H12-724 Sample Questions Answers

File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.

When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type

Detection.

When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.

When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

The management center is divided into two parts: management server and teaching data collector.

Dual machine hot backup

Power supply. 1+1 redundant backup

Hardware Bypass

Link-group

True

False

SACG and IP Address is 2.1.1.1 The server linkage is unsuccessful.

SACG The linkage with the controller is successful.

main controller IP address is 1.1.1.2.

main controller IP address is 2.1.1.1.

Website phishing deception

Website Trojan

SQL injection

Cross-site scripting attacks 2335

display version av-sdb

display utm av version

display av utm version

display utm version

8021X Certification

SACG Certification p2-

Bypass authentication

Portal Certification

The drainage task needs to be configured on the management center, and when an attack is discovered, it will be issued to the cleaning center.

It is necessary to configure the protection object on the management center to guide the abnormal access flow in etpa

Port mirroring needs to be configured on the management center to monitor abnormal traffic.

155955cc-666171a2-20fac832-0c042c0411

The reinjection strategy needs to be configured on the management center to guide the flow after cleaning. Q:

NIP0OO does not support SSL Threat Detection.

The traffic after threat detection is sent directly to the server without encryption

NIP can directly crack and detect SSL encryption.

After the process of "decryption", "threat detection", and "encryption"

The enterprise network is relatively scattered, there are multiple branches, and the branch users are larger in scale.

A scenario where there are less than 2,000 branch users, and the headquarters and branch networks are relatively stable.

The terminal security management business between the branch and the headquarters is relatively independent, and the headquarters provides supervision and control over the branch terminal security management business.

It is difficult to guarantee the quality of the network between the branch and the headquarters, and the network between the headquarters and the branch may be interrupted, making the terminal of the

branch no longer available.

Computer is infected by U disk virus

Abnormal power interruption in the computer room

Tampering with Web pages

Copy/view sensitive data

1-3-4-2

1-4-2-3

1-4-3-2

3-1-4-2:

True

False

Double click on the desktop"Start Server"The shortcut starts.

choose"Start>all programs> Huawei> MCServer> StartServer.

choose"Start>all programs> Huawei> Agile Controller> Server Startup Config"To manually start the required components.

choose"Start 3 all programs> Huawei> MCServer> Sever Startup Conig",Manually start the required components

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

True

False

default ACL The rule group number can be arbitrarily specified.

default ACL The rule group number can only be 3999.

due to SACG Need to use ACL3099-3999 To pick TSM The rules issued by the system, so in the configuration TSM Before linkage, you need to ensure these ACL Not referenced by other functions.

The original group number is 3099-3999 of ACL Even if it is occupied, it can be successfully activated TSM Linkage.

File content filtering

Voice content filtering

Apply content filtering..

The source of the video content

Prefix matching

Suffix matching

155955cc-666171a2-20fac832-0c042c043

Keyword matching

Exact match

htttp://www.abcd. com:8080/news/education. aspx

htttp://www.abcd. com:8080,te

/news/education. aspx

/news/education. aspx?name=tom&age=20

1433 port are occupied by the other processes

equipment 21 port is occupied

without prior installation of Microsoft SQL Server 2005 Toolkit

The operating system is Microsoft Windows Server 2003

The administrator has not set the time to vote every day from 9:00 to 18:00

The shopping website does not belong to the predefined shopping website category

The administrator did not submit the configuration after completing the configuration.

The administrator has not applied the URL pass-through configuration file to the security policy.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

MAC Address format

Fixed username form

DHCP Option format

ARP Option format

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

True

False

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

Planting malware

Vulnerability attack

Web application attacks

Brute force

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

Threaten the security of the user's host and network.

Some viruses can be used as intrusion tools, such as Trojan horse viruses,

Control the host computer's accumulated limit and the user's data, and some viruses may even cause damage to the host's hardware.

Can easily pass the defense of Huawei USG6000 products

Viruses are triggered by computer users

Viruses can replicate themselves

Trojan horses are triggered by computer users

Trojans can replicate themselves

Centralized deployment

Distributed deployment

Hierarchical deployment

Both centralized deployment and distributed deployment are possible

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

Terminal P address

Location information of the access device

Priority of guest accounts

Connected to the network SSID'

The weight value is 8, you can visit the web page

The weight value is 10, and the page cannot be accessed

The weight value is 8, the page cannot be accessed

The weight value is 10, you can ask the web page before

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

True

False

Short message

E-mail

Web Print

Voicemail

account>user group>terminal IP Address range

By the end P Address range>account number>user group

account>Terminal protection address range>user group

user group>terminal P Address range>Account

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

To use Any Office The connected user performs remote assistance.

Force users to go offline.

Audit users' online and offline records.

Disable the mobile certificate account/Disable and assign roles.

True

False

True

False

MAC authentication does not require users to install any client software.

The user name format used by MAC authentication is only one of MAC address user name format.

MAC authentication actually uses 802 1X authentication method.

MAC bypass authentication solves the situation of both 802.1x client authentication and MAC authentication in the same network environment.

AE Server priority use)SC server.

Install AE When the server, you need to configure the main and standby SC Server IP address.

If the Lord SC After the server fails,AE The server will use the backup SC server.

host SC After the server is restored,AE Server will not switch back to master SC The server handles the business.

True

False

User domain

Network domain

Business domain:

Attack domain

Confidentiality

Integrity

Availability

Recoverability

File extension mismatch means that the file type is inconsistent with the file extension.

Unrecognized file type means that the file type cannot be recognized and there is no file extension.

File damage means that the file type cannot be identified because the file is damaged.

Unrecognized file type means that the file type cannot be recognized, and the file extension cannot be recognized.

Access control

Encrypted access

Business isolation

Audit billing

User flow has not passed SACG.

SACG There is no release on the user stream.

SACG There is no closed state detection on it.

Agile Controller-Campus On and SACG Wrong key configuration for linkage

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.

If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.

If end users are scattered in different geographical locations, a distributed deployment solution is recommended.

If end users are scattered in different regions, a centralized deployment solution is recommended.

True

False

Virtual patch

Mail detection

SSL traffic detection

Application identification and control

Planting malware

Vulnerability attack"

We6 Application Click

Brute force

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

True

False

The biggest difference between the two is MAC Bypass authentication belongs to 802 1X Certification, while MAC Certification does not belong to 802 1X Certification.

If a network can connect to dumb terminals(printer,IP telephone), The text may be connected to a portable computer, please use MAC Bypass authentication:First try 802 1X Authentication, try again if authentication fails MAC Certification

If a network will only connect to dumb terminals(printer,IP telephone),please use MAC Certification in order to shorten the certification time.

MAC Authentication MAC One more bypass authentication 802 In the instrument certification process, the open time is longer than MAC The bypass authentication time is long.

Is the strategy automatically deployed?

Choose the appropriate policy control point and user authentication point

Does the strategy deployment target a single user?

Does the strategy deployment target a single department?

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

Both the aggregation layer and the access layer switches need to be turned on 802.1X Function.

Access layer switch needs to be configured 802. 1X Transparent transmission of messages.

The aggregation switch needs to be configured 802 1X Transparent transmission of messages.

No special configuration required

hardware SACG use Any Office Perform admission control.

software SACG use Any Office Perform admission control.

hardware SACG Than software SACG cut costs.

hardware SACG The security is higher.

The aggregation layer device is not configured RADIUS Certification template.

Agile Controller-Campus The switch is not added on NAS equipment.

Connect to the terminal on the device to open 802.1X Function.

The Layer 2 link is used between the access device and the aggregation device, and it is not turned on 802 Instrument transparent transmission function

1->2->3

1->2->4,

1->3->2

1->4->3

www file

PE file

Picture file

Mail

Portal The certification process is only used in Web Certification

Server for a terminal Portal Certification will only give one Portal Device sends authentication message

Switch received Portal Online message, will give Radius Server send Radius Certification request

Portal The authentication message will not carry the result of the security check

Agile Controller-Campus Integrated RADIUS All functions of server and client."

Agile Controller-Campus As RADIUS On the server side, the user terminal acts as RADIUS Client.

Certified equipment(like 802. 1X switch)As RADIUS On the server side, the user terminal acts as RADIUS Client.

Agile Controller-Campus As RADIUS Server side, authentication device(like 802.1X switch)As RADIUS Client.

The basic mode can effectively block the access from the Feng Explor client.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

③④

①③④

⑤⑥

②④

Local account authentication

Anonymous authentication

AD Account Verification

MAC Certification

A serious violation will prohibit access to the post-authentication domain.

The access control list of the post-authentication domain has not been delivered SACG.

ALC The number of rules issued is too many, and a lot of time is required to match, causing interruption of access services.

Agile Controller-Campus Wrong post-authentication domain resources are configured on the server.

ID

Message length

Agreement

Direction

Certificate encryption

AES encryption

PSK encryption

Plaintext encryption

By IP addresses

By terminal type

By account

By user information

True

False

A What is configured on the device is MAC Bypass authentication

B What is configured on the device is MAC Bypass authentication o

A On the device 2GE1/01 Can access PC Can also access dumb terminal equipment

B On the device GE1/0/1 Can access PC It can also access dumb terminal equipment. Upper

MAC Certification is based on MAC The address is an authentication method that controls the user's network access authority. It does not require the user to install any client software.

MAC Bypass authentication is first performed on the devices that are connected to the authentication 802 1X Certification;If the device is 802. 1X No response from authentication, re-use MAC The authentication method verifies the legitimacy of the device.

MAC During the authentication process, the user is required to manually enter the user name or password.

MAC The bypass authentication process does not MAC The address is used as the user name and password to automatically access the network.

In the learning process, you should start from collecting samples, analyze their characteristics and then perform machine learning.

Machine learning only counts a large number of samples, which is convenient for security administrators to view.

In the detection process, the characteristics of unknown samples need to be extracted and calculated to provide samples for subsequent static comparisons.

Security source data can come from many places, including data streams, messages, threat events, logs, etc.

After the configuration is complete, the switch will automatically release the data flow to access the security controller,No need for manual configuration by the administrator.

This configuration allows users to access network resources before authentication.

After the configuration is complete, the administrator still needs to manually configure the release network segment

Only after the authentication is passed, the terminal can access 10.1.31.78 Host.

Plan

Implementation

termination

Monitoring

The user distribution range is large, and the access control requirements are high.

The deployment of the access control strategy is significant.

Access rights are difficult to control.

User experience technology

True

False

Data preprocessing

Threat determination

Distributed storage

Distributed index

True

155955cc-666171a2-20fac832-0c042c0414

False

True

False

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

Terminal and Agile Controller-Campus Server communication SSL encryption

Authentication fails, end users can only access resources in the pre-authentication domain

Security check passed,Agile Controller-Campus Server notification SACG Will end user's IP Address switch to isolated domain

Agile Controller-Campus Server gives SACG Carrying domain parameters in the message

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

AP Certification

Link authentication

User access authentication

data encryption

Visitors can use their mobile phone number to quickly register an account

The administrator can assign different permissions to each visitor

Reception staff cannot create guest accounts

There is a violation of the guest account, and the administrator cannot retrospectively

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

True

False

True

False

True

False

True

False

PADIUS Used on the client and 802.1X Information such as user names and passwords are passed between switches.

PADIUS Used in 802.1X Switch and AAA Information such as user name and password are passed between servers.

PADIUS Used for Portal Server pushes to users Web page.

PADIUS Used for server to SACG Security policy issued by the device

Configuration plane

Business plane

Log plane

Data forwarding plane

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

Can access the network? Can also access network resources.

Cannot access the network.

Can pick up? The network needs to be repaired before you can access network resources.

You can access the network, but you need to re-authenticate to access network resources.

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

Authentication

Isolation repair'

Security check

Access control