H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

True

False

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

True

False

The black and white list is matched by extracting the destination IP address of the SMTP connection

The black and white list is matched by the sender's dns suffix

The black and white list is matched by extracting the source IP address of the SMTP connection

155955cc-666171a2-20fac832-0c042c0419

If the source IP address of the SMTP connection matches the blacklist, the connection will be blocked

Website phishing deception

Website Trojan

SQL injection

Cross-site scripting attacks 2335

Keywords contained in the content of the uploaded file

Keywords contained in the downloaded file

File type

File upload direction 335

Dual machine hot backup

Power supply. 1+1 redundant backup

Hardware Bypass

Link-group

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

POST operation

Browse the web

Acting online

File upload and download

The priority of the coverage signature is higher than that of the signature in the signature set.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain either predefined signatures or custom signatures. 832335

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

True

False

Infrastructure security

Tenant security

How to do a good job in management, operation and maintenance

Hardware maintenance

The firewall has enabled the SYN Flood source detection and defense function

The firewall uses the first packet drop to defend against UDP Flood attacks.

HTTP Flood attack defense uses enhanced mode for defense

The threshold for HTTP Flood defense activation is 2000.

The file filtering configuration file is not referenced in the security policy

File filtering configuration file is incorrect

License is not activated.

The action configuration of the file extension does not match is incorrect

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

True

False

The file extension does not match.

Unrecognized file type

File corruption

The file is compressed

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

The content in No. 2 must be configured.

In addition to this page configuration, you also need to enable the firewall and sandbox linkage, otherwise the page configuration is invalid

The content in No. 4 must be configured.

After the configuration is completed, you need to submit the configuration to take effect.

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045