HCIA SECURITY Searchable PDF

1. Which of the following is the correct description of windows log event type?
(Multiple Choice)
T A Awaming event is a successful operation event of ar application, driver, or service.
TB. Error events usually refer to the loss of function anddata. For example, if a semvice cannot be loaded as a
system boot, an error event will be generated. (Right Answers)
T C. Whenthe disk spaceis insufficient, it wll be recorded as an “information event" (Right Answers)
T D. Failure audit event refers to a failed audit security login attempt, such as a failure when the user view accesses
the network drive is logged as a failed audit event. (Right Answers)
Answer: BCD.
2. Whichtypes of encryption technology can bedivided into? (Multiple Choice)
A Symmetric encryption (Right Answers }
TB. Asymmetric encryption (Right Answers)
TC. Fingerprint encryption
FD. Data encryption
Answé AB
3. HRP (Huawei Redundancy Protocol) Protocol to back up the connection state of data include: (Multiple Choice)
TA TCP/UDPsessions table (Right Answers)
TB. Sener Maptable (Right Answers)
TC. the dynamic blacklist (Right Answers)
TD. the routing table
Answer: ABC
4. Which ofthe following is the core part of the P2DR model?
TA Policy Strategy (Right Answers)
TB. Protection
T C. Detection
T D. Response
Answer: A
5. Eviderceidentification needs to resolve the integrity verification of the evidence anddetermine whether it meets the
applicable standards. Which of the following statements is correct about the standard of evidence identification?
TA. Relevancecriterion means :hat ifthe electronic evidence can have a substantial impact on the facts of tre
case to a certain extent, the court should determinethat itis relevant. (Right Answers)
TB. Objective standard means that the acquisition, storage, and submission of electronic evidence should be legal,
and the basic rights such as nationalinterests, social welfare, and personal privacy are not strictly violated.
T C. Legality standard is to ensure that the electronic evidenceis collected from the initial collection, and there is
no changein the content of the evidence submitted as evidence
17D. Faimess standard refers to the evidence obtained by thelegal subject through legal means, which has the
evidence ability.
6. Data analysis technology is to find and match keywords or key phrases in the acquired data stream orinformation
flow, and analyze the correlation of time. Which of thefollowing is not an evidence analysis technique?
‘A. Password deciphering, data decryption technology
TF B. DocumentDigital Abstract Analysis Technology
TC. Techniques fordiscovering the connections between different evidences
T D. Spam tracking technology {Right Answers)
Answe
7. Regarding the AH and ESPsecurity protocols, which of thefollowing optionsis correct? (Multiple Choice)
T_A.AH canprovide encryption and verification functions
TB ESPcan provide encryption andverification functions (Right Answers)
TC. The agreement number of AH is 51. (Right Answers)
TD. The agreement number of ESP is 54
Answer: BC
8. Which of the following types ofattacks does the DDoSattack belong to?
TA. Snooping scanning attack
TB. Malformed packetattack
C. Special message attack
TD. Traffic attack (Right Answers)
Answer: D
9. Regarding SSL VPNtechnology, which ofthe following options is wrong?
T_A-SSLVPNtechnology can be perfectly applied to NAT traversal scenarios
TB. SSL VPNtechnology encryption only takes effect on the application layer
T C. SSLVPNrequresa dial-up client (Right Answers)
TD. SSL VPN technology extends the network scope of the enterprise
Answer: C
10. Which of the following options can be used in the advanced settings of windowsfirewall? (Multiple Choice)
TA Restore defaults (Right Answers)
TB. Change notification rules (Right Answers)
TF ©. Set connection security rules (Right Answers)
TD. Set out inbound rules (Right Answers)
Answer: ABCD.
11. When coniguring NAT Server on the USG seriesfirewall, the server-maptable will be generated. Which of the
following does not belong in the table?
TA Destination IP
I B. Destination port number
TC. Agreement number
TF ghSource IP (Right Answers)
Answer: D
12. Which of the following attacks does not belong to special packet attack?
TALICMPredirect packetattack
TB. ICMPunreachable packet attack
T C.IP address scanningattack (Right Answers)
T D. Large ICMP packet attack
Answer: C
13. Which ofthe following attacksis not a matformed messageattack?
TA Teardropattack
TB. Smurf attack
TC. TCP fragmentattack
I U.ICMPunreachable packet attack (Right Answers?
Answer: D.
14. Caesar Codeis primarily used to encrypt data by using stick of a specific specification.
TA Tue
6. False (Right Answers)
Answer: B
1. Typical remote authentication modes are: (Multiple Choice)
T A RADIUS (Right Answers)
TF B Local
C.HWTACACS (RightAnswers)
F D.LwOP
16. When the firewall hard diskis in place, which of thefollowing is correct descriptionfor the firewall log?
TA. Theadministrator can advertise the content log to view the detaction and defense records of network threats.
TB. The administrator can use thethreat log to understandthe user's security risk behavior and the reason for
being alarmed or blocked,
TC. The administrator knows the user's behavior, the keywords explored, and the effectiveness of the audit policy
configuration through the user activity log.
7D The administrator can learn the security policy of the trafic hit through the policy hit log, and useit for fault
location whenthe problem occurs. (Right Answers}
Answer: D
17. In the Client-nitiated VPNconfiguration, generally it is recommended to plan the address pool and the headquarters
of the network address forthe different network segments,or need to open proxy forwarding on the gateway device
TA True (Right Answers)
PB False
Answer: A
18. Which ofthe following is the encryption technology used by digital envelopes?
A. Symmetric encryption algorithm
TB. Asymmetric encryption algorithm (Right Answers)
TF C. Hash algorithm
TD. Stream encryption algorithm,
Answer: B
19. Except built-in Portal authentication, firewall also supports customPortal authentication, when using a custom Portal
authentication, no need to deploy a separate external Portal sever.
TA True
T 8 False (Right Answers)
Answer: B
20. NAPT technology can implement a public network IP address for multiple private network hosts.
TO True (Right Answers)
TB. False
Answer: A
1. IPSec. VPN technology does not support NAT traversal when encapsulating with ESP security protocol, because
ESP encrypts the packet header.
TA True
T 8. False (Right Answers)
Answer: B
22. Which of thefollowingis true about the description of SSL VPN?
TA Can be used withouta client (Right Answers)
TB. Mayencrypt to IP layer
TC. There is a NATtraversal problem
T D.No authentication required
Answer: A
23. Someapplications, such as Oracle databaseapplication,there is no data transfer for a long time, so that firewall
sessionconnection is interrupted, thus resulting in serviceinterruption, which of the following technology can solve
this problem?
TF A Configure a long business connection (Right Answers)
TB. Configure default session aging time
TF C. Optimization of packet fitering rules
FD. Tum fragmentcache
Answer: A
24. Whatis the nature of infunnation securityit “hplementationof security moniting and management of infortative
and information systems to preventthe ilegal use ofinformation and information systems"?
A Confidentiality
T B. Controllability (Right Answers)
FC. Non-tepudiation
T D. Integrity
Anower: B
25. When configuring security policy, a security policy can reference an address set or configure multiple destination IP
addresses.
T B.False
Answers A
2Bhich ofthefolowing optionsis notte pat ofthe quintet?
TA Source IP
TB Source MAC (Right Answers)
T © .Destination IP
TD. Destination Port
Answer: B
27. Which ofthefollowing statement about the L2TP VPN of Client-nitialized is wrong?
TA Afterthe remote user access to intemet, can initiate L2TP tunneling requestto the remote LNS directly through
the client software
TB. LNSdevicereceives user L2TPconnection request, can verify based on user name and password,
TC. UNSassign a private IP address for remote users
TD. temote users do not need to install VPN client sctware (Right Answers)
Answer: D.
28. Regarding the description of the vulnerability scanning, which of the following is wrong?
TA Vulnerability scanning is a technology based on network remote monitoring of target networkor host security
performance vulnerability, which can beused for simulated attack experiments and security audits.
T B. Vulnerability scanning is used to detect whetherthere is a vulnerability in the target host system. Generally,
the target host is scanned for specific vulnerabilities.
TF C. Vulnerability scanning is a passive preventive measure that can effectively avoid hacker attacks. (Right
Answers)
D. Vulnerability scanning can be done based on the results of ping scan results and port scan
Answer: C
By Regarding tte firewall security policy, which of the following options is wrong?
TA Ifthe security policy is permit, the discarded message will not accumulate the numberofhits. (Right
Answers)
TB. When configuring the security policy name, you cannot reuse the same name
TC. Adjust the order of securitypolicies with immediate effect, no needto save the configuration‘le.
T D. Huawei's USGseries firewalls cannot have more than 128 security policy entries
Answer: A
30. Which ofthe following protection levels are included in the TCSEC standard? (Multiple Choice)
TA Verify protection level (Right Answers)
TB. Forced protection level (Right Answers)
TC. Independent protection level (Right Answers)
TD. Passive protection level
&
Answer: ABC
31. Which ofthe fcllowing are parts of the PKI architecture? (Multiple Choice)
TA Endentity (Right Answers)
1 6 Cettificatior Authority (Right Answers)
T ©. Certificate Registration Authority (Right Answers)
T D. Certificate Storage organization (Right Answers)
Answer: ABCD.
32. “Being good at observation” and “keeping suspicion” can help us betteridentify security threats in the online world.
TB. False
Answer: A.
33. Under the tunnel encapsulation mode, IPSec configuration does not need to have a route to the destination private
network segment, because the data will be re-encapsulated using the new IP header to find therouting table.
TA Tue
I B. False (Right Answers)
Answer:
34. Regarding the description of Windows Firewall, which ofthe following options are correct? (Multiple Choice)
TA. Windows Firewall can only allow or prohibit preset programs or functions and programsinstalled on the
system, and cannot customize the release rules according to the protocol or port number.
TB. Windows Firewall not only allows or prohibits preset programsor functions and programsinstalled on the
system, but also can customize the release rules according to the protocol or port number. (Right Answers)
C. Ifyou are unable to accessthe Intemet during the process ofsetting up the Windows Firewall, you can use
the Restore Defaultsfeature to quickly restore the firewallto its initial state. (Right Answers)
TD. Windows Firewall can alsc change notification rules whenitis off (Right Answers)
Answer: BCD
a5 Rascaty the following is the correct description of the investigation and evidence collection?
TA. Evidenceis not necessarily required during the investigation
TB. Evidence obtained by eavesdroppingis also valid
T C. Inthe process ofall investigation and evidencecollection, there are law enforcement agenciesinvolved. (Right
Answers)
TF D. Document evidence is required in computer crime
Answer: C
36. Which ofthe following is wrorg about the management ofInternet users?
TA Each user group can include multiple users and user groups
TB. Each user group can belong to multiple user groups (Right Answers)
1 C. The system has a default user group by default, which is also the system default authentication domain.
TD. Each userbelongs to atleast one user group, also can belong to multiple user groups
Answer! B
37. Which ofthe following is not part of the method used in the Detection section of the P2DR model?
TA. Real-time moritoring
TB Testing
FC. Alarm (Right Answers)
TD. Shut down the service
Answer: C
38. Which ofthe following is not part ofthe LINUX operating systern?
TA Centos
TB. RedHat
TC. Ubuntu
I D.MAC OS (Right Answers)
Answer: D
bg
39. In somescenarios,it is necessary to convert the source IP address and the destination IP address. Which of the.
following techniques is used in the scenario?
A Two-way NAT (Right Answers)
TB. Source NAT
1 C.NAT-Server
TF D.NATALG
Answer: A
40. Which of thefollowing protocols can guarantee the confidentiality of data transmission? (Multiple Choice)
A Telnet
TB. SSH (Right Answers)
r crIP
D.HTTPS (Right Answers)
Answer: BD
41. On the USGseriesfirewall, ater the web redirection furction is configured, the authentication page cannotbe
displayad. Which of thefollowingis not the cause of the fault?
TA. Theauthentication policy is not configured or the authentication policy is incorrectly configured.
TB. Web authentication is not enabled.
1 C. The browser SSLversion does not match the SSLversion ofthe firewall authentication page
TD. The port ofservice of authentication page is set to 8387 (Right Answers)
Answer
42. Which ofthefollowing optionsis the correct sequencecfthe four phasesof the Information Security Management
System (ISMS)?
TA. Plan->Check->Do->Action
I B. Check->Plan->Do->Action
TC. Plan->Do>Check->Action (Right Answers)
TD. Plan->Check->Action->Do
Answer: C
43. In theinformation security system construction managementcycle, which of the following actionsis required to be
implementedin the “check’ link?
TA. Safety management system design
FB. Implementation ofthe safety management system
T C.Risk assessment (Right Answers)
TD. Safety management systemoperation monitoring
Answer: C
44. Checkthefirewall HRP status information as follows
HRP_S [USG_B] display hrpstate
16: 90 13 2010/11/29
The firewalls config state is SLAVE
Currentstate ofvirtual routers configured as slave
GigabitEthernet0/0/0 vird 1 slave
GigabitEthernet0/0/1 vied 2 slave
Whichof thefollowing description is correct?
TA. the firewall V6MPgroup status is Master
TB. the firewall G0/0/0 and 0/1 GO./ interface of VRRPgroupstatus is Slave (Right Answers)
TC. the firewall of HRP heartbeats interface is GO/0/0 and GO/0/1
TD. the firewall must be in a state of preemption
Answer: B
45. Classify servers based on the shape, what types ofthe following can be divided into? (Multiple choice)
TA Blade server (Right Answers)
TB Tower sener (Right Answers)
T C. Rackserver (Right Answers)
1) X86 senver
Answer: ABC
48. Common scanning attacksinclude: port scanning tools, vulnerability scanning tools, application scanning tools,
database scanning tools, etc.
A True (Right Answers)
T B.False
Answer: A.
4T. According to the protection object,thefirewallis divided. Windows Firewall belongs to
TA Sofware firewall
TB. Hardware firewall
TC. Stand-alonefirewall (Right Answers)
TD. Networkfirewall
Answer: C
48. Which of the following are the ways in which a PKI entity appliesfor a local certificate from CA? (Multiple Choice).
TA Online application (Right Answers)
TB. Local application
I C. Network application
TD. Offine application (Right Answers)
Answer: AD
49. IPS(intrusion Prevention System)is a defense system that can blockin real time when intrusion is discovered.
TA Tue (Right Answers)
TB. False
Answer: A.
50. The Huawei RedundancyProtocol (HRP)is used to synchronizethe main firewall configuration and connection
status and other data on the backup firewall to synchronize . Whichof thefollowing optionsis notin the scope of
synchronization?
TF A Security policy
T B.NATpolicy
FC. Blacklist
T D.IPS.signature set (Right Answers)
Answer: D
51. Which ofthe following are correct about configuring the irewall security zone? (Multiple Choice)
T A. The firewall has four security zones by default, and the four security zone priorties do not support modification.
(Right Answers)
T~ B. Firewall can have 12 security zones at most.
I C. The firewall can create two security zones of the samepriority
TD. When data flows between different security zones,the device security checkis triggered and the
corresponding securitypolicy is implemented. (Right Answers)
Answer: AD
cettiicates according to different usage scenarios.
TA “ue(Right Answers)
I B.False
Answer: A.
3. Which ofthe following descriptions is wrong aboutthe root CA certificate?
A The issueris CA
TB. The certificate subject name is CA.
TC. Public key information is the public key of the CA
TD. Signature is generated by CA public key encryption (Right Answers)
Answer: D.
54. Which configuration is correct to implement NAT ALGfunction?
TA. nat alg protocol
TB. alg protocol
TF C. nat protocol
T D. detect protocol (Right Answers)
Answer: D
55. Which ofthe following statements is wrong aboutthe firewall gateway's anti-virus responseto the HTTP protocol?
TA. Whenthe gateway device blocks the HTTP connection, push the webpage to the client and generate a log,
TB. Response methods include announcement and blocking (Right Answers)
TC. Alarm mode device only generates logs and sends them outwithout processing thefiles transmitted by
the HTTP protocol
I D. Blocking means that the device disconnects from the HTTP server and blocksfile transfer.
Answer: B
56. Which of the following does not belongto the user authenticaion method in the USG firewall?
IA Free certification
TB. Password authentication
F C. Single sign-on
T D. Fingerprint cuthentication (Right Answers)
Answer: D
[367. Both the GE1/0/1 and GE1/0/2 portsofthe firewall belong to the DMZ. If the area connected to GE1/0/1 can access
the area connected to GE1/0/2, which of thefollowing is correct?
TA Need to configure the security policy from Local to DMZ
T B.Noneed to do any configuration (Right Answers)
T C. Need to configure an interzone security policy
TD. Need to configure security policy from DMZ to local
Answer: B
58. Forthe process of forwarding the first packet of the session between firewall domains,there are the following
steps
11 find che routing table
2. find inter-domain packetfitering rules
3. find the session table
4. find che blacklist
Whichofthe following is the corect order?
TA te3>2>4
T Bas2>to4
TC. 3>4>1-2 (Right Answers)
P D.asgete2
59. The administrator wants to know thecurrent session table. Which of thefollowing commands is correct?
hs clear firewall session table
B. reset firewall session table (Right Answers)
C. display firewall session table
T D. display session table
Answer: B
60. Which of the following are the basic functions of antivirus software? (Multiple Choice)
TA Defend virus (Right Answers)
TB. Find virus (Right Answers)
TC Clearvirus (Right Answers)
FD. Copy virus
Answer: ABC.
61. The European TCSECCode is divided into two modules, Function and Evaluation, which are mainly usedin the
military, government and commercialfields.
TB. False
Answer: A
62. Terminal detection is an important part ofthe future developmentofinformation security. Which ofthe following
methods belong tothe category ofterminal detection? (Multiple Choice)
TA Install host antivirus software (Right Answers)
TB. Monitor and rememberthe external device
TC. Prevent users from accessing public network search engines
TD. Monitorthe host registry modification record (Right Answers)
Answer: AD
63. Useiptables to write a rule that does notallow the network segment of 172.16.0.0/16 to access the device. Which of
the following rules is correct?
TA iptables -t fitter -A INPUT -s 172.16.0.0/16 -p all j DROP (Right Answers)
TB. iptables -tfitter -P INPUT -s 172.16.0.0/16 -p all j DROP
FC. iptables -tfier -P INPUT -s 172.16.0.0/16 -p all j ACCEPT
T D. iptables-tfier -P INPUT -d 172.16.0.0/16 -p all j ACCEPT
Answer: A
64. About the contents of HRP standby configuration corsistency check, which of thefollowing is not included?
ANATpolicy
TB. ifthe heartbeat interface with the sameserial number configured
T C. Next hop and outbound interface ofstatic route (Right Answers)
TD. Certification strategy
Answer: C
66. In the USGseries firewall, you can usethe function to provide well-known application services for non-known
ports:
A Part mapping (Right Answers)
TB. MACand IP address binding
I © Packet fitering
TF D. Long connection
Answer: A
166. Which of thefollowing is notincluded in the design principles of the questionnaire?
TA Integrity
TB. Openness
TC. Specificity
T D. Consistency (Right Answers)
Answer: D
67. To implementthe " antivirus function "in the security policy, you must perform a Licenseactivation.
TA Tre (Right Answers)
TB Fase
Answer: A
68. The configuration commandsfor the NAT address pool are as follows:
nat address-group1
section 0 202.202.168.10 202.202.168.20
mode no-pat
‘Of which, the meaning of no-pat parametersis:
TA Dao not do address translation
TB. Perform port muttiplexing
TF C.Donot convert the source port (Right Answers)
TD. Do not convert the destination port
Answe
69. On thesurface,threats such as viruses, vulnerabilities, and Trojans are the causeofinformation security incidents,
butat therootoft, information security incidents are also strongly related to people and information systems
themseWes
T A True (Right Answers)
TP B. False
Answer: A
70. Which ofthe following behaviorsis relatively safer wher connecting to Wi-Fi in public places?
TA ConnectWi-Fi hotspots that are not encrypted
TB. Connect to the paid Wi-Fi hotspot provided by the operator and only browse the web (Right Answers)
T C. Connect unencrypted free Wi-Fifor online shopping
T D. Connect encrypted free Wi-Fi for onlinetransfer operations
Answer: B
71. Which ofthe following is an action to betaken during the summary phase of the cybersecurity emergency
response?(Multiple Choice)
TA Establish a defense system and specty control measures
TB Evaluate the implementation of the contingency plan and propose a follow-up improvement plan (
Answers)
T C. Determine the effectiveness of theisolation measures
TD. Evaluation of members of the emergercy response organization (Right Answers)
Answer: BD
72. Which of the following descriptions is correct about port mirroring? (Multiple Choice)
TA The mirrored port copies the packetto the observing port. (Right Answers)
7B. The observing port sends the ceived packel lu the 1 mituring device. (Right Answers)
1 C. The mirrored port sendsthe received packetto the monitoring device.
1 D. The observing port copies the packetto the mirrored port.
Answer: AB
73. Which ofthefollowing is the GRE protoco. number?
PA
8.47 (Right Answers)
r c.89
F .50
Answer: B
74. Which ofthe following description about the VGMPprotocolis wrong?
_A.VGMPadd muttiple VRRPbackupgroups on the same firewall to a management group, uniformly manage all
the VRRPgroup by management group.
TB. VGMPensurethatall VRRPbackupgroups state are the same through a unified control of the switching of
each VRRP backup group state
TC. State of VGMPgroupis active, which will periodically send HELLOpacketsto the opposite end, Stdandby end
‘only monitors the HELLO packets, which will notrespond (Right Answers}
1 D. By default, when three HELLOpacketcycle of Standby end does not receive HELLO packets which are sent
from the opposite end,the opposite end will be considered a failure, which will switchitself to the Active state
Answer: C
75. Both A and 8 communicate data. fan asymmetric encryption algorithm is used for encryption, when A sends data
to B, which ofthefollowing keys will be. used for data encryption?
TA public key
TB. Aprivate key
T C.B public key (Right Answers)
T D.B private key
Answer: C
76. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.
TA True
TB False (Right Answers)
Answer: B
77. Based on the GRE encapsulation and de-encapsulation, which descripticnis error?
TA Encepsulation Process: The original data packets transmit the data packets through looking up routing to the
Tunnelinterlaceto trigger GREencapsulation.
TB. Encepsulation Process: After GRE module packaging, the data packet will enter the IP module for further
processing
TC. De-encapsulation Process: Afterthe destination receives GREpackets, transmitting the data packets through
looking upthe routing to the Tunnel interfacesto trigger GRE encapsulation. (Right Answers)
T_D. De-ercapsulation Process: After GRE module de-encapsulation,the data packets will enter the IP module for
further processing,
Answer: ©
78. The repair of anti-virus software only needsto be able to repair some system filesthat were accidentally deleted
when killing thevirus to prevent the system from crashing,
TB False
Answer: A
79. Whichof the following is not a rating in the network security incident?
TA. Major network secufty incidents
TB. Special network security incidents (Right Answers)
C. General network security incidents
D. Larger network security incidents
Answer: B
80. In the current networkit has deployed other authentication system, device registration function by enabling a
single point, reducing the usertore-enter the password.
‘What are correct about single sign-on statements? (Multiple choice)
T A device can identify the user through the authentication of the identity authentication system, user access, the
device will not pa) authentication pages, to avoid further asked to enter a usemame / password (Right Answers)
TB. ADdomain single sign-on is only one deployment model
TF C. Although not require to enter a user password,butthe authentication server needs to interact with theuser
password and devices usedto ensure that certification through discussion
TD. AD domain single sign-on login can be mirrored data stream synchronized mannerto the firewall (Right
Answers)
81. Regarding the relationship and role of VRRP/VGMPIHRP,which of the following statements are correct? (Multiple
choice)
TA. VRRPis responsible for sending free ARP to directtrafic to the new primary device during active/standby
switchover. (Right Answers)
TB. VGMPis responsible for monitoring equipmentfailures and controlling fast switching of equipment. (Right
Answers)
TC. HRPis responsible for data backup during hotstandby operation. (Right Answers)
TD. VGMPgroupin the active state mayinclude the VRRPgroupin the standby state
Answer: ABC
82. The administrator PC and the USG firewall managementinterfacedirectly connected using the web the way
initialization, which ofthe following statements are true? (Multiple choice)
TA Manage PC browser access http:/1192.168.0.1 (Right Answers)
T B.IPaddress of the management PC is manually set to 192.168.0.2-192.168.0.264 (Right Answers)
C. Manage PC browseraccess http:/i192.168.1.1
I D. Setthe NIC of the managementPCto automatically obtain the IP address.
Answer: AB
83. In Huawei SDSec solution, which layer of equipment does the firewall belong to?
TA Analysis layer
TB. Control layer
TC. Executive layer (Right Answers)
TD. Monitoring layer
Answer: C
84. WhenFirewall does dual-systemhotbackup networking, in orderto achieve the overall status of the backup group
switching,whichofthe following protocol technology need te be used?
TA. VRRP
T 8. VGMP (Right Answers)
T CHRP
TD. OSPF
Answer: B
85. The sceneof internal users accesstheintemet as shown, the subscriber line process are
1 After authentication, USG allow the connection
2. The userinput http:/1.1.1.1 to accessInternet
3. USG push authentication interface, User =? Password =?
4. The user successfully accessed http:/1.1.1.1, equipmentcreate Session table
5. Userinput User = "** Password = "**
Whichthefollowing procedure is correct?
14a.
ss
PA 28344
aaa
T 6235-14 (Right Answers)

PF c.24384
P D23454
86. About the description of firewall active-standby, which ofthefollowing is correct? (Multiple Choice)
A Whena plurality of regions on the firewall needto provide dual-machine backup function, you need to configure
multiple VRRP backup groups on thefirewall. (Right Answers)
I Bt requiresthe state ofall the VRRP backup groupsin the same VGMP management graup on the same
firewall should be consistent. (Right Answers)
I ©. Thefirewall active-standby requires the information such as the session table, MAC table,routing table and so
on synchronous backup betweenprimary devices and slave devices.
TD. VGMP istoensure all VRRP backup groups’ consistency of switching: (Right Answers )
Answer: ABD
87. Which offhe following is the encryption technology used in digital envelopes?,
TA Symmetric encryption algorithm
TB. Asymmetric encryption algorithm (Right Answers)
TC. Hash algorithm
TD. Streaming algorithm
Answer: B
88. Which ofthe following are correct regarding the matching conditionsof the security policy? (Multiple choice)
A “Thesource security zone”is an optional parameterin the matching condition. (Right Answers)
TB. "Time period”in the matching condition is an optioval parameter (Right Answers)
C. “Apply”in the matching condition is an optional parameter (Right Answers)
TD. “Service”is an optional parameterin the matching condition (Right Answers)
Answer: ABCD
89. The attacker by sending ICMP response request, and will request packet destination address setto suffer Internet
radio address
Which kind of attack doesthis behavior belong to?
T AIP spoofing attack
TB. Smurf attack (Right Answers)
T C.ICMP redirect attack
TD. SYN flood attack
Answer: B
91. Fire Trust domain FTP client wants to access an Un:rust server FTP service hasallowedthe client to access the
server TCP21port, the clientin the Windows commandline window canlog into the FTP server, but can not
download tne file, what are the following solutions? (Multiple choice)
1 A take the Trust between Urrrust domain to allow two-way default access strategy (Right Answers)
TB. the FTP works with the port mode modify the Untrust Trust domain to allow the inbound direction between the
default access strategy (Right Answers)
TC. Trust Untrust domain configuration is enabled detect ftp (Right Answers)
T_D. FTF works with Passive mode modify the domain inbound direction between the Untrust Trust default access
policy to allow
Answer: ABC.
92. Which ofthe following is not part of a digital certificate?
TA. Public key
TB. Private key (Right Answers)
TC. Validity period
PF D.Issuer
Anawer: B
93. Which of the following is true about the descriptionof the TCP/Pprotocol stack packet decapsulation? (Multiple
choice)
7 A The data packetis first transmitted to the data link layer. After parsing, the data link layer informationis
stripped, and the network layerinformation is known according to the parsing information, such as IP. (Right
Answers)
TB. Afterthe transport layer ((CP) receives the data packet, the transport layerinformation is stripped after
parsing, and the upperlayer processing protocol, such as UDP,is known according to the parsing information.
T C.After receiving the data packet, the network layeris stripped after parsing, anc the upperlayer processing
protocol is known accordingto the parsing information, such as HTTP.
TD. Afterthe application layer recetves the data packet,the application layer information 1s stnpped atter parsing.
andthe user data displayed at the end is exactly the same as the data sent by the sender host. (Right Answers)
94. Whichofthe following is not a key technology for anti-virus software?
TA Shelling technology
FB. Sel-protection
T C. Format the disk (Right Answers)
T D_ Real-time upgrade ofthe virus database
Answer C
96. Which ofthe following are malicious programs? (Multiple choice)
TA Trojan horse ( ht Answers)
TB. Vulnerabilities
TF C. worm (Right Answers)
TD. Virus (Right Answers)
Answer: ACD.
96. Which of the following are key elementsof information security prevention? (Multiple choice)
TA Asset management (Right Answers)
T B. Security operatior and management (Right Answers)
T C. Security products and technologies (Right Answers)
T D. Personnel (Right Answers)
Answer: ABCD
97. Whic1 ofthefollowing is not the main form of computer crime?
TA. Implant a Trojan to the target host
B. Hacking the target host
C. Using a computerfor personal surveys (Right Answers)
T D. Use scanning tools to collect network information without permission
Answer: C
98. When the IPSec VPN tunnel modeis deployed,the AH protocolis used for packet encapsulation. In the
new IP packet headerfield, which ofthe following parameters does not require data integrity check?
TA SourceIP address
TB. Destination IP address
TF C.TTL (Right Answers)
T D.Idetification
Answer: C
99. When configuring a GRE tunnelinterface, the destination address generally refers to which ofthe following
paanelars?
1 A. Local tunnelinterface IP address
T B. Local end network export IP address
T C. eer external network expert IP address (Right Answers)
D.IP address ofthe peer tunnel interface
Answer: ©
100. In IPSEC VPN, which of thefollowing scenarios can be applied by tunnel mode?
TTA. between the host and the host,
TB. between hosts and security gateways
TC. between security gateways (Right Answers)
TD. Between tunnel mode and transport mode
Answer: C
(01. Security policy conditions can be divided into multiple fields, such as source address,destination address, source
ort, destination port, etc. These fields are “and”, that is, only information in the message andall fields you match,
you can hitthis strategy
TA Tne
T 8 False (Right Answers)
Answer: B
102. Which ofthe following is correct about the description of SSL VPN?
TA. Can be used without a client (Right Answers)
TB. mayencrypt layer
1 C. There is a NATtraversal protlem
T D. No authentication required
Answer: A
103. Which description aboutdisconnect the TCP connection 4 times-handshakeis wrong?
TA initiative to shut down the senderfirst FIN active closed, while the other received this FIN perform passive shut
down
TB. whenpassive close receipt the first FIN,it wil send back an ACK, and randomly generated to confirm the
serial number (Right Answers)
T C. passive closing party end need to send a fle to the application, the application will closeit connection and
lead to send a FIN
T D.in passive close the sender after the FIN,initiative to close must send back a confirmation, and will confirm the
serial numberis set to receive serial number1
Answer: B
104. Which af thefollowing is non-symmetric. encryption algorithm?
ARCA
TB. 30Es
Tr C.AES
T D.DH (Right Answers)
Anower: D
105. Which ofthe following statements about Client-initiated VPN is correct? (Multiple choice)
TA Atunnelis established between each access user and the LNS. (Right Answers)
TB. Only one L2TP session and PPP connection are carried in each tunnel. (Right Answers)
T C. Each tunnel carries multiple L2TP sessions and PPP connections.
T D. Each tunnel carries multiple L2TP sessions and one PPPconnection.
Answer: AB
106. Regarding trefirewall security policy, which ofthe following options are wrong?
TA Ifthe security policy is permit,the discarded messagewill not accumulate the number of hits. (Right
Answers)
TB. When configuring the security policy name, you cannot reuse the same name
TC. Adjust the orderof security policies without saving the configurationfle
T D. The number of security policy entries of Huawei USG series firewalls cannotexceed 128
Answer: A
107. Which ofthe following options are supported by VPN technology to encrypt data messages?(Multiple choice)
ASSL VPN(Right Answers)
TB. GRE VPN
T C.IPSec VPN (Right Answers)
TP D.L2TP VPN
Answer: AC
108. Whichofthefollowing is the username / password fer the first login of the USG series firewall?
TA Usernameadmin, password Admin@123 (Right Answers)
TB. User name admin, password admin@123
TF C. User name admin, password admin
TD. User name admin, password Admin123
Answer: A
109. There are various security threats in the use ofthe server. Which ofthe following optionsis not a server security,
threat?
TA Natural disasters (Right Answers)
T B. DDosattack
TC. Hacking
TD. Malicious programs
Answ
110. Which of the following statementabout the L2TP VPN ofClient-initialized is wrong?
TA After the remote user accessto internet, can initiate L2TP tunneling request to the remote LNS directly through
theclient software
TB. LNSdevice receives user L2TPconnection request, can verify based on user name and password.
T C.LNSassign a private IP addressfor remote users
TD. remote users do not need to install VPN client software (Right Answers)
Answer: D
111. Which ofthe following options does notinclude the respondentsin the questicnnaire for safety assessment?
TA. Network System Administrator
TB. Security administrator
C.HR (Right Answers)
D. Technical leader
Answer: C
112. The wuinerability that has not beendiscovered is the 0 day vulnerability.
TA True
Answer: B
> 113. Regarding the problem that the two-way binding user of the cuthenticationree methed cannot access the network
resources, which of the following options are possible reasons? (Multiple choice)
A. The authenticationfee user and the authenticated user are in the same security zone.
TB. The authenticationfee user does rot use the PC with the specified IP/MAC address. (Right Answers)
1 C. The authentication action in the athentication policy is set to “No credit / free authentication”
TF D. Online users have reached a large value (Ri Ht Answers)
Answer: BD
114. ASPF (Application Specific PacketFilter)is a kind of packet filtering based onthe application layer,it checks
the applicat on layer protocol information and monitor the connection state ofthe application layer protocol. ASPF by
Server Map table achieves a special security mechanism.
Which statement about ASPF and Server maptable are correct? (Multiple choice)
TA ASPF monitors the packets in the process of communication (Right Answers)
TB. ASPF dynamically create and delete filtering rules (Right Answers)
TC. ASPF through server maptable realize dynamic to allow multi-channel protocol data to pass (Right
Answers)
TD. quintuple server-map entries achieve a similar functionality with session table
Answer: ABC
115. What are the advantages of addresstranslation techniques included? (Multiple choice)
T A address conversion can make intemal network users (private IP address) easy access to theIntemet (Right
Answers)
TB. many host address conversion can makethe internal LAN to share an IP address onthe Intemet (Right
Answers)
T C. address conversion that can handle the IP header of encryption
1 D. address conversion can blockintemal network users, improve the safety ofinternal network (Right
Answers)
Answer: ABD
116. Which ofthe following statement aboutthe NAT is wrong?
TA.NATtechnology caneffectively hide the hosts of the LAN,it is an effective network security protection
technology
1 B. Address Translation can follow the needs of users, providing FTP, WWW,Telnet and other senices outside
the LAN
T C. Someapplication layer protocols carry IP addressinformationin the data, but also modify the IP address
information in the data of the upper layer when they are as NAT
T_D. For some non-TCP, UDPprotocols (such as ICMP, PPTP), unable to dothe NATtranslation (Right
Answers)
Answer: D
117. Regarding the relationship and role of VRRP/VGMPI/HRP,whichof thefollowing statements are
correct? (Multiple choice)
TA VRRPis responsible for sending free ARPto directtraffic to the new primary device during active/standby
switchover. (Right Answers)
TB. VGMPis responsible for monitoring equipment failures and controlling fast switching of equipment. (Right
Answers)
TC. HRPis responsible for data backup during hot standby operation. (Right Answers)
TD. VGMPgroupin the active state may include the VRRPgroupin the standby state.
Answer: ABC
"118. Firewall update signature database and Virus databaseonline through security service center, requires the firewall
can connectto the Internet first, and then need to configure the correct DNSaddresses.
A TRUE(Right Answers)
© B FALSE
Answer: T
119. Which of thefollowing option does not belong to symmatric encryption algorithm?
T ADEs
6 3DES
T CAES
T 0_RSA (Right Answers)
Answer: D.
120. Through displayike sa to see the result as follows,which statements are correct? (Multiple choice)
current ike sa number: 1
connection-id peer vpn flag phase doi
Oxifi 2.2.2.1 0 RDIST vi:1 IPSEC 0x60436de4
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
‘A. The first stageike sa has been successfully established (Right Answers)
qa41474
B. The secondstage ipsec sa has been successfully established

C. ikeis using version v1 (Right Answers)
D. ikeis using version v2
121. Regarding the comparison between windows and Linux, which ofthe following statements is wrong?
TA. Getting started with Linux is more difficult and requires some learning and guidance.
TB. Windows can be compatible with most software, playing most games
T C.Linuxis open source code, you can do what you want.
TD. windowsis open source, you can do what you want. (Right Answers)
Answer: D
122. Which ofthe following are core elements of the IATF (Information Assurance Technology Framework) model?
(Multiple choice)
TA. Environment b
F B person (Ri it Answers)
TC. Technology (Right Answers)
TF D. Operation (Right Answers)
Answer: BCD.
123. Which ofthe following are multi-user operating systems? (Multiple choice)
T AMsDos
T B.UNKX (Right Answers)
TF C_LINUX (Right Answers)
D.Windows (Right Answers)
Answer: BCD.
124. Electronic evidence preservation is directly related to the legaleffect of evidence,in line with the preservation of
legal procedures,and its authenticity and reliability are guaranteed. Which ofthe following is not an evidence
preservation technology?
A Encryption technology
1 8 Digital certificate technology
FC. Digital signature technology
TD. Messagetag tracking technology (Right Answers)
Answers D
125. Whenthe following condtions occur in the VGMP grou the VGMPmessagewill not be sentto the peer end
actively?
1A. Dual hot backup functian enabled
B. Manually switch the active and standby status of the firewall
T C. Firewall service interfacefailure
T D. Session table entry changes (Right Answers)
Answer: D
126. Which ofthe following options can be used in the advanced settings of Windows Firewall? (Multiple choice)
TA Restore defaults (Right Answers)
1 8. Change notincation rules (Kight Answers >
TC. Set connection security rules (Right Answers)
FD. Set out inbound rules (Right Answers)
Answer: ABCD.
127. Thefollowing security policy command, representatives ofthe meaning:
tule name rule1

source-zone trust
destination-zone untrust
source-address 10.1.0.0 0.0.255.255
service icmp
action deny
#
TA banned ftom trust region access to untrust region and the destination address is 10.1.10.10 host ICMP
message
T B. banned from trust ragion access to untrust region and the destination address is 10.1.0.0/16 segment all hosts
ICMP message
TC. banned from tust region access to untust region and the source address is 10.1.0.0/16 segmental the hosts
ICMP message (Right Answers)
TD. banned from trust ragion access to untrust region and the source addresis 10.2.10.10 host to all:he hosts
ICMP message
‘Answer:
128. In information security prevention, commonly used security productsare firewalls, Anti-DDos devices and IPS/DS.
devices
TB. False
129. Ifthe administrator usesthe default authentication domain to authenticate a user, you only need to enter a user
namewhenthe userlogs, if administrators use the newly created authentication domain to autenticate the user,the
user will need to enterlogin "Lsername @ Certified domain name”
I B.False
Answer: A
130. Digitalcertificate technology solves the problem that public key owners cannot determinein digital signature
technology.
T B.False
Answer: A
131. Intrusion prevention system technical characteristics include (Multiple choice)
TA online mode (Right Answers).
T B realtime blocking (Right Answers)
T C. selfleaming and adaptive (Right Answers)
TD. straigntroad deployment
Answer: ABC
132. Which ofthefollowing is true aboutfirewall security policies?
TA. Bydefault,the security policy can control unicast packets and broadcast packets.
1 8. Bydefault,the security policy can control multicast.
TC. By default, the security policy only controls unicastpackets. (Right Answers)
T D. By default,the security policy can control unicast packets, broadcast packets, and multicast packets.
Answer: C
133. Which ofthefollowing formation will be encrypted during the use of digital envelopes? (Multiple choice)
TA Symmetric key (Right Answers)
TB. User data (Right Answers)
TF ©. Receiver public key
T D. Receiver private key
Answer: AB
134. Which of the following arein the certification area of 8027001? (Multiple choce)
TA Access control (Right Answers)
T B. Personnel safety (Right Answers)
T C. Vulnerability management (Right Answers)
T D. Business continuity management (Right Answers)
Answer: ABCD
135. Which ofthe following is true aboutthe descriptionof the firewall?
TA. The frewall cannot transparently access the network.
TB. Adding a firewall to the networkwill inevitably change the topology of the network.
TC. In order to avoid single point of failure, the firewall only supports side-by-side deployment.
T D. Depending on the usage scenario, the firewall can be depoyed in transparent modeor deployed in a three
bedroom mode. (Right Answers)
Answer: D
3 136. On Huawei USGseries devices, the administrator wants to erase the configuration file. Which ofthe following
‘commands is correct?
TA. clear saved-configuration
TB reset saved-configuration (Right Answers)
T C. reset current-configuration
TD. reset running-configuration
Answer: B
137. Ageinst Buffer overfiow attacks, which description is correct? (Multiple choice)
TA Buffer overfiow attack is use of the software system on memory operating dafects. by using high operating
permission to run attack code (Right Answers)
I B. Buffer overflow attack has nothing todowith operating system's vulnerabilitiss and architecture
I C. buffer overflow attack is the most common method of attack software system's behaviors (Right Answers )
TD. buffer overflow attack belongs to the application layer attack behavior (Right Answers)
Answer: ACD
138. Security technology has different approachesatdifferent technical levels and areas. Which of thefollowing devices
can be usedfor network layer security protection? (Multiple choice)
TA. Vulnerability scanning device
T B. Firewall (Right Answers)
TC. Anti-DDoS equipment (Right Answers)
T D.IPSADSequipment (Right Answers)
Answer: BCD
us
139. IPSEC VPNtechnology does not suppot NATtraversal when encapsulated in ESP security protocol because ESP
encrypts the packet header.
TA Tue
Answer: B
140. Which of thefollowing are part of the SSL VPN function? (Multiple choice)
1 A Userauthentization (Right Answers)
TB. Port scanning
C. File sharing (Right Answers)
TD. WEBrewriting
Answer: AC
141. In thedigital signature process, which ofthe following is the HASH algorithm to verify the integrity of the data
transmission?
TA Userdeta (Right Answers)
TB. Symmetric key
TF C. Receiver public key
TD. Receiver private key
Answer: A
142. Which ofthefollowing trafic matches the authenticaticn policytriggers authentication?
TA Access device ordevice initiated traffic
1 B. DHCP,BGP, CSPF and LOPpackets
TC. Traffic of visitors accessing HTTP services (Right Answers)
T D. The first ONSpacket corresponding to the HTTP senice data flow
Answer: C
143. The GE1/0/1 and GE1/0/2 ports ofthe firewall belongto the DMZ. ifthe area connected to GE1/0/1 can access the
area connected to GE1/0/2, which ofthefollowing is correct?
TA. Need to configure local to DMZ security policy
TB. Noneed to do any configuration (Right Answers)
T C. Need to configure an interzone security policy
T D. Need to configure DMZ to local security policy
Answer: B
1444. Using’a computer to store information aboutcriminal activity is not a computer crime.
TA True
TB. False (Right Answers)
Answer: B
145. Which ofthe following descriptions is wrong about IKE SA?
ALIKE SA is two-way
TB. IKE is a UDP-based application layer protocol
7 C.IKESA for IPSec SA senvices
TD. The oncryption algorithm used by usor data packets is dotormined by IKE SA. (Right Anewors)
Answer: D
146. Which of thefollowing statementsis wrong about VPN?
TA Virtual private networkis cheaper thandedicated line
TB. VPN technology necessarily involves encryption technoogy (Right Answers)
T C. VPNtechnology is a technology that multiplexes logical channels on actual physical linzs.
I D. The generation of VPN technology enables employees on businesstrips to remotely access intemal corporate
servers.
Answer: B
147. Which ofthe following are the standard port numbersfor the FTP protocol? (Multiple choice)
TF A.20 (Right Answers)
T B21 (Right Answers)
r c23
Tr 0.80
Answer: AB
148. Information security level protection is to, improve the overall national security level,while rationally optimizing the
distribution of security resources,sothat it can return the greatest security. and economic benefits
PB False
Answer: A
149. For the occurrenceof network security incidents, the remote emergency response is generally adopted fist. Ifthe:
problem cannotbe solved forthe customer through remote access, after the customer confirms,itis transferred to the
local emergency response piocess.
P 8. False
Answer: A
150. Which of the following is not included in the Corporate Impact Analysis (BIA)?
TA. Businesspriority
TB. Accident handing priority
FC. Impact assessment (Right Answers)
TD. Risk identification
Answer: C
151. NAPTtechnology can implement a public network IP address for multiple private network hosts.
1 B.False
Answer: A
152. After the firewall usesthe hrp standby config enable command to enable the standby device configuration function,
all the information that can be backed up can be directly configured on the standby device, and the cortiguration on the
standby device can be synchronized to the active device
T B.False
Answer: A
153. W hich of thefollowing are the characteristics of a symmetric encryption algorithm? (Multiple choice)
TA Fast encryption (Right Answers)
TB. Confidential speed is slow
TC. Key distribution is not secure (Right Answers)
TD. Keydistribution security is high
Answer: AC
154. Which of thefollowing are the hazards of traffic attacks?(Multiple choice)
TA network paralysis (Right Answers)
TB. Server downtime (Right Answers)
I ©. Datais stolen
I D. The pagehas been tampered with
Answer: AB
155. Intrusion Prevention System (IPS) is a defense system that can blockin real time when an intrusion is discovered.
Answer: A
186. Regarding the HRP master and backup configuration corsistency check content,which ofthe following is not
included?
ANATpolicy
1 B.Is the heartbeatinterface configured with the same seral number?
T C. Next hop and outbound interface of static route (Right Answers }
PF D. Authentication Policy
Answer: C
167. Which ofthe following statement about the NAT configuration is wrong?
TA. Configure source NATin transparent mode, the firewall does not support easy-ip mode.
TB. TheIP address in the address pool can overlap with the public IP address of the NAT sener.
TC. When there is VoIP sence in the network, you do not need to configure NAT ALG.
TD. The firewall does not support NAPT conversion for ESP and AH packets. (Right Answers)
Answer: D
158. Which ofthefollowing descriptions about the action and security profile of the security policy are correct?
(Multiple choice)
TA Iftheaction of the security policy is “prohibited”, the devicewill discard this traffic, and then nocontent
security check will be performed. (Right Answers)
1 B. Thesecurity profile may not be applied to the security policy that the action is allowed and take effect.
1 C. Thesecurity profile must be applied to the security policythat is allowed to takeeffect. (Right Answers)
TD. Ifthe security policy action is “Allow”, the traffic will not match the security profile.
Answer: AC
159. Which othe following does the encryption technology support for data during data transmission? (Multiple choice),
TA Confidentiality (Right Answers)
TB. Controllability
TC Integrity (Right Answers)
TD. Sourceverification (Right Answers)
Answer: ACD
160. After the networkattack event occurs,set the isolation area, summary data, and estimated loss accordng to the
plan. Which stage doesthe above actions belong to the work contents ofin the network security emergency response?
TA. Preparation stage
TB. Detection phase
TC. Inhibition phase (Right Answers)
T D. Recovery phase
Answer: C
161. IPSec VPN uses an asymmetric encryption clgorithmto encrypt the transmitted data.
TA Tue
Answer: B
162. Digital certificates are fair to public keys throughthird-party agencies,thereby ensuring the non-repudiation of data
transmission. Therefore, to confirm the correctness ofthe public key,only the certificate of the communicating party is,
needed
TA Tne
Answer: B
163. Dgital signatures are used to generate digital fingerprints by using a hashing algorithm to ensure the integrity of
data transmission
TA Tae (Right Answers)
T B False
Answer: A.
164. Which of thefollowing descriptionsof the firewall Fagmentcache function are correct? (Multiple choice)
7 A Bydefault,the firewall caches fragmented packets. (Right Answers}
TB. Afterthe fragmented packetis directly forwarded,the firewall forwardsthe fragment according to theinterzone
security policy ifit is not the fragmented packetof thefrst packet.
TC. For fragmented packets, NAT ALG does not support the processing of SIPfragmented packets. (Right
Answers)
I D. By default, tne number oflarge fragmentcachesof an IPV4 packetis 32, and the numberof large
fragmentation buffers of an IPV6 packetis 255. (Right Answers)
Answer: ACD
165. The SIP protocol establishes a session using an SDP message, and the SDP. message contains a remote address
or a multicast address.
T B.False
Answer: A
166. Which ofthe following attacksis not a cyber-attack?
T AIP spoofing attack
TB. Smurf attack
T C.MACaddress spocfing attack (Right Answers)
D.ICMP attack
Answers C
167. Wrich ofthefollowing are the versions of the SNMPprotocol? (Multiple choice)
A.SNMP\1 (Right Answers)
TB. SNMPv2b
C.SNMP\2c (Right Answers)
TD. SNMPy3 (Right Answers)
Answer: ACD.
168. Aboutthe description about the preemption function of VGMP management, which of thefollowing statements is.
wrong?
1 A. By default,the preemption function of the VGMP management group is enabled
1 8. Bydefault,the preemption delay of the VGMP management groupis 40s. (Right Answers)
T C. Preemption meansthat when thefaulty primary device recovers,its priority will be restored. Atthis time,it can
regain its own state.
I D. After the VRRPbackup group is added to the VGMP management group, the original preemption function on
the VRRP backup groupisinvalid.
Answer: B
19. In the IPSec VPN transmission mode, which part of the data packet is encrypted?
TA. Network layer and upper layer data packet
TB. Onginal IP packet header
C. New IP packet header
TD. Transport layer and upperlayer data packet (Right Answers)
Answer: D
170. Which ofthe following descriptions abcut windows logs is wrong?
T .A-The system log is used to record the events generated by the operating system components,includirg the
‘erash of the driver, system components and application software, and data
TB. windows server 2008 system logs stored in the Application.evix (Right Answers)
TC. The application log contains events logged by the application or system program, mainly recording events in
the running ofthe program.
T D. windows server 2008 security log is stored in security.evtx
Answer: B
171. AgannstIP Spoofing, which ofthe following description is wrong?
TA. IP spoofing is to use the hosts’ normal trustrelationship based on the IP address to launchit
TB. After IP spoofing attack is successful, the attacker can use forged any IP addressto imitate legitimate host to
access to critical information (Right Answers)
T C. Anattacker would need to disguise the source IP adcresses as trusted hosts, and send the data segment
with the SYN flag requestfor connection
I D. Tre hosts based on IP address's trustrelationship can login directly without entering password verification
Answer: B
172. In the USGseries firewall, waich of the following commands can be used to query the NAT translation result?
TA. display nat transtation
TB. display firewall session table (Right Answers)
FC. display current nat
TD. display firewall nattranslation
Answer: B
173. The preservationof electronic evidenceis directly related tothelegaleffect of evidence, anditis in conformity
with the preservation of legal procedures, and its authenticity and reliability are guaranteed. Whichof thefollowing is
notan evidence preservation technique?
A Encryption technology
TB. Digital certificate technology
TC. Digital signature technology
T D. Packet tag tracking technology (Right Answers)
Answer: D
174. Which ofthe following are the status information that can be backed up by the HRP (Huawei Redundancy Protocol)
protocol? (Multiple choice)
TA Session table (Right Answers)
TB. SererMap entry (I ht Answers)
T C. Dynamic blacklist (Right Answers)
TF D. Routing table
Answer: ABC
175. AAs showinin the figure, a TCP connection is establishedbetween client A and server B. Which ofthefollowing
two “2” packet numbers should be?
'
'
ee
'
'
1
'
1
'
1
'' FS
'
' Server
'
'
'
'
'
'
t
'
TP Aatta
Pr Baatt
PC. bet:b
PD. att: att (Right Answers)
Answer: D
176. Digital certificates can be divided into local certificates, CA certificates, rootcertificates and self-signed certificates
according to diferent usage scenarios.
PB. False
Answer: A
|r. which ofthe folowing is the encryptiontechnology used digital envelopes?
TA. Symmetric encryption algorithm
1B. Asymmetric encryption algorithm (Right Answers)
FC. Hash algorithm
TD. Stream encryption algorithm
Answer: B
178. Whicaofthe following are remote authentication methods? (Multiple choice),
TA RADIUS (Right Answers)
FB. Local
C.HWTACACS(Right Answers)
F DLP
Answer: AC
173. Whict ofthefollowing stalemerits aboul IPSec SA is tue?
TA IPSec SA is one-way (Right Answers)
TB. IPSec SA is two-way
I C. used to generate a1 encryption key
TD. Used to generate a secretalgorithm
Answer: A
180. Which ofthe following does notinclude the steps ofthe safety assessment method?
TA. Manual audit
TB. Penetration test
F C. Questionnaire survey
T D. Data analysis (Right Answers)
Answer: D
181. Which ofthe following guarantees “should detect and protect spam atcritical network nodes and maintain upgrades
and updates of the spam protection mechanism”in security 2.0?
TA Malicious code prevention (Right Answers)
8. Communication transmission
TF ©. Centralized control
TD. Border protection
Answer: A
182. Which ofthe followingis notin the quintuple range?
TA Source IP
T B. Source MAC (Right Answers)
1 C. Destination IP
TD. Destination port
Answer: B
183. In statefulinspectionfrewall, when opening state detection mechanism, three-way handshake's second packet
(SYN + ACK)arrives the firewall. If thereis still no corresponding sessiontable on the firewall, then which of the
following statementis correct?
1 A Ifthefirewall security policy allows packets through,then the packets can pass thrcugh the firewall
1 8. Ifthefirewall security policy allows packets through,then creating the session table
1 C. packets must not pass through thefirewall (Right Answers }
1 D. packets must pass through the firewall, and establishes a session table
Answer: C
184. In the VRRP(Virtual Router Redundarcy Protocol) group,the primary firewall periodically sends advertisement
packets to the backupfirewall. The backupfirewall is only responsible for monitoring advertisement packets and will not
respond.
PB. False
Answer: A.
185. The VRRPadvertisement packet of the Huawei USG firewall is a multicast packet. Therefore, each firewallin the
backup group must beable to implementdirect -ayer 2 interworking.
T B. False
Answer: A
186. Because theserver is a kind of computer, we can use our pc in the enterprise as our server.
TA True
Answer: B
187. As shown in the figure, a NAT server application scenario is configured when the web configuration mode is
used,
\T Server ;
jobals 20.10.10.
omz {insides 10.1.1.2 | Untrust
P Server Iser.
10.2.1.2/24 200.10.10.0
Which ofthe followingstatements are correct? (Multiple choice)

TA. When configuring an interzone securty policy, set the source security zone to Untrust and the target security
zone to DMZ. (Right Answers)
TB. When configuring NAT Sener, theintemal address is 10.1.1.2 and the extemal address is 200.10.10.1
(Right Answers)
T C.When configuring aninterzone security policy, set the source security zone to DMZ and the target security
zone to Untrust.
TD. When configuring NAT Server, theintemal address is 200.10.10.1 and the extemal address is 0.1.1.2
Answer: AB
188. In L2TP configuration for command Tunnel Name,which statements are correct? (Multiple choice)
TA used to specify the nameofthe end of the tunnel (Right Answers )
TB. used to specify the name ofthe peer tunnel
T C. mustbe consistent with Tunnel Name peer configuration
TP fd not configure the Tunnel Name, the tunnel nameis the name of the lncal system (Right Answers)
Answer: AD
189. Which ofthe following types of attacks does the DDos attack belong to?
TA snooping scanning attack
TB. Malformed packetattack
TC. Special packetattack
I D Traffic attack (Right Answers)
Answer: D
190. In the USG system firewall, the function can be used to provide well-known application servicesfor non=
known ports
TA. Port mapping (Right Answers)
T B.MACandIP address binding
TC. Packetfitering
T D.Long connection
Answer: A
191. Which of the following is correct for the command to view the numberof security policy matches?
TA display firewall sesstion table
TB. display security-policyall (Right Answers)
T C. display security-poticy count
T D. count security-policy hit
Answer: B
192. Which ofthe following belongs to Layer 2 VPNtechnology?
T_A-SSLVPN
1” B.L2TP VEN (Right Answers)
TC. GRE VPN
TD. IPSec VPN
Answer: B
193. About the descriptions of windows Firewall Advanced Settings, whichof the following is wrong? (Multiple choice)
TA. When setting the stacking rule,only the local port can berestricted, and the remote port cannot be restricted.
TB. When setting the stacking rule, both the local port and the remote port can be resticted. (Right Answers)
TC. When setting the pop-up rule, only the local port can berestricted, and the remote port cannotberestricted.
TD. When setting the pop-up rule, both local ports and remote ports can be restricted. (Right Answers)
Answer: BD
194. Which ofthe following description about the group managementfor VGMPis wrong?
TA Master/slave status change of VRRPbackup group needsto notify its VGMP management group
TB. The interface type and number of two firewalls heartbeat port may be different, as long as they can
communicate with each other (Right Answers)
TC. Periodically sends Hello packets between VGMPof master/slave firewall
TD. master/slave devices exchange packets to understand each other through the heartbeatline, and backup the
related commands and status information
195. In the security assessment method, the purposeof the security scanis to scan the target system with a scan
analysis evaluation tool to dscover related vulnerabilities and prepare for the attack.
TA True
PB False (Right Answers)
Answer: B
186. Whichofthe following attacks is not a maformedpacketattack?
TA Teardop attack
TB. Smurf attack
TC. TCPfragmentation attack
T D.ICMPunreachable packet attack (Right Answers)
Answer: D
187. wide the following descriptions about IKE SA is wrong?
ALIKE SA is two-way
TB. IKEis a UDP- based application layer protocol
1 C. IKE SA servers for IPSec SA
I D. The encryption algorithm used by user data packets is determined by IKE SA (Right Answers}
Answer: D
198. In the construction ofinformation security'system, the security modelis needed to accurately describe the
relationship between important aspects of security and system behavior.
TA Tue
Answer: B
199. Security policy conditions can bedivided into multiple fields, such as source address,destination address, source
port, destination port, etc. Thesefields are “and’, that is, only information in the packet matchall fields, and then bit this
policy.
T A Tne
Answer: B
200. The matching principle of the security policy is: firstly, find the inter-domain securitypolicy configured manually,
and ifthere is no match,the data packetis directly discarded.
TA True (Right Answers}
TB. False
Answer: A
201. Which ofthe fellowing are the response actionsafter the gateway antivirus detects the mail virus? (Multiple choice)
TA Alarm (Right Answers)
T B. Blocking (Right Answers)
T C. Announcement (Right Answers)
T D. Delete attachments (Right Answers)
Answer: ABCD
202. Digital signature is to achieve the integrity of data transmission by using a hash algorithm to generate digital
fingerprints
TB. Fase
203. Which of thefollowing statementis wrong about NAT?
TA Configure a NAT address poolin the source NAT technology. You can configure only one IP addressin the
addresspool
I B. Address Translation can follow the needs of users, providing FTP, WWW,Telnetandotherservices outside
the LAN
T C. Some application layer protocols carry IP address information in the data, but also to modify the data in the
upperlayerof the IP addressinformation when they make NAT
TD. For some non-TCP, UDPprotocols (such as ICMP, PPTP), unable to do NAT. (Right Answers)
Answer: D
204. When'the NAT server is configured on the'USG system firewall, a server-maptable is generatzd. Which of the
following does rot belong to the contentin the performance?
TA. Destinaton IP
T B. Destinaton port number
TC. protocol number
Tn Source 12 (Right Answers >
Answer: D
208. Which ofthe following are malicious programs? (Multiple choice)
TA Trojan horse (Right Answers)
TB. Vulnerabilities
T C.worm (Right Answers)
T D. Virus (Right Answers)
Answer: ACD
206. Which of thefollowing are the main implementations of gateway anti virus? (Mutiple choice)
TA Agent scanning method (Right Answers)
TB. Stream scanning method (Right Answers)
TC. Package inspection method
T D. File killing method
Answer: AB
207. Which ofthefollowing is not a hash algorithm?
T A.MDs
TB. SHAT
T C.SM1 (Right Answers)
T D.SHA2
Answer: C
208. Which of thefollowing description offirewall hot standby is correct? (Multipe choice)
TA. Whermultiple areas ofthe firewall need to provide dual-system backup, you need to configure multiple VRRP
backup grotps on the firewall. (Right Answers)
1 8. The status of all VRRPbackup groups in the same VGMP management group on the same firewall is the
same. (Right Answers)
TC. The hot standby ofthe firewall needs to synchronize the backup between the master device ancthe slave
device by using the session table, MAC table, and routing table
T D. VGWP is to ensure the consistency of all VRRP backupgroupswitching: (Right Answers)
Answer: ABD
209. Which of thefollowing is notthe certificate savefle fermat supported by the USG6000series?
TA PKCS#H2
TP B.DER
Pc. PEM
TD. PKCS# (Right Answers)
Answer: D
os
210. Whichof thefollowing attacks is not a special packetattack?
T_ALICMPredirect packetattack
TB. ICMPunreachable packetattack
TC. IP address scanning attack (Right Answers)
TD. Large ICMP packet attack
Answer: C
211. Security technology has diferent methods at different technical levels and areas. Which ofthe following cevices can
be used for network layer security protection? (Multiple choice)
TA Vulnerability scanning device
TB Firewall (Right Answers)
1 C. Anti-0D0S device (Right Answers)
T D.IPSADS device (Right Answers)
Answer: BCD.
212. Which of thefollowing is used to encrypt digital fingerprints in digital signature technology?
TA. senderpublic key
TB. sender private key (Right Answers)
©. Receiver public key
TD. Receiver private key
Answer: B
213. OSPFis more commonly used than RIP_because OSPFhas device authenticatior and is more secure.
TA Tue
Answer: B
214. The contentof intrusion detection covers. authorzed and unauthorized intrusions. Which ofthefollowing is notin the
scope ofintrusion detection?
TA. Pretending to be another user
TB. Administrator mistakenly delete configuration (Right Answers)
TC. Planting worms and Trojans
I D. Leaking datainformation
Answe
215. Forthe description of ARP spoofingattacks, whichthefollowing statements is wrong?
TA The ARP implementation mechanism only considers the normal interaction of the service and does notverity
any abnormal business interactions or malicious behaviors.
TB. ARPspoofing attacks can only be implemented through ARPreplies and cannot be implemented through ARP
requests. (Right Answers)
TC. When a host sends a normal ARPrequest, the attacker will respond preemptively, causing the host to
establish an incorrect IP and MAC mappingrelationship.
T_D. ARP static binding is a solution to ARP. spoofing attacks. It is mainly applied to scenarios wherethe network:
sizeis small
Answer: B
216. Which ofthefollowing mechanisms are used in the MACflooding attack? (Multiple choice)
TA MACleaming mechanism of the switch (Right Answers)
TB forwarding mechanism ofthe switch (Right Answers)
TG. ARPleaming mechanism (Right Answers)
TD. Number of MACentries is limited (Right Answers)
Answer: ABCD
217. Afterthefirewall uses the hrp standby config enable command to enable the standby device configuration function,
all the informationthat can be backed up can be directly configured on the standby device, and the configuration on the
standby device can be synchronized to the active device.
T A True (Right Answers)
TB. False
Answer: A
248. In practical applicatiors, asymmetric encryption is mainly used to encrypt user data,
TA True
Answer: B
219, When establishing their own information systems, companies check each operation according to internationally
established authoritative standards and can check whethertheir information systems are safe.
TP 8. False
Answe: A
220. Whichof thefollowing is the port number used by L2TP packets?
Daa
TB. 600
TF .1701 (Right Answers)
F 0.4500
Answer: C
221. Whichof thefollowing is notincluded in the steps ofthe safety assessmentmethod?
TA Manual audit
TB. Penetration test
T C. Questionnaire survey
TD. Data analysis (Right Answers)
Answer: D
222. IPSec VPN usesan asymmetic encryption algorithm to encrypt the transmitted cata,
TA Tre
Answer: B
223. Which of thefollowing is correct aboutfirewall IPSec policy?
TA By default,IPSecpolicy can control unicast packets and broadcast packets.
TB. Bydefault, IPSec policy can control multicast.
T C. By default, IPSec policy only controls unicast packets. (Right Answers)
TD. By default,IPSecpolicy can controlunicast packets, broadcast packets, and multicast packets »
Answer: C
22£. Which of thefollowing information will be encrypted during the useof digital envelopes? (Multiple Choice)
TA Symmetric key (Right Answers)
TB. Userdata (Right Answers)
TF C. Receiver public key
T D. Receiver private key
Answer: AB
225. Which ofthefollowing is an action to be taken during the eradicaticn phase of the cybers2curity emergency
response?(Multiple Choice)
TA. Find sick Trojans, ilagal authorization, system vulnerabilities, and deal with it in time (Right Answers)
I E. Revise the security policy based on the security incidentthat occurred, enable security auditing (Right
Answers}
TC. Block the behavior of the attack, reduce the scopeofinfluence
T 0. Confirm the damage caused by security incidents and report security incidents
Answer: AB
226. Whichofthe following attacks can DHCP Snooping prevent? (Multiple Choice)
TA DHCPServer counterfeiter attack (Right Answers)
TB. Intermediaries and IP/MAC spoofing attacks (Right Answers)
T C.IPspoofing attack (Right Answers)
T D. Counterfeit DHCPlease renewa packet attack using option82 field (Right Answers)
Answer: ABCD
227. Whichof thefollowing belongs to the devices atthe execution layer in the Huawei SDSecsolution? (Multiple
Choice)
Tacs
T 8 Fierhunter (Right Answers)
TC. Router (Right Answers)
TD. AntiDDoS (Right Answers)
Answer: BCD.
228. A company employee accountauthority expires, but can still use the account to access the company server.
‘Whatare the security risks of the above scenarios? (Multiple Choice)
A. Managingsecurity risk (Right Answers)
T Access security risk (Right Answers)
1705, System security risk (Right Answers)
TD. Physical security risk
Answer: ABC
228. Which of the followingis the default backup method for double hot standby?
TA Automate backup (Right Answers)
TB. Manual batch backup
TC. Session fast backup
T D. Configuration of the active and standby FWsafterthe deviceis restarted
Answer: A
230. The network administrator can collect data to be analyzedon the network device by means of packet capture, port
mirroring, orlog, etc.
TA Tre (Right Answers)
TB. False
Answer: A.
351 the words frst worm "Morris worn made people realizethat as people become more dependent on computers,
the possibilty of computer networks being attacked increases,andit is necessary to establish a comprehensive
emergency response system.
TF A True (Right Answers)
7 B.Falec
Answer: A
232. Whichof thefollowing are the necessary configurations of IPSec VPN? (Multiple Choice)
TA Configuring IKE neighbors (Right Answers)
TB. Configure IKE SA related parameters (Right Answers)
T ©. Configuring IPSec SA related parameters (Right Answers)
T D. Configure the stream ofinterest (Right Answers)
Answer: ABCD.
233. Which of thefollowing types are included in Huawei firewall user management? (Multiple Choice)
TA Intemet user management (Right Answers)
TB Access user management (Right Answers)
T C. Administrator User Management (Right Answers)
T D. Device User Management
Answer: ABC
234. In orderto obtain evidence of crime, it is necessary te masterthe technology ofintrusion tracking. Which of the
following descriptions are ccrrect aboutthe tracking technology?(Multiple Choice)
1 A Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into
the tracked IP packets. (Right Answers)
TB Link detection technology determines the source of theattack by testing the network connection between the
routers. (Right Answers)
TC. Packet tagging technology extracts information from attack sources by recording packets on therouter and
then using data driling techniques
TD. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time,
sending frequency. number af recipients, shallow email headers, et2. (Right Answers)
235. When the sessionauthentication mode is used Lo sigger the firewalls buillin Porlal authentication, the user does
notactively perform dentity authentication, advanced service access, and device push “redirect”to the authentication
Page.
T B.False
Answer: A
236. Which ofthe following description is wrong aboutthe intrusion detection system?
TA The intrusion detection system can dynamically collect a large amount of key information and materials,
through the network and computer, and can timely analyze and judge the current state of the entie system
environment.
TB. Theintrusion detection system can perform blocking operation ifit finds that there is a violation of the security
policyor the system has ‘racesof being attacked
T C. Intrusion detection system includes all hardware and software systems for intrusion detection (Right
Answers)
TD. Theflood detectior system can be linked with firewalls and switches to becomea powerfu “helper” of the
firewall, which is better and more precise to control traffic access between domains.
237. Which of thefollowing options belong to the encapsulation mode supported by IPSec VPN? (Multiple Choice)
TA.AH mode
TB Tunnel mode (Right Answers)
TC. Transmission mode (Right Answers)
TD. ESP mode
Answer: BC
238. The tunnel addresses at both ends of the GRE tunnel can be configured as addresses ofdifferent retwork
segments.
P B.False
Answer: A
239. Regarding she description of the packet in'the iptables transmission process, which ofthe following option is wrong?
1A When a packet enters the network card,it first matches the PREROUTING chain.
TB. Ifthe destination address of the packetis local, the packetwill be sent to the INPUT chain
I C. Ifthe destination address of the packet is not local, the system sends the packetto the OUTPUTchain. (Right
Answers)
TD. Ifthe destination address of the packetis not local, the system sends the packetto the FORWARDchain.
Answer: C
240. Whichofthe following description is wrong about the operating system?
1A. Theoperating system is the interface between the user and the computer
TB. Theoperating system is responsible for managing the execution ofall hardware resources and control scftware of
the computer system.
1 C. The nterface between the operating system and the useris a graphicalinterface. (Right Answers)
TD. Theoperating systemitselfis also a software
Answer: C
241. Which of thefollowing is not a requirement for firewall double hot standby?
TA. The firewall hardware modelis consistent
TB. The firewall software versionis consistent
1 C. Thetype and numberofthe interface used are the same.
1 D. Thefirewallinterface has the same IP address. (Right Answers)
242. Whichof thefollowing options are correct about the NATpolicy processing flow? (Multiple Choice)
TA Serer-mapis processed after status detection (Right Answers)
TB. Source NAT policy query is processedafter -he session is created
I C. The source NATpolicy is processed afterthe security policy is matched. (Right Answers)
T D. Server-mapis processed before the security policy matches (Right Answers)
Answer: ACD.
243. Whichof thefollowing options belong to the necessary configuration for the firewall double hot standby scenario?
(Multiple Choice)
TA hp enable (Right Answers)
TB. hip mirror session enable
1 C. hopinterface interface-typeinterface-number (Right Answers)
TD. hip preempt [delay interval]
Answer: AC
244. Manual auditing is a supplementto tool evaluation. tt does not require any software to beinstalled on the target
system being evaluated, and has no effect on the operation and status of thetarget system.
‘Which ofthe following options does not include manual auditing?
I A. Manual detection of the host operating system
I B. Manual inspection of the database
TC. Manual inspection of network equipment.
TD. Manual inspection of the administrator's operation of the equipment process, (Right Answers)
Answer: D
245. Which of the following are the default security zones of Huawei firewall? (Multiple Choice)
TA Zone area
TB Trust area (Right Answers)
TC. Untrust area (Right Answers)
TD. Security area
Answer: BC
246. Whichlevelis the corresponding warning for major network security incidents that occur?
FA. Red waning
TB. Orange warning (Right Answers)
TC. Yellow waming
TD. Blue waming
Answer: B
247. Which ofthe following descriptions is wrong aboutthe source of electronic evidence?
TA. Fax data, mobil phone recording is an electronic evidence related to communication technology.
TB. Movies and TV shows belong to electronic evidencerelated to network technology. (Right Answers)
T C. Database operation records, operating system logs are computer-related electronic evidence
TF D. Operating system, e-mail, chat records can be used as a source of electronic evidence
Answer: B
248. Which ofthefollowing description is correct about the sort ofthe call setup process for L2TP corridors?
1. L2TP tunnel
2. PPPconnection
3. LNSauthenticates users
4, Users access intranet resources
5. Establish an L2TP session
TA te2s3>604
TB. 426-53>2->4 (Right Answers)
TC. 2>126>304
TD. 223215524
249. The Protocol feld in the IP header identifies the: protocol used by the upperlayer.
‘Which ofthe followingfield values indicates that the upperlayer protocol is UDP. protocol?
DAs
8.17 (Right Answers)
ren
ro.
Answer: B
250. According to the managementspecifcations,the network security system and equipment are regularly checked,
the patches are upgraded, and the network security emergency response drill is organized. Whichofthe following
belongsto the MPDRRnetworksecurity modesofthe above actions?
A Protection link
TB Testing link (Right Answers)
TC. Responselink (Right Answers)
TD. Managementlink
Answer: BC
251. Information security level protection is the basic system of nationalinformation security work
TB. False
Answer: A
252. Whichofthe following is not tneidentity of the IPSec SA?
T ASI
TB. Destination address
T ©. Source address (Right Answers)
TD. Securitypolicy
Answe
253. Which ofthefollowing statements are correct aboutthe differences between pre-accident prevention strategies
and post-acciden: recovery strategies? (Multiple Choice)
TA. The prevention strategy focuses on minimizing the likelihood of an accident before “he story occurs. The
recovery strategy focuses on minimizing the impact and loss on the companyafter the accident (Right Answers)
I 8. Therole of pre-disaster prevention strategies does not include minimizing economic, reputational, and other
losses caused by accidents.
T C. Recovery strategyis used to improve business high availability (Right Answers)
T D. Recovery strategy is part of the business continuity plan (Right Answers)
Answer: ACD
52. Which ofthe following operations are necessary during the administrator upgrade of the USG firewall software
version? (Multiple Choice)
TA Upload the firewall version software (Right Answers)
TB. Restart the device (Right Answers)
F C. Device factory reset
T D. Specify the next time you start loading the software version. (I
Answer: ABD
255. ifthe company structure has undergone a'practical change,it is necessary to'retest whether the business
continuity pan is feasible.
TB. False
Answer: A.
256. HTTP packets are carried by UDP, and the HTTPSprotocol is basedon TCP three-way hardshake. Therefore,
HTIPSis relatively secure, and HTTPSis recommended
TA True
Answer: B
257. The single-point login function ofthe online user, the user authenticatesdirectly to the AD server, and the device
does not interfere with the user authentication process. The AD monitoring sence needsto be deployed on the USG
device to monitor the authentication informat on of the AD server.
T A Tne
[7 B. False (Right Answers)
Anowor: B
258. UDPport scanning means that the attacker sends a zero-byte UDP packetto:a specific port of the target ost. If
the potlis open, it will relun an ICMPporl reachable dala packel.
TA Tne
Answer: B
259. Which ofthe followingstatements are correct aboutthe business cortinuity plan? (Multiple Choice)
T A. Business continuityplan does not require high4evel participation of the companyin determining the project.
scape phase
1 B. BCPneeds flexibility because it cannot predict all possible acciderts (Right Answers)
FC. Business continuityplan does notrequire high-level participation ofthe companybefore forming formal
document
TF D. Not all security incidents must be reported to company executives (Right Answers)
Answer: BD
260. Whenthe USGseries firewall hard diskis in place, which ofthe following logs can be viewed? (Multiple Choice)
TA Operation log (Right Answers)
T B. Business log (Right Answers)
T C. Alarm information (Right Answers)
T D. Threat log (Right Answers)
Answer: ABCD.
261. Social engineering is a means of ham such as deception,injury, e:c. through psychological traps such as
psychological weakness,instinctive reaction, curiosity,trust, and greed.
8. False
Answer: A.
262. Apply for emergency responsespecial funds, which stage work content does prccurement emergency response
software and hardware equipmentbelong to in the networkfull emergency response?
TA Preparationstage (Right Answers)
TB Inhibition phase
T C. Response phase
T D. Recovery phase
Answer: A
263. Device destruction attacks are generally roteasyto causeinformation leakage, but usually cause network
‘communication senicesto be interupted.
I B.False
264. Which of thefollowing description is wrong aboutthe Intemet users and VPNaccessuser authentication?
TA The Intemetuser and the VPN accessuser share data, and the users attribute check (user status, account
expiration time,2tc.) also takeseffect on the VPNaccess.
TB. The local authentication or server authentication process is basically the sameforthe Intemet users. The
authentication is performed on the user through the authentication domain.
I C. After the VPN user accessesthe network,it can access the network resources of the enterprise headquarters.
The firewall can control the accessible network resources based on the user name.
I D.After the VPN access user passesthe authenticaticn,it will be online on the useronlinelist. (Right
Answers)
Answer: D
265. Which of thefollowing descriptions aboutthe patch is wrong?
TA. Patchis a small program made by the original author of the software forthe discovered vulnerability.
TB Nopatching does not affect the operation of the system, soitisirrelevant whether to patch or not. (Right
Answers)
T © Patches are generally updated
TD. Computer users should download andinstall new patchesto protecttheir systems in a timely manner
Answer: B
266. Whichof thefollowing description is wrong aboutthe Intrusion Prevention System (IPS)?
1 AIDS devices need to be linked to the firewall to blockthe intrusion.
TB. IPSdevices cannot be bypassed in the network. (Right Answers)
TC. IPSdevices can be cascaded at the network boundary and deployed online
I D. IPSdevices can be blocked in real time once they detectintrusion
Answer: B
267. Which of thefollowing statements are correct about Huawei routers and switches? (Multiple Choice)
1 A The router can implement some security functions, and some routers can implement more security functions
by adding security boards. (Right Answers)
TB. The main function of the routeris to forward data. Sometimes thefirewall may be a more suitable choice when
the enterprise has security requirements. (Right Answers)
I ©. The switch has somesecurity features, and someswitches can implement more security functions by adding
security boards. (Right Answers)
TD. The switch does not have security features
Answer: ABC.
268. Which of thefollowing options does not belong to the log type of the Windows operating system?
TA Business log (Right Answors >
TB. Application log
T ©. Security tog
T D. System log
Answer: A
269, After the ne:work intrusion event occurs, according to the plan to obtain the identity ofthe intrusicn,the attack
source and otherinformation, and block the intrusion behavior, which links of the above actions are involved in the
PORR network sacurity model? (Multiple Choice)
T A. Protection tink
T B.Testing link (Right Answers)
T C. Response link (Right Answers)
T D. Recovery link
Answer BC
270. Whichof thefollowing is wrong aboutthe scanning of vulnerabilities?
TA The wuinerability was discovered beforehand and discovered afterwards.
TB. Vulnerabilities are generally repairable
T C. Vulnerabilities are security risks that can expose computers to hackers
T D. Vulnerabilities can be avoided (Right Answers)
Answer: D
271. Whenttheuser single sign-on is configured, the receiving PC message modeis adopted. The authentication
processhasthe following steps: 1 The visitor PC executes the login script and sends the userlogin information to the
‘AD monitor. 2 Thefirewall extracts the correspondence between the user and the IP from thelogin infermation. Add to
the online user table 3 AD monitor connects to the ADserver to query thelogin userinformation, and forwards the
queried userinformation to thefirewall. 4 Thevisitor logsin to the AD domain. The AD server returnsthe login
success messageto the user and delivers the login script. which of thefollowing orderis correct?
Pa 4734
P B.4132 (Ri ht Answers)
Pic.32414
P1432
272. The administrator wants to create a web configuration administrator, and set the Https device managementport
er to 20000, and set the administratorto the administratorlevel. which of thefollowing commandsare correct?
TA, Stept: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user
client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa-manager-user-client00'] level 15 [USG-aaa-
manager-user-client001] password cipher Admin@123. (Right Answers)
TB. Stept: web-manager enable port 20000 Step2: AAA View [USG]aaa [USGaaa] manager-userclient001
[USG-aaa-manager-user-client001] serice-type web [USG-aaa-manager-user-client001] password cipher Admin@123
T C. Stept: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user
client001 [USG-aaa-manager-user-client001] service-type web [USG-aaa manager-user-client001] password cipher
TD. Stept: web-manager security enable port 20000 Step2: AAA View [USG] aaa [USG aaa] manager-user
client001 [USG-aaa-manager-user-client001] servicetype web [USG-aaa-manager-user-client001] level 1 [USG-aaa-
manager-user-client001] password cipher Admin@123
Answer: A
273. Whichof thefollowing description are correct about the security policy action and security configuration file?
(Multiple Choice)
TA Ifthe action of the security policy is “prohibited”, the device will discard this trafic and will not perform content
security check later. (Right Answers}
1 8. Thesecurity configuration file can be applied without being applied to the security policy allowed by theaction.
I ©. The security configuration fle must be applied to the security policytat is allowedto take effect. (Right
Answers)
T Di lfthe security policy action is “Allow”, the traffic will not match the security configuration file
Answer: AC
274. Which of thefollowing are the same features of Windows and LINUX systems? (Multiple Choice)
TA Support multitasking (Right Answers)
TB. Support graphicalinterface operations (Right Answers)
F C. Open source sysiem
TD. Support multiple terminal platforms (Right Answers)
Answer: ABD
&
275. Duringthe configuration of NAT, which ofthefollowing will the device gznerate-a Server-map entry? (Multiple
Choice)?
TA Automatically generate server-map entries when configuring source NAT.
1 B After the NAT serveris configured successfully, the device automatically generates a server map entry. (Right
Answers)
C. A sewver-map entry is generated when easy-ip is configured.
T D. After configuring NAT No-PAT, the device will create a server-map table for the configured multi-channel
protocol data stream. (Right Answers)
Answer: BD
276. NAT technology can securely transmit data by encrypting data.
TA True
Answer: B
277. Which ofthefollowing is the correct orderfor event response management?
1 detection
2report
3 relief
4 summarizing experience
5 repair
6 recovery
7 response
P At327564
TB.1327654
P c.1237654
PV D.173:2654 (Right Answers)
278. Which o' thefollowing statementis wong about L2TP VPN?
TA Applicable to business employeesdialing accessto the intranet
TD. Will not encrypt the data
TC. Can be used in conjunction with IPsec VPN
1 D. Belongs to Layer 3 VPN technology (Right Answers)
Answer: D
279. Encryption technology can transform readable information into unreadable information in a certain way.
TB. False
Answer: A
280. ASPF (Application Specific Packet Filter)is a packet filtering technology based on the appication layer, and
implements a special security mechanism through the server-map table.
Whichof thefollowing statements about the ASPF and server-map tables are correct? (Multiple Choice)
T A ASPFmonitors messages during communication (Right Answers)
TB. ASPF can dynamically create a server-map (Right Answers)
T C.ASPFdynamically allows multi-channel protocol data to pass through the server-map table. (Right
Answers)
TD. The quintuple server-map entry implements a similar function to the session table.
Answer: ABC
281. Antivirus software and hest firewall have the same effect.
TA True
Answer: B
282. The processofelectronic forensicsincludes: protecting thesite, obtaining evidence,preserving evidence,identifying
evidence, analyzing evidence,tracking and presenting evidence
I B.False
Answer: A
283. Execute the command on the firewall and display the following information. whichof the following description is
correct? (Multiple Choice)
HRP_A [USG_A] display vpinterfaceGigabitEthernet 0/0/1
4 Sigabitethemet0/0/1 | Virtual Router 4
VRRPGroup: Active
state: Active
Virtual IP: 202.38.10.1
Virtual MAC: 0600-5e00-0101
Primary IP: 202.38.10.2
PriorityRun: 100
PriorityConfig: 100
MasterPriority: 100
Preempt: YES Delay Time: 10
A The status of this firewall VGMP group is Active. (Right Answers)
17 6. This firewall G1 / 0/1 viral interface IP address 202.30.10.2
TC. This firewall VRID is 1 the VRRPpriority to backup group 100 (Right Answers)
TD. Will not switch when the primary devicefails
284. In the USGseries firewall system view, the device configuretion will be restored to the defauit configuration after the
reset saved-configuration command is executed. No other operations are required
TA The
Answer: B
286. Whatis the difference between network address port translation (NAT) and conversior-only network address (No-
PAT)? (Multiple Choice)
TA After NATP conversion, for extemal network users, all messagesare from the same IP address or several IP
addresses. (Right Answers)
TB. No-PAT only supporssprotocol addresstranslation at the application layer.
7 C.NAPTonly supports protocol address translation at the network layer.
TD. No-PATsupports pratocol address translation at the network layer (Right Answers)
Answer: AD
286. Whichof thefollowing descriptions are correct about the buffer overflow attack? (Multiple Choice)
TA Buffer overflow attackis the use of software system for memory operation defects, running attack code with high
operation authority (Right Answers)
1 8. Buffer overfiow attacks are notrelated to operating system vulnerabilities and architectures
TC. Buffer overfiow attacks are the most common method ofattacking software systems. (Right Answers)
1 D. Buffer overfiow attack belongs to application layerattackbehavior (Right Answers)
Answer: ACD.
287. Which ofthefollewing is not the scope of business of the National Intemnet Emergency Center?
1A. Emergency handling of security incidents
TB. Early waming notification of security incidents
C. Providing security evaluation services for goverment departments, enterprises and institutions
T D. Cooperate with ather agencies ta provide trainirg services (Right Answers)
Answer: D
288. The host frewall is mainly used to protect the host from attacks and intrusions from the network.
1 \A.True (Right Answers)
TB. False
Answer: A
289. Whichofthefollowing are international organizationsrelated to information security standardization? (Multiple
Choice)
1A. Intemational Organization for Standardization ((SO) (Right Answers)
1 B Intemational Electrotechnical Commission (IEC) (Right Answers)
TC. Intemational Telecommunication Unon (ITU) (Right Answers)
D. WiFi Alliance
Answer: ABC.
290. In orderto obtain evidenceof crime, it is necessary to masterthe technology ofintrusion tracking. Which of the
following descriptions are correct aboutthe tracking technology? (Multiple Choice)
T A Packet Recording Technology marks packets on each passing router by inserting trace data into the tracked
IP packets (Right Answers)
TB Linktest technology determines the source of the attack by testing the network link betweenthe routers
(Right Answers)
1 C. Packet tagging technology extracts information from attack sources by recording packets on the router and
then using datadrilling techniques
TD. Shallow mail behavior analysis can analyze the information such as sending IP address, sending time,
sending ‘tequency, number of recipients, shallow email headers and so on. (Right Answers)
291. Digital signature technology obtainsa digital signature by encrypting which of the following data?
TA Userdata
TB. Receiver public key
TC. sender public key
TD. Digital fingerprint (Right Answers)
Answer: D
292. On the USGseries firewalls,the de’ault security policy does not support modification
TA True
Answer: B
293. In the classification ofthe information security level protection system, which ofthe following levels defines the
damageto the social order and the public interestifthe information system is destroyed?(multiple choice)
TA First level User-independentprotection level (Right Answers}
TB. Secondlevel Systemaudit protection level (Right Answers)
TC. Third level Security mark protection ( ht Answers)
T D. Fourth level Structured protection (Right Answers)
Answer: ABCD.
294. Which of thefollowing is the analysis layer devicein the Huawei SDSecsolution?
Tacs
TB. Agile Controller
FC. switch
TD. Firehunter (Right Answers)
Answer: D
295. Which ofthe following options are correct aboutthe control actions permit and deny ofthe firewall interzone.
forwarding security policy? (Multiple Choice)
TA The action ofthe firewall default security policy is deny (Right Answers)
TB. The packetis matched immediately after the inter-domain security policy deny action, and the other interzone
security policy will not be executed. (Right Answers)
T C. Evenifthe packet matchesthepermit action of the security policy. it will not necessarily be forwarded by the
firewall. (Right Answers)
I D. Whether the message matches the permit action of the security policy or the denyaction, the message will be
processed by the UTM module
Answer: ABC

HCIA SECURITY Searchable PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIA SECURITY Searchable PDF

Uploaded by

Copyright:

Available Formats

1. Which of the following is the correct description of windows log event type?

T 6235-14 (Right Answers)

connection-id peer vpn flag phase doi

Oxifi 2.2.2.1 0 RDIST vi:1 IPSEC 0x60436de4

B. The secondstage ipsec sa has been successfully established

tule name rule1

Which ofthe followingstatements are correct? (Multiple choice)

You might also like