H12-722_V3.0 Sample Questions Answers

True

False

True

False

1812

1813

50200

50300

True

False

Infrastructure security

Tenant security

How to do a good job in management, operation and maintenance

Hardware maintenance

The basic mode can effectively block the access from the Feng Explor client.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

③④①②

③④②①

④①②③

④②①③

Generate logs and discard

Generate logs and forward them

Delete the content of the email attachment

Add announcement and generate log

Virtual patch

Mail detection

SSL traffic detection

Application identification and control

Virus

Worms

Spam

DoS

True

False

The weight value is 8, you can visit the web page

The weight value is 10, and the page cannot be accessed

The weight value is 8, the page cannot be accessed

The weight value is 10, you can ask the web page before

1-3-4-2

1-4-2-3

1-4-3-2

3-1-4-2:

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

POP3

IMAP

FTP

TFTP

File extension mismatch means that the file type is inconsistent with the file extension.

Unrecognized file type means that the file type cannot be recognized and there is no file extension.

File damage means that the file type cannot be identified because the file is damaged.

Unrecognized file type means that the file type cannot be recognized, and the file extension cannot be recognized.

The black and white list is matched by extracting the destination IP address of the SMTP connection

The black and white list is matched by the sender's dns suffix

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

Software and Patch

sharing information and system account information

System Log

processes, services and startup

Patching the system can completely solve the virus intrusion problem

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

All computer viruses must be parasitic in files and cannot exist independently

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

③④

①③④

⑤⑥

②④

Fraggle and Smurt

Land and Smurf

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

Teardrop and Land35

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

True

False

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

True

155955cc-666171a2-20fac832-0c042c0421

False

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

lAE's content security detection functions include application identification and perception, intrusion prevention, and Web application security.

Full English name: intelligent Awareness Engine.

The core of C.IAE is to organically centralize all content security-related detection functions.

The security detection of the IAE engine is parallel, using a message-based file processing mechanism, which can receive file fragments and perform security checks.

Teardrop attack

Ping of Death attack

IP Spoofng attack

Land attack

The security policy does not reference the anti-virus configuration file.

The anti-virus configuration file is configured incorrectly.

The virus signature database version is older.

No virus exceptions are configured.

The file filtering module will compare the application type, file type, and transmission direction of the file identified by the previous module with the file filtering rules configured by the administrator.

Then the lookup table performs matching from top to bottom.

If all the parameters of Wenzhu can match all file filtering rules, then the module will execute the action of this file filtering rule.

There are two types of actions: warning and blocking.

If the file type is a compressed file, then after the file filtering check, the female file will be sent to the file decompression module for decompression and decompression.

Press out the original file. If the decompression fails, the file will not be re-filed.

True

False

2-3-4-1

1-2-4-3

1-4-2-3

2-1-4-3

Local reputation MD5 cache only has static cache, which needs to be updated regularly

File reputation database can only be upgraded by manual upgrade

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

File reputation database update and upgrade can only be achieved through linkage with sandbox

First package detection technology

Heuristic detection technology

Decryption technology

File reputation detection technology 5

Direction is not enabled

The direction is turned on, but no specific direction is selected

The severity level of the configuration is too high

The protocol selection technique is correct

True

False

True

False

True

False

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

SACG and IP address 2.1.1.1 server linkage is not successful

SACG linkage success with controller.

master controller IP address is 1.1.1.2.

master controller IP address is 2.1.1.1.

Configuration plane

Business plane

Log plane

Data forwarding plane

Primary IP: 10.1.3.6 on behalf of SM Manager IP address.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another interface IP address of the firewall.

Primary IP: 10.1.3.6 on behalf of Policy Center linkage firewall interface IP address, the standby IP can enter another alternate firewall interface IP address.

Main IP is the Policy Center reaches the next-hop firewall device interface address

The system starts traffic statistics.

System related configuration application, fingerprint learning.

The system starts attack prevention.

The system performs preventive actions.

Disclosure of personal information

Threats to the internal network

Leaking corporate information

Increasing the cost of enterprise network operation and maintenance

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

True

False

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

Data preprocessing

Threat determination

Distributed storage

Distributed index

2

3

4

5