieved with IP Address decoupling, in IP The maintenance workload is heavy when the address changes. And because the agile network introduces the concept of security group, it can achieve the same IP Address decoupling.

Question129: In the Agile Controller-Campus solution, which device is usually used as the hardware SACG?

Question130: Guest management is Agile Controller-Campus Important function of, regarding visitor management, which of the following statements are correct? (Multiple choice)

Question131: Regarding intrusion prevention, which of the following option descriptions is wrong

Question132: Which of the following options does not belong to the security risk of the application layer of the TCP/IP protocol stack?

Question133: In the big data intelligent security analysis platform, it is necessary to collect data from data sources, and then complete a series of actions such as data processing, detection and analysis, etc.
do. Which of the following options does not belong to the action that needs to be completed in the data processing part?
155955cc-666171a2-20fac832-0c042c0422

Question134: The administrator has made the following configuration:
1. The signature set Protect_ all includes the signature ID3000, and the overall action of the signature set is to block.
2. The action of overwriting signature ID3000 is an alarm.

Question135: The configuration command to enable the attack prevention function is as follows;
[FW] anti-ddos syn-flood source-detect
[FW] anti-ddos udp-flood dynamic-fingerprint-learn
[FW] anti-ddos udp-frag-flood dynamic fingerprint-learn
[FW] anti-ddos http-flood defend alert-rate 2000
[Fw] anti-ddos htp-flood source-detect mode basic
Which of the following options is correct for the description of the attack prevention configuration? (multiple choice)