HCIA Security H12-711

1- Regarding the description of the windows log event type, which options are correct?
(multiple choice)
A. A warning event is an event of a successful operation of an application, driver, or service.
B. Error events usually refer to the loss of functionality and data. For example, if a service cannot be loaded as a system
boot, an error event will be generated.
C. When the disk space is insufficient, it will be recorded as an "information event"
D. A failed audit event is a failed audit security login attempt, such as a failure when the user view accesses the network
drive, and is logged as a failure.
Review the event.
Correct Answer: BCD
2- Which of the following types of encryption technology can be divided into? (multiple choice)
A. Symmetric encryption
B. Symmetric encryption
C. Fingerprint encryption
D. Data encryption
Correct Answer: AB
3- Which of the following is the status information that can be backed up by the Huawei Redundancy Protocol (HRP)?
(multiple choice)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC
4- Which of the following is a core part of the P2DR model?

A. Policy strategy
B. Protection
C. Detection detection
D. Response response
Correct Answer: A
5- Evidence identification needs to address the integrity verification of evidence and determine whether it meets the
applicable standards. Which of the following statements is correct about the criteria for certification?
A. The relevance criterion refers to the fact that if the evidence can have a substantial impact on the facts of the case to a
certain extent, the court should determine its relevance.
B. The objectivity standard means that the acquisition, storage, and submission of electronic evidence should be legal,
and the basic rights such as national interests, social welfare, and personal privacy are not strictly violated.
C. The legality standard is to ensure that electronic evidence is not changed in any way from the initial acquisition and
collection to the use of litigation evidence.
D. The fairness standard refers to the evidentiary material obtained by legal subjects through legal means.
Correct Answer: A
6- Data analysis technology is to find and match keywords or key phrases in the acquired data stream or information flow,
and analyze the correlation of time. Which of the following is not an evidence analysis technique?
A. Password deciphering, data decryption technology
B. Document Digital Summary Analysis Technology
C. Techniques for discovering the connections between different evidences
D. Spam tracking technology
Correct Answer: D
7- Which of the following options are correct about the AH and ESP security protocols? (multiple choice)
A. AH can provide encryption and verification functions
B. ESP can provide encryption and verification functions
C. The agreement number of AH is 51.
D. The ESP agreement number is 51.
Correct Answer: BC
8- Which of the following types of attacks does a DDoS attack belong to?
A. Peep scan attack
B. Malformed message attack
C. Special packet attack
D. Traffic attack
Correct Answer: D
9- Regarding SSL VPN technology, which of the following options is wrong?

A. SSL VPN technology can be perfectly applied to NAT traversal scenarios
B. SSL VPN technology encryption only takes effect on the application layer
C. SSL VPN requires a dial-up client
D. SSL VPN technology extends the network scope of the enterprise
Correct Answer: C
10- Which of the following options can be used in the advanced settings of Windows Firewall? (multiple choice)
A. Restore defaults
B. Change notification rules
C. Set connection security rules
D. Set up inbound rules
Correct Answer: ABCD
11- When the NAT server is configured on the USG series firewall, the server-map table is generated. Which of the following
does not belong to the content in the performance?
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Correct Answer: D
12- Which of the following attacks is not a special packet attack?

A. ICMP redirect packet attack
B. ICMP unreachable packet attack
C. IP address scanning attack
D. Large ICMP packet attack
Correct Answer: C
13- Which of the following attacks is not a malformed message attack?

A. Teardrop attack
B. Smurf attack
C. TCP fragmentation attack
D. ICMP unreachable packet attack
Correct Answer: D
14- The "Caesar Password" is mainly used to encrypt data by using a stick of a specific specification.
A. True
B. False
Correct Answer: B
15- Which of the following are remote authentication methods? (multiple choice)
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Correct Answer: AC
16- When the firewall hard disk is in place, which of the following is correct for the firewall log description?
A. Administrators can advertise content logs to view detection and defense records of network threats
B. The administrator can use the threat log to understand the user's security risk behavior and the reason for being
alarmed or blocked.
C. The administrator knows the user's behavior, the keywords explored, and the effective status of the audit policy
configuration through the user activity log.
D. The administrator can learn the security policy of the traffic hit through the policy hit log, and use it for fault location
when the problem occurs.
Correct Answer: D
17- In the client-initiated VPN configuration, it is recommended to plan the address pool and the headquarters network
address as different network segments. Otherwise, you need to use the gateway device.
Enable proxy forwarding.
A. True
B. False
Correct Answer: A
18- Which of the following is the encryption technology used in digital envelopes?
A. Symmetric encryption algorithm
B. Asymmetric encryption algorithm
C. Hash algorithm
D. Stream encryption algorithm
Correct Answer: B
19- In addition to the built-in Portal authentication, the firewall also supports custom Portal authentication. When using custom
Portal authentication, you do not need to deploy an external Portal server.
A. True
B. False
Correct Answer: B
20- NAPT technology can implement a public IP address for multiple private network hosts.
A. True
B. False
Correct Answer: A
21- IPSec VPN technology does not support NAT traversal when encapsulated in ESP security protocol because ESP encrypts
the packet header.
A. True
B. False
Correct Answer: B
22- Which of the following is true about the description of SSL VPN?
A. Can be used without a client
B. The IP layer can be encrypted
C. There is a NAT traversal problem
D. No authentication required
Correct Answer: A
23- Some applications, such as Oracle database applications, have a long-term no data stream transmission, which interrupts
the firewall session connection, resulting in service interruption.
Which is the optimal solution?
A. Configure a service connection
B. Turn on ASPF function
C. Optimizing security policies
D. Turn on the slice cache
Correct Answer: A
24- “Is the security monitoring and management of information and information systems to prevent the illegal use of
information and information systems”, which is the purpose of information security?
A. Confidentiality
B. Controllability
C. Non-repudiation
D. Integrity
Correct Answer: B
25- When configuring an IPSec policy, an IPSec policy can reference an address set or configure multiple destination IP
addresses.
A. True
B. False
Correct Answer: A
26- Which of the following options is not part of the Quintuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Correct Answer: B
27- Regarding the Client-Initialized L2TP VPN, which of the following statements is wrong?
A. After the remote user accesses the internet, the client software can directly initiate an L2TP tunnel connection request
to the remote LNS.
B. The LNS device receives the user L2TP connection request, and can authenticate the user according to the user name
and password.
C. LNS assigns a private IP address to the remote user.
D. Remote users do not need to install VPN client software
Correct Answer: D
28- Regarding the description of the vulnerability scan, which of the following is wrong?
A. Vulnerability scanning is a technology based on network remote monitoring of the security vulnerability of a target
network or host. It can be used for simulated attack experiments and security audits.
B. Vulnerability scanning is used to detect whether there is a vulnerability in the target host system. Generally, the target
host is scanned for specific vulnerabilities.
C. Vulnerability scanning is a passive preventive measure that can effectively avoid hacker attacks.
D. Vulnerability scanning based on the results of ping scans and port scans
Correct Answer: C
29- Regarding the firewall security policy, the following options are wrong?
A. If the security policy is permit, the discarded packets will not accumulate the number of hits.
B. You cannot reuse the same name when configuring the security policy name.
C. Adjust the order of security policies without saving the configuration file.
D. Huawei USG series firewalls cannot exceed 128 security policy entries.
Correct Answer: A
30- Which of the following protection levels are included in the TCSEC standard? (multiple choice)
A. Verify the protection level
B. Forced protection level
C. Autonomous protection level
D. Passive protection level
Correct Answer: ABC
31- Which of the following are part of the PKI architecture? (multiple choice)
A. End entity
B. Certificate Authority
C. Certificate Registration Authority
D. Certificate storage organization
32- “Being good at observation” and “Keeping doubt” can help us better identify security threats in the online world.
A. True
B. False
Correct Answer: A
33- In the tunnel encapsulation mode. IPSec configuration does not need to have a route to the destination private network
segment, because the data will be re-encapsulated using the new IP header to find the routing table.
A. True
B. False
Correct Answer: B
34- Which of the following options are correct about the description of Windows Firewall? (multiple choice)
A. Windows Firewall can only allow or prohibit preset programs or functions and programs installed on the system, and
cannot customize the release rules according to the protocol or port number.
B. Windows Firewall not only allows or prohibits preset programs or functions and programs installed on the system, but
also supports self-defined release rules according to the protocol or port number.
C. If you are unable to access the Internet during the process of setting up the Windows Firewall, you can use the Restore
Defaults feature to quickly restore the firewall to the initial state.
D. Windows Firewall can also change notification rules when it is off.
Correct Answer: BCD
35- Which of the following is relevant to the investigation and evidence collection?
A. Evidence is not necessarily required during the investigation
B. Evidence obtained through eavesdropping is also valid
C. In all process of investigation and evidence collection, it is best to have law enforcement agencies involved
D. Documentary evidence is required in computer crime
Correct Answer: C
36- Which of the following is wrong about the management of Internet users?
A. Each user group can include multiple users and user groups
B. Each user group can belong to multiple parent user groups
C. The system has a default user group by default, which is also the system default authentication domain.
D. Each user belongs to at least one user group or multiple user groups
Correct Answer: B
37- Which of the following is not the method used in the Detection section of the P2DR model?
A. Real-time monitoring
B. Testing
C. Alarm
D. Close the service
Correct Answer: C
38- Which of the following is not part of the LINUX operating system?
A. CentOS
B. RedHat
C. Ubuntu
D. MAC OS
Correct Answer: D
39- In some scenarios, it is necessary to convert the source IP address and convert the destination IP address. Which of the
following techniques is used in the scenario?
A. Two-way NAT
B. Source NAT
C. NAT-Server
D. NAT ALG
Correct Answer: A
40- Which of the following protocols guarantee the confidentiality of data transmission? (multiple choice)
A. Telnet
B. SSH
C. FTP
D. HTTPS
Correct Answer: BD
41- After the web redirection function is configured on the USG series firewall, the authentication page cannot be displayed.
Which of the following is not the cause of the fault?
A. The authentication policy is not configured or the authentication policy is incorrectly configured.
B. Web authentication is not enabled.
C. The browser SSL version does not match the SSL version of the firewall authentication page.
D. The port number of the authentication page service is set to 8887
Correct Answer: D
42- Which of the following options describes the order of the four phases of the Information Security Management System
(ISMS)?
A. Plan->Check->Do->Action
B. Check->Plan->Do->Action
C. Plan->Do->Check->Action
D. Plan->Check->Action->Do
Correct Answer: C
43- In the information security system construction management cycle, which of the following behaviors needs to be
implemented in the “check” link?
A. Safety management system design
B. Implementation of the safety management system
C. Risk assessment
D. Safety management system operation monitoring
Correct Answer: C
44-
A. The status of this firewall VGMP group is Active.

B. The status of the VRRP group on the G1/0/0 and G1/0/1 interfaces is standby.
C. The HRP heartbeat interface of this firewall is G1/0/0 and G1/0/1.
D. This firewall must be in a preemptive state
Correct Answer: B
45- What are the following types of servers sorted by shape? (multiple choice)
A. Blade server
B. Tower server
C. Rack server
D. X86 server
Correct Answer: ABC
46- Common scanning attacks include: port scanning tools, vulnerability scanning tools, application scanning tools, and
database scanning tools.
A. True
B. False
Correct Answer: A
47- According to the protection object, the firewall is divided, and the windows firewall belongs to -?
A. Software firewall
B. Hardware firewall
C. Stand-alone firewall
D. Network firewall
Correct Answer: C
48- Which of the following options are part of the way a PKI entity applies for a local certificate from a CA? (multiple choice)
A. Apply online
B. Local application
C. Network application
D. Apply offline
Correct Answer: AD
49- Intrusion prevention system (IPS) is a defense system that can be blocked in real time when intrusion is discovered.
A. True
B. False
Correct Answer: A
50- Which of the following is not a symmetric encryption algorithm?

A. DES
B. 3DES
C. AES
D. RSA
Correct Answer: D
51- Which of the following options are correct about configuring a firewall security zone? (multiple choice)
A. The firewall has four security zones by default, and the four security zone priorities do not support modification.
B. The firewall can have up to 12 security zones
C. The firewall can create two security zones of the same priority
D. When data flows between different security zones, the device security check is triggered and the corresponding
security policy is implemented.
Correct Answer: AD
52- Digital certificates can be classified into local certificates, CA certificates, root certificates, and self-signed certificates
according to different usage scenarios.
A. True
B. False
Correct Answer: A
53- Which of the following descriptions is wrong about the root CA certificate?
A. The issuer is CA
B. The certificate subject name is CA
C. Public key information is the public key of the CA
D. Signature is generated by CA public key encryption
Correct Answer: D
54- Which of the following configurations can implement the NAT ALG function?
A. nat alg protocol
B. alg protocol
C. nat protocol
D. detect protocol
Correct Answer: D
55- Regarding the anti-virus response method of the firewall gateway for the HTTP protocol, which of the following
statements is wrong?
A. When the gateway device blocks the HTTP connection, push the web page to the client and generate a log
B. Response methods include announcement and blocking
C. Alarm mode the device only generates logs and sends them out without processing the files transmitted by the HTTP
protocol.
D. Blocking means that the device disconnects from the HTTP server and blocks file transfer.
Correct Answer: B
56- Which of the following does not belong to the user authentication method in the USG firewall?
A. Free of certification
B. Password authentication
C. Single sign-on
D. Fingerprint authentication
Correct Answer: D
57- The GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. If the area connected to GE1/0/1 is connected to
GE1/0/2, Which of the following is correct?
A. Need to configure Local to DMZ security policy
B. No need to do any configuration
C. Need to configure an interzone security policy
D. Need to configure DMZ to local security policy
Correct Answer: B
58- For the process of forwarding the first packet of the session between firewall domains, there are the following steps:
1, find the routing table
2, find the inter-domain packet filtering rules
3, find the session table
4, find the blacklist
Which of the following is correct?
A. 1->3->2->4
B. 3->2->1->4
C. 3->4->1->2
D. 4->3->1->2
Correct Answer: C
59- The administrator wants to know the current session table. Which of the following commands is correct?
A. clear firewall session table
B. reset firewall session table
C. display firewall session table
D. display session table
Correct Answer: B
60- Which of the following are the basic functions of anti-virus software? (multiple choice)
A. Protect against viruses
B. Finding a virus
C. Clearing the virus
D. Copying the virus
Correct Answer: ABC
61- The European TCSEC Code is divided into two modules, Function and Evaluation, which are mainly used in the military,
government and commercial fields.
A. True
B. False
Correct Answer: A
62- In the future development of information security, terminal detection is an important part. Which of the following
methods are within the scope of terminal testing? (multiple choice)
A. Install host antivirus software
B. Monitoring and remembering outreach equipment
C. Prevent users from accessing public network search engines
D. Monitoring host registry modification record
Correct Answer: AD
63- Using iptables to write a rule does not allow the network segment of 172.16.0.0/16 to access the device. Which of the
following rules is correct?
A.
B.
C.
D.
Correct Answer: A
64- Which of the following is not included in the HRP master/slave configuration consistency check?
A. NAT policy
B. Is the heartbeat interface with the same serial number configured?
C. Next hop and outbound interface of static route
D. Certification strategy
Correct Answer: C
65- In the USG series firewall, you can use the function to provide well-known application services for non-known
ports.
A. Port mapping
B. MAC and IP address binding
C. Packet filtering
D. Long connection
Correct Answer: A
66- Which of the following is not included in the design principles of the survey?
A. Integrity
B. Openness
C. Specificity
D. Consistency
Correct Answer: D
67- To implement the "anti-virus function" in the security policy, you must perform a license activation.
A. True
B. False
Correct Answer: A
68- The configuration commands for the NAT address pool are as follows:
The meaning of the no-pat parameter is:

A. Do not do address translation
B. Perform port multiplexing
C. Do not convert the source port
D. Do not convert the destination port
Correct Answer: C
69- On the surface, viruses, vulnerabilities, Trojans and other threats are the cause of information security incidents, but at
the root of it, information security incidents and people and information systems
It also has a lot to do with it.
A. True
B. False
Correct Answer: A
70- Which of the following behaviors is relatively safer when connecting to Wi-Fi in a public place?
A. Connect a Wi-Fi hotspot that is not encrypted
B. Connect to a paid Wi-Fi hotspot provided by the operator and only browse the web
C. Connect unencrypted free Wi-Fi for online shopping
D. Connect encrypted free Wi-Fi for online transfer operations
Correct Answer: B
71- Which of the following is the action to be taken during the summary phase of the cybersecurity emergency response?
(multiple choice)
A. Establish a defense system and specify control measures
B. Evaluate the implementation of the contingency plan and propose a follow-up improvement plan
C. Determining the effectiveness of the isolation measures
D. Evaluation of members of the emergency response organization
Correct Answer: BD
72- Which of the following descriptions are correct about port mirroring? (multiple choice)
A. The mirrored port copies the packet to the observing port.
B. The observing port sends the received packet to the monitoring device.
C. The mirrored port sends the received packet to the monitoring device.
D. The observing port copies the packet to the mirrored port.
Correct Answer: AB
73- Which of the following options is the GRE protocol number?

A. 46
B. 47
C. 89
D. 50
Correct Answer: B
74- Which of the following is incorrect about the VGMP protocol description?
A. VGMP joins multiple VRRP backup groups on the same firewall to one management group. The management group
manages all VRRP backup groups.
B. The status of all VRRP backup groups in the management group is consistent.
C. The VGMP group whose status is Active periodically sends hello packets to the peer. The stdandby terminal only listens
for hello packets and does not respond.
D. By default, when the hello packet sent by the peer is not received in the three hello packets, the peer is considered to
be faulty, and the user is switched to the active state.
Correct Answer: C
75- A and B communication communicates with each other. If an asymmetric encryption algorithm is used for encryption,
when A sends data to B, which of the following keys will be used for data encryption?
A. A public key
B. A private key
C. B's public key
D. B's private key
Correct Answer: C
76- IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.
A. True
B. False
Correct Answer: B
77- Which of the following descriptions is wrong about GRE encapsulation and decapsulation?
A. The encapsulation process, the original data packet is sent to the tunnel interface by looking up the route, and then
the GRE encapsulation is started.
B. The encapsulation process, after being encapsulated by the GRE module, the packet will enter the IP module for
further processing.
C. Decapsulation process, after receiving the GRE message, the destination end sends the data packet to the tunnel
interface by looking up the route and then decapsulates the GRE.
D. Decapsulation process, after decapsulation by the GRE module, the packet will enter the IP module for further processing.
Correct Answer: B
78- The anti-virus software repair only needs to be able to repair some system files that were accidentally deleted when
killing the virus to prevent the system from crashing.
A. True
B. False
Correct Answer: A
79- Which of the following is not a rating in the cybersecurity incident?

A. Major cybersecurity incidents
B. Special cybersecurity incidents
C. General cybersecurity incidents
D. Larger network security incidents
Correct Answer: B
80- Which of the following statements is true about single sign-on? (multiple choice)
A. The device can identify the user who passed the authentication system authentication.
B. AD domain single sign-on has only one deployment mode
C. Although the user password is not required, the authentication server needs to interact with the user password to
ensure that the authentication passes.
D. AD domain single sign-on can be synchronized to the firewall by mirroring the data stream.
Correct Answer: AD
81- Which of the following statements about VRRP/VGMP/HRP are correct? (multiple choice)
A. VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switchover.
B. VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment.
C. HRP is responsible for data backup during hot standby operation.
D. The VGMP group in the active state may include the VRRP group in the standby state.
Correct Answer: ABC
82- The administrator PC is directly connected to the management port of the USG firewall. The web interface is used for
initialization. Which of the following statements is correct? (multiple choice)
A. Manage PC browser access http; / / 192.168.0.1
B. The IP address of the management PC is manually set to 192.168.0.2-192.168.0.254
C. Manage PC browser access http://192.168.1.1
D. Set the NIC of the management PC to automatically obtain an IP address.
Correct Answer: AB
83- Which layer of the firewall does the firewall belong to in the Huawei SDSec solution?
A. Analysis layer
B. Control layer
C. Executive layer
D. Monitoring layer
Correct Answer: C
84- When deploying dual-system hot backup on a firewall, which protocol is required to implement the overall state
switching of the VRRP backup group?
A. VRRP
B. VGMP
C. HRP
D. OSPF
Correct Answer: B
85- The online user scenario of the enterprise is shown in the figure. The user online process is as follows:
1. The authentication is passed, and the USG allows the connection to be established.
2. User access to the internet input http://1.1.1.1
3.USG push authentication interface
4. The user successfully accesses http://1.1.1.1, and the device creates a session table.
5 User enters the correct username and password
The following correct process ordering should:

A. 2->5->3->1->4
B. 2->3->5->1->4
C. 2->1->3->5->4
D. 2->3->1->5->4
Correct Answer: B
86- Regarding the description of firewall hot standby, which of the following options are correct? (multiple choice)
A. When multiple areas of the firewall need to provide dual-system backup, you need to configure multiple VRRP backup
groups on the firewall.
B. Require the same status of all VRRP backup groups in the same VGMP management group on the same firewall.
C. The firewall hot standby needs to synchronize the backup between the master device and the slave device by using the
session table, MAC table, routing table, and other information.
D. VGMP is used to ensure the consistency of all VRRP backup group switching.
Correct Answer: ABD
C. Hash algorithm
D. Streaming algorithm
Correct Answer: B
88- Which of the following options are correct regarding the matching criteria for a security policy? (multiple choice)
A. The source security zone is an optional parameter in the matching condition.
B. "Time period" in the matching condition is an optional parameter
C. "Apply" in the matching condition is an optional parameter
D. "Service" is an optional parameter in the matching condition
89- The attacker sends an ICMP echo request and sets the destination address of the request packet to the broadcast address
of the victim network. Which kind of attack does this behavior belong to?
A. IP spoofing attack
B. Smurf attack
C. ICMP redirect attack
D. SYN flood attack
Correct Answer: B
90- Which of the following is true about the ordering of the PKI work process?
A. 1-2-6-5-7-4-3-8
B. 1-2-7-6-5-4-3-8
C. 6-5-4-1-2-7-3-8
D. 6-5-4-3-1-2-7-8
Correct Answer: B
91- A client in the Trust domain can log in to the FTP server in the Untrust zone but cannot download files. Which of the
following methods can solve the problem? (multiple choice)
A. Release the 21 port number between Trust and Untrust
B. When the FTP working mode is in the port mode, modify the security policy action from the Trust to the Untrust zone to allow
C. Enable detect ftp
D. When the FTP working mode is in Passive mode, modify the security policy action from the Trust to the Untrust zone to allow
Correct Answer: CD
92- Which of the following is not part of a digital certificate?

A. Public key
B. Private key
C. Validity period
D. Issuer
Correct Answer: B
93- Which of the following is true about the description of the TCP/IP stack packet decapsulation? (multiple choice)
A. The data packet is first transmitted to the data link layer. After parsing, the data link layer information is stripped, and
the network layer information is known according to the parsing information, such as IP.
B. After the transport layer (TCP) receives the data packet, the transport layer information is stripped after parsing, and
the upper layer processing protocol, such as UDP, is known according to the parsing information.
C. After receiving the data packet, the network layer is stripped after parsing, and the upper layer processing protocol is
known according to the parsing information, such as HTTP.
D. After the application layer receives the data packet, the application layer information is stripped after parsing, and the
final displayed user data is identical to the data sent by the sender host.
Correct Answer: AD
94- Which of the following is not a key technology for anti-virus software?
A. Shelling technology
B. Self-protection
C. Format the disk
D. Update the virus database in real time
Correct Answer: C
95- Which of the following are malicious programs? (multiple choice)

A. Trojan horse
B. Vulnerability
C. Worm
D. Virus
Correct Answer: ACD
96- Which of the following are key elements of information security? (multiple choice)
A. Asset management
B. Security operation and management
C. Security products and technologies
D. Personnel
97- Which of the following is not a major form of computer crime?

A. Implanting a Trojan to the target host
B. Hacking to the target host
C. Using a computer for personal surveys
D. Use scanning tools to collect network information without permission
Correct Answer: C
98- When the IPSec VPN tunnel mode is deployed, the AH protocol is used for packet encapsulation. In the new IP packet
header field, which of the following parameters is not required?
Data integrity check?
A. Source IP address
B. Destination IP address
C. TTL
D. Idetification
Correct Answer: C
99- When configuring a GRE tunnel interface, which of the following parameters is the Destination address?
A. Local tunnel interface IP address
B. Local end network export IP address
C. Peer external network export IP address
D. IP address of the peer tunnel interface
Correct Answer: C
100- Which of the following options are application risks (multiple choices)
A. Network virus
B. Email security
C. Database system configuration security
D. WEB service security
101- Security policy conditions can be divided into multiple fields, such as source address, destination address, source port,
destination port, etc. These fields are in an AND relationship, that is, only the information in the packet matches all fields.
On, it is considered to be hit this strategy.
A. True
B. False
Correct Answer: B
102- Which of the following is true about the description of SSL VPN?
A. Can be used without a client
B. The IP layer can be encrypted
C. There is a NAT traversal problem
D. No authentication required
Correct Answer: A
103- Regarding the description of disconnecting the TCP connection four-way handshake, which of the following is wrong?
A. The active shutdown party sends the first FIN to perform an active shutdown, while the other party receives this FIN
execution is closed.
B. When the first FIN is received by passive shutdown, it will send back an ACK and randomly generate an
acknowledgment sequence number.
C. The passive shutdown party needs to pass a file terminator to the application, the application closes its connection and
causes a FIN to be sent
D. After the passive close party sends the FIN, the active close party must send back an acknowledgment and set the
acknowledgment number to the received sequence number plus one.
Correct Answer: B
104- Which of the following is not an asymmetric encryption algorithm?

A. DH
B. MD5
C. DSA
D. RSA
Correct Answer: B
105- Which of the following statements about Client-Initiated VPN is correct? (multiple choice)
A. A tunnel is established between each access user and the LNS.
B. Only one L2TP session and PPP connection are carried in each tunnel.
C. Multiple L2TP sessions and PPP connections in each tunnel
D. Each tunnel carries multiple L2TP sessions and one PPP connection.
Correct Answer: AB
106- Regarding the firewall security policy, the following options are wrong?
A. If the security policy is permit, the discarded message will not accumulate the number of hits.
B. You cannot reuse the same name when configuring the security policy name.
C. Adjust the order of security policies without saving the configuration file.
D. The number of security policy entries of Huawei USG series firewalls cannot exceed 128.
Correct Answer: A
107- Which of the following options are supported by VPN technology to encrypt data packets? (multiple choice)
A. SSL VPN
B. GRE VPN
C. IPSec VPN
D. L2TP VPN
Correct Answer: AC
108- Which of the following is the username/password for the first login of the USG series firewall?
A. Username admin Password Admin@123
B. Username admin Password admin@123
C. Username admin Password admin
D. Username admin Password Admin123
Correct Answer: A
109- There are various security threats during the use of the server. Which of the following options is not a server security
threat?
A. Natural disasters
B. DDos attack
C. Hacking
D. Malicious programs
Correct Answer: A
110- Regarding the Client-Initialized L2TP VPN, which of the following statements is wrong?
A. After the remote user accesses the Internet, the client software can directly initiate an L2TP tunnel connection request to
the remote LNS.
B. The NS device receives the user L2TP connection request, and can authenticate the user according to the user name
and password.
C. LNS assigns a private IP address to the remote user.
D. Remote users do not need to install VPN client software
Correct Answer: D
111- Which of the following options does not include the respondents in the questionnaire for safety assessment?
A. Network System Administrator
B. Security administrator
C. HR
D. Technical leader
Correct Answer: C
112- The vulnerability that has not been discovered is the 0 day vulnerability.
A. True
B. False
Correct Answer: B
113- Regarding the problem that the two-way binding user of the authentication-free mode cannot access the network
resources, which of the following options are possible reasons? (multiple choice)
A. The authentication-free user and the authenticated user are in the same security zone.
B. The authentication-free user does not use the PC with the specified IP/MAC address.
C. The authentication action in the authentication policy is set to “Do not accept/free authentication”
D. Online users have reached the maximum
Correct Answer: BD
114- ASPF (Application Specific Packet Filter) is a packet filtering technology based on application layer and implemented by
server-map table.
Special security mechanisms.
Which of the following statements about the ASPF and server-map tables is correct? (multiple choice)
A. ASPF monitors messages during communication
B. ASPF can dynamically create a server-map table
C. ASPF dynamically allows multi-channel protocol data to pass through the server-map table.
D. The quintuple server-map entry implements a similar function to the session table.
Correct Answer: ABC
115- Which of the following are features of address translation technology? (multiple choice)
A. Address translation allows internal network users (private IP addresses) to access the Internet
B. Address translation can enable many hosts on the internal LAN to share an IP address online.
C. Address translation can handle encrypted IP headers
D. Address translation can shield users on the internal network and improve the security of the internal network.
Correct Answer: ABD
116- Regarding NAT address translation, which of the following statements is wrong?
A. Configure a NAT address pool in the source NAT technology. You can configure only one IP address in the address pool.
B. Address translation can provide FTP, WWW, Telnet and other services in the LAN according to the needs of users.
C. Some application layer protocols carry IP address information in the data, and modify the IP address information in the
upper layer data when NAT is applied to them.
D. For some non-TCP, UDP protocols (such as ICMP, PPTP), NAT conversion is not possible.
Correct Answer: D
117- Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are correct? (multiple choice)
A. VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switching.
B. VGMP is responsible for monitoring the failure of the device and controlling the fast switching of the device.
C. HRP is responsible for data backup during the hot standby operation.
D. The VGMP group in the Active state may contain the VRRP group in the Standby state.
Correct Answer: ABC
118- When the firewall upgrades the signature database and virus database online through the security service center, it first
requires the firewall to connect to the Internet, and secondly requires the correct DNS address to be configured.
A. True
B. False
Correct Answer: A
119- Which of the following is not a symmetric encryption algorithm?

A. DES
B. 3DES
C. AES
D. RSA
Correct Answer: D
120- The results seen by display ike sa are as follows. Which of the following statements is wrong?
A. IKE SA has been established

B. IPSec SA has been established
C. The neighbor address is 2.2.2.1
D. IKE uses the V1 version
Correct Answer: B
121- Regarding the comparison between windows and linux, which of the following statements is wrong?
A. Getting started with Linux is more difficult and requires some learning and guidance.
B. Windows can be compatible with most software, playing most games
C. linux is open source code, what do you want to do?
D. windows is open source, what do you want to do?
Correct Answer: D
122- Which of the following options are core elements of the IATF (Information Assurance Technology Framework) model?
(multiple choice)
A. Environment
B. People
C. Technology
D. Operation
Correct Answer: BCD
123- Which of the following are multi-user operating systems? (multiple choice)
A. MSDOS
B. UNIX
C. LINUX
D. Windows
Correct Answer: BCD
124- Electronic evidence preservation is directly related to the legal effect of evidence, in line with the preservation of legal
procedures, and its authenticity and reliability are guaranteed. Which of the following is not an evidence preservation
technology?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message tag tracking technology
Correct Answer: D
125- If the following conditions occur in the VGMP group, the VGMP message will not be sent to the peer end.
A. Dual hot backup function enabled
B. Manually switch the active and standby status of the firewall.
C. Firewall service interface failure
D. Session table entry changes
Correct Answer: D
126- Which of the following options can be used in the advanced settings of Windows Firewall? (multiple choice)
A. Restore defaults
B. Change notification rules
C. Set connection security rules
D. Set up inbound rules
127- Which of the following is true about the security policy configuration command?
A. ICMP packets with the destination address being 10.1.10.10 are not allowed to be accessed from the trust zone.
B. Disable all ICMP packets from the trust zone to the untrust zone and the destination address of the network segment
10.1.0.0/16.
C. Disable all ICMP packets from the trust zone to the untrust zone and the source IP address of the network segment
10.1.0.0/16.
D. Disable all host ICMP packets from the trust zone to the untrust zone and the source address is 10.2.10.10.
Correct Answer: C
128- In information security, commonly used security products include firewalls, Anti-DDos devices, and IPS/IDS devices.
A. True
B. False
Correct Answer: A
129- If the administrator uses the default default authentication domain to authenticate the user, the user only needs to enter
the user name when logging in. If the administrator uses the newly created authentication domain to authenticate the user,
the user needs to enter the username@authentication domain name when logging in.
A. True
B. False
Correct Answer: A
130- Digital certificate technology solves the problem that public key owners cannot determine in digital signature technology
A. True
B. False
Correct Answer: A
131- Which of the following options are technical features of the Intrusion Prevention System? (multiple choice)
A. Online mode
B. Real-time blocking
C. Self-learning and adaptive
D. Straight road deployment
Correct Answer: ABC
132- Regarding the firewall security policy, the following items are correct?
A. By default, an IPSec policy can control unicast packets and broadcast packets.
B. By default, the security policy can control multicast.
C. By default, the security policy only controls unicast packets.
D. By default, an IPSec policy can control unicast packets, broadcast packets, and multicast packets.
Correct Answer: C
133- Which of the following information is encrypted during the use of digital envelopes? (multiple choice)
A. Symmetric key
B. User data
C. Receiver public key
D. Receiver private key
Correct Answer: AB
134- Which of the following options are part of the ISO27001 certification field? (multiple choice)
A. Access control
B. Personnel safety
C. Vulnerability management
D. Business continuity management
135- Which of the following is true about the description of the firewall?
A. The firewall cannot transparently access the network.
B. Adding a firewall to the network will inevitably change the topology of the network.
C. In order to avoid single point of failure, the firewall only supports side-by-side deployment
D. Depending on the usage scenario, the firewall can be deployed in transparent mode or deployed in a three-bedroom
mode.
Correct Answer: D
136- On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the following commands
is correct?
A. clear saved-configuration
B. reset saved-configuration
C. reset current-configuration
D. reset running-configuration
Correct Answer: B
137- Which of the following options are correct for the description of a buffer overflow attack? (multiple choice)
A. Buffer overflow attack exploits the software system's flaws in memory operations, running attack code with high
operational privileges.
B. Buffer overflow attacks are not related to operating system vulnerabilities and architecture.
C. Buffer overflow attacks are one of the common methods of attacking software systems.
D. Buffer overflow attacks belong to the application layer attack behavior.
Correct Answer: ACD
138- Security technologies have different approaches at different levels and areas of technology. Which of the following
devices can be used for network layer security? (multiple choice)
A. Vulnerability scanning device
B. Firewall
C. Anti-DDoS equipment
D. IPS/IDS equipment
Correct Answer: BCD
139- IPSEC VPN technology does not support NAT traversal when encapsulated in ESP security protocol because ESP
encrypts the packet header.
A. True
B. False
Correct Answer: B
140- Which of the following options are part of the SSL VPN feature? (multiple choice)
A. User authentication
B. Port scanning
C. File sharing
D. WEB rewriting
Correct Answer: AC
141- In the digital signature process, which of the following is the HASH algorithm to verify the integrity of the data
transmission?
A. User data
B. Symmetric key
Correct Answer: A
142- Which of the following traffic matches the authentication policy triggers authentication?
A. Access device or device-initiated traffic
B. DHCP, BGP, OSPF, and LDP packets
C. Traffic from visitors accessing HTTP traffic
D. The first DNS packet corresponding to the HTTP service data flow
Correct Answer: C
143- The GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ. Which of the following is correct if the area
connected to GE1/0/1 can access the area connected to GE1/0/2?
A. Need to configure local to DMZ security policy
B. No need to do any configuration
C. Need to configure an interzone security policy
D. Need to configure DMZ to local security policy
Correct Answer: B
144- Using a computer to store information about criminal activity is not a computer crime
A. True
B. False
Correct Answer: B
145- Which of the following descriptions is wrong about IKE SA?

A. IKE SA is two-way
B. IKE is a UDP-based application layer protocol
C. IKE SA is for IPSec SA
D. The encryption algorithm used by user data packets is determined by IKE SA.
Correct Answer: D
146- Which of the following statements is wrong about VPN?

A. Virtual private network is less expensive than dedicated line
B. VPN technology necessarily involves encryption technology
C. VPN technology is a technology that multiplexes logical channels on actual physical lines.
D. The generation of VPN technology enables employees on business trips to remotely access internal corporate servers.
Correct Answer: B
147- Which of the following are the standard port numbers for the FTP protocol? (multiple choice)
A. 20
B. 21
C. 23
D. 80
Correct Answer: AB
148- Information security level protection is to improve the overall national security level, while rationally optimizing the
distribution of security resources, so that it can return the greatest security and economic benefits.
A. True
B. False
Correct Answer: A
149- For the occurrence of network security incidents, the remote emergency response is generally adopted first. If the
problem cannot be solved for the customer through remote access, after the customer confirms, the local emergency
response process is transferred.
A. True
B. False
Correct Answer: A
150- Usually we will divide the server into two categories: general server and function server. Which of the following options
meets this classification standard?
A. By application hierarchy
B. By purpose
C. By shape
D. According to the architecture
Correct Answer: B
151- NAPT technology can implement a public IP address for multiple private network hosts.
A. True
B. False
Correct Answer: A
152- After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all
the information that can be backed up can be directly configured on the standby device, and the configuration on the
backup device can be synchronized to the active device.
A. True
B. False
Correct Answer: A
153- Which of the following options are characteristic of a symmetric encryption algorithm? (multiple choice)
A. Fast encryption
B. Confidential speed is slow
C. Key distribution is not secure
D. Key distribution security is high
Correct Answer: AC
154- Which of the following options are a hazard of a traffic attack? (multiple choice)
A. Network paralysis
B. Server downtime
C. Data is stolen
D. The page has been tampered with
Correct Answer: AB
155- Intrusion Prevention System (IPS) is a defense system that can be blocked in real time when intrusion is discovered.
A. True
B. False
Correct Answer: A
156- About the HRP active and standby configuration consistency check content does not include the following option?
A. NAT policy
B. Is the heartbeat interface with the same serial number configured?
C. Next hop and outbound interface of static route
D. Certification strategy
Correct Answer: C
157- Which of the following is wrong about the NAT configuration?

A. Configure source NAT in transparent mode. The firewall does not support easy-ip mode.
B. The IP address in the address pool can overlap with the public IP address of the NAT server.
C. When there is VoIP service in the network, you do not need to configure NAT ALG.
D. The firewall does not support NAPT conversion for ESP and AH packets.
Correct Answer: D
158- Which of the following options are correct regarding the actions of the security policy and the description of the security
profile? (multiple choice)
A. If the action of the security policy is "prohibited", the device will discard this traffic, and then no content security check
will be performed.
B. The security profile can be applied without being applied to the security policy allowed by the action.
C. The security profile must be applied to the security policy that is allowed to take effect.
D. If the security policy action is "Allow", the traffic will not match the security profile.
Correct Answer: AC
159- What are the following options for encryption technology to protect data during data transmission? (multiple choice)
A. Confidentiality
B. Controllability
C. Integrity
D. Source verification
Correct Answer: ACD
160- After the network attack event occurs, the isolation area, summary data, and estimated loss are set according to the
plan. Which action in the cyber security emergency response is involved in the work content?
A. Preparation stage
B. Detection phase
C. Inhibition phase
D. Recovery phase
Correct Answer: C
A. True
B. False
Correct Answer: B
162- The digital certificate is fair to the public key through a third-party organization, thereby ensuring the non-repudiation of
data transmission. Therefore, to confirm the correctness of the public key, only the certificate of the communicating party is
needed.
A. True
B. False
Correct Answer: B
163- Digital signatures are used to ensure the integrity of data transmission by using a hash algorithm to generate digital fingerprints.
A. True
B. False
Correct Answer: A
164- Which of the following options are correct for the description of the firewall shard cache feature? (multiple choice)
A. By default, the firewall caches fragmented packets.
After the fragmented packet is forwarded, the firewall forwards the fragment according to the interzone security policy.
C. For fragmented packets, NAT ALG does not support the processing of SIP fragmented packets.
D. By default, the maximum number of fragment caches for an IPV4 packet is 32, and the maximum number of fragment
caches for an IPV6 packet is 255.
Correct Answer: ACD
165- The SIP protocol uses SDP messages to establish a session. The SDP message contains a remote address or a
multicast address.
A. True
B. False
Correct Answer: A
166- Which of the following attacks is not a network attack?

A. IP spoofing attack
B. Smurf attack
C. MAC address spoofing attack
D. ICMP attack
Correct Answer: C
167- What versions of the SNMP protocol are there? (multiple choice)
A. SNMPv1
B. SNMPv2b
C. SNMPv2c
D. SNMPv3
Correct Answer: ACD
168- Regarding the description of the preemption function of VGMP management, which of the following is wrong?
A. By default, the preemption function of the VGMP management group is enabled.
B. By default, the preemption delay of a VGMP management group is 40s.
C. Preemption means that when the faulty primary device recovers, its priority will be restored. At this time, it can regain
its own state.
D. After the VRRP backup group is added to the VGMP management group, the original preemption function on the VRRP
backup group is invalid.
Correct Answer: B
169- In the IPSec VPN transmission mode, which part of the data packet is encrypted?
A. Network layer and upper layer data packets
B. Original IP header
C. New IP packet header
D. Transport layer and upper layer data packets
Correct Answer: D
170- Which of the following descriptions is wrong about windows logs?

A. The system log is used to record the events generated by the operating system components, including the crash of the
driver, system components and application software, and data.
B. windows server 2008 system log is stored in Application.evtx
C. The application log contains events logged by the application or system program, mainly recording events related to
program operation
D. The security log of windows server 2008 is stored in security.evtx
Correct Answer: B
171- Which of the following is an error for the description of IP Spoofing?
A. IP spoofing attacks are exploited by the normal IP address-based trust relationship between hosts.
B. After the IP spoofing attack is successful, the attacker can use the fake IP address to imitate the legitimate host to
access the key information.
C. The attacker needs to masquerade the source IP address as a trusted host and send a data segment with a SYN label to
request a connection.
D. The host based on the IP address-based trust relationship can log in directly without entering password verification.
Correct Answer: C
172- In the USG series firewall, which of the following commands can be used to query the NAT translation result?
A. display nat translation
B. display firewall session table
C. display current nat
D. display firewall nat translation
Correct Answer: B
173- The preservation of electronic evidence is directly related to the legal effect of evidence, and it is in compliance with
the legal formalities, and its authenticity and reliability are guaranteed. Which of the following is not an evidence
preservation technique?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message tag tracking technology
Correct Answer: D
174- Which of the following is the status information that can be backed up by the Huawei Redundancy Protocol (HRP)?
(multiple choice)
A. Session table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Correct Answer: ABC
175- As shown in the figure, a TCP connection is established between client A and server B. Which of the following two "?"
message numbers should be?
A. a+1：a
B. a:a+1
C. b+1:b
D. a+1:a+1
Correct Answer: D
176- Digital certificates can be divided into local certificates, CA certificates, root certificates, and self-signed certificates
according to different usage scenarios.
A. True
B. False
Correct Answer: A
C. Hash algorithm
D. Stream encryption algorithm
Correct Answer: B
178- Which of the following are remote authentication methods? (multiple choice)
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Correct Answer: AC
179- Which of the following statements is true about IPSec SA?

A. IPSec SA is one-way
B. IPSec SA is two-way
C. Used to generate an encryption key
D. Used to generate a secret algorithm
Correct Answer: A
180- Which of the following does not include the steps in the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire survey
D. Data analysis
Correct Answer: D
181- In the equivalent of 2.0, which one stipulates that “spam should be detected and protected at critical network nodes,
and maintenance and update of the garbage protection mechanism should be maintained”?
A. Malicious code prevention
B. Communication transmission
C. Centralized control
D. Border protection
Correct Answer: A
182- Which of the following options is not part of the 5-tuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Correct Answer: B
183- In the state detection firewall, when the state detection mechanism is enabled, when the second packet (SYN+ACK) of
the three-way handshake arrives at the firewall, if the firewall does not have a corresponding session table, which of the
following descriptions is correct?
A. The firewall does not create a session table, but allows packets to pass.
B. If the firewall security policy allows packets to pass, create a session table.
C. The message must not pass through the firewall.
D. The message must pass through the firewall and establish a session.
Correct Answer: C
184- In the VRRP (Virtual Router Redundancy Protocol) group, the primary firewall periodically sends advertisement packets
to the backup firewall. The backup firewall only listens for advertisement packets and does not respond.
A. True
B. False
Correct Answer: A
185- The VRRP advertisement packet of the USG firewall is a multicast packet. Therefore, each firewall in the backup group
must be able to implement direct Layer 2 interworking.
A. True
B. False
Correct Answer: A
186- Because the server is a kind of computer, we can use it in the enterprise as our server.
A. True
B. False
Correct Answer: B
187- As shown in the figure, the application scenario of a NAT server is configured when the web configuration mode is used.
Which of the following statements are correct? (multiple choice)
A. When configuring an interzone security policy, set the source security zone to Untrust and the target security zone to DMZ.
B. When configuring the NAT server, the internal address is 10.1.1.2 and the external address is 200.10.10.1.
C. When configuring an interzone security policy, set the source security zone to DMZ and the target security zone to Untrust.
D. When configuring the NAT server, the internal address is 200.10.10.1 and the external address is 10.1.1.2.
Correct Answer: AB
188- In the L2TP configuration, which of the following statements is true for the command Tunnel Name? (multiple choice)
A. The tunnel name used to specify the local end
B. The tunnel name used to specify the peer
C. The tunnel Nnames on both ends must be consistent.
D. If the Tunnel Name is not configured, the tunnel name is the local system name.
Correct Answer: AD
189- Which of the following types of attacks does a DDos attack belong to?
A. Peep scan attack
B. Malformed message attack
C. Special packet attack
D. Traffic attack
Correct Answer: D
190- In the USG system firewall, you can use --- function to provide well-known application services for non-known ports.
A. Port mapping
B. MAC and IP address binding
C. Packet filtering
D. Long connection
Correct Answer: A
191- Which of the following is true about the command to view the number of security policy matches?
A. display firewall sesstion table
B. display security-policy all
C. display security-policy count
D. count security-policy hit
Correct Answer: B
192- Which of the following options is a Layer 2 VPN technology?

A. SSL VPN
B. L2TP VPN
C. GRE VPN
D. IPSec VPN
Correct Answer: B
193- Which of the following options are wrong about the description of the Windows Firewall advanced settings? (multiple choice)
A. When setting the stacking rule, only the local port can be restricted, and the remote port cannot be restricted.
B. When setting the stacking rule, both the local port and the remote port can be restricted.
C. When setting the pop-up rule, only the local port can be restricted, and the remote port cannot be restricted.
D. When setting the pop-up rule, both local ports can be restricted and remote ports can be restricted.
Correct Answer: BD
194- Regarding the description of VGMP group management, which of the following is wrong?
A. The master/slave status of the VRRP backup group needs to be notified to the VGMP management group to which it belongs.
B. The interface types and numbers of the heartbeat interfaces of the two firewalls can be different, as long as the Layer
2 interworking can be ensured.
C. The hello message is sent periodically between the VGMPs of the active and standby firewalls.
D. The active and standby devices exchange their packets through the heartbeat line to learn the status of each other and
back up related commands and status information.
Correct Answer: B
195- In the security assessment method, the purpose of the security scan is to scan the target system with a scan analysis
evaluation tool to discover related vulnerabilities and prepare for the attack.
A. True
B. False
Correct Answer: B
196- Which of the following attacks is not a malformed message attack?
A. Teardrop attack
B. Smurf attack
C. TCP fragmentation attack
D. ICMP unreachable packet attack
Correct Answer: D
197- Which of the following descriptions is wrong about IKE SA?
A. IKE SA is two-way
B. IKE is a UDP-based application layer protocol
C. IKE SA is for IPSec SA
D. The encryption algorithm used by user data packets is determined by IKE SA.
Correct Answer: D
198- In the construction of information security system, the security model is needed to accurately describe the relationship
between important aspects of security and system behavior.
A. True
B. False
Correct Answer: B
199- Security policy conditions can be divided into multiple fields, such as source address, destination address, source port,
destination port, etc. These fields are in an AND relationship, that is, only the information in the packet matches all fields.
On, it’s a hit strategy.
A. True
B. False
Correct Answer: B
200- The matching principle of the security policy is to first find the inter-domain security policy configured manually. If no
match is found, the data packet is directly discarded.
A. True
B. False
Correct Answer: A
201- Which of the following are the response actions after the gateway antivirus detects the mail virus? (multiple choice)
A. Alarm
B. Blocking
C. Announcement
D. Remove attachments
202- Digital signatures are used to ensure the integrity of data transmission by using a hash algorithm to generate digital
fingerprints.
A. True
B. False
Correct Answer: A
203- Which of the following statements is wrong about NAT address translation?
A. Configure a NAT address pool in the source NAT technology. You can configure only one IP address in the address pool.
B. Address translation can provide FTP, WWW, Telnet and other services in the LAN according to the needs of users.
C. Some application layer protocols carry IP address information in the data, and modify the IP address information in the
upper layer data when NAT is applied to them.
D. For some TCP, UDP protocols (such as ICMP, PPTP), NAT conversion is not possible.
Correct Answer: D
204- When the NAT server is configured on the USG system firewall, the server-map table is generated. Which of the
following does not belong to the content in the performance?
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Correct Answer: D
205- Which of the following are malicious programs? (multiple choice)

A. Trojan horse
B. Vulnerability
C. Worm
D. Virus
Correct Answer: ACD
206- Which of the following are the main implementations of gateway antivirus? (multiple choice)
A. Proxy scanning method
B. Stream scanning method
C. Package inspection method
D. File killing method
Correct Answer: AB
207- Which of the following options is not part of the hashing algorithm?
A. MD5
B. SHA1
C. SM1
D. SHA2
Correct Answer: C
208- Regarding the description of firewall hot standby, which of the following options are correct? (multiple choice)
A. When multiple areas of the firewall need to provide dual-system backup, you need to configure multiple VRRP backup groups on the firewall.
B. Require the same status of all VRRP backup groups in the same VGMP management group on the same firewall.
C. The firewall hot standby needs to synchronize the backup between the master device and the slave device by using the
session table, MAC table, routing table, and other information.
D. VGMP is used to ensure the consistency of all VRRP backup group switching.
Correct Answer: ABD
209- Which of the following is not the certificate save file format supported by the USG6000 series?
A. PKCS#12
B. DER
C. PEM
D. PKCS#
Correct Answer: D
210- Which of the following attacks is not a special packet attack?

A. ICMP redirect packet attack
B. ICMP unreachable packet attack
C. IP address scanning attack
D. Large ICMP packet attack
Correct Answer: C
211- Security technologies have different approaches at different levels and areas of technology. Which of the following
devices can be used for network layer security? (multiple choice)
A. Vulnerability scanning device
B. Firewall
C. Anti-DDoS equipment
D. IPS/IDS equipment
Correct Answer: BCD
212- Which of the following is used to encrypt digital fingerprints in digital signature technology?
A. sender public key
B. sender private key
Correct Answer: B
213- The reason that OSPF is more commonly used than RIP is that OSPF has device authentication and is more secure.
A. True
B. False
Correct Answer: B
214- Intrusion detection covers both authorized and unauthorized intrusions. Which of the following actions is not part of
the intrusion detection?
A. posing as another user
B. Administrator deletes the configuration by mistake
C. Planting worm Trojans
D. Disclosure of data information
Correct Answer: B
215- Which of the following is incorrect for the description of ARP spoofing attacks?
A. The ARP implementation mechanism only considers normal business interactions and does not verify any abnormal
business interactions or malicious behaviors.
B. ARP spoofing attacks can only be implemented through ARP replies and cannot be implemented through ARP requests.
C. When a host sends a normal ARP request, the attacker will respond preemptively, causing the host to establish an
incorrect IP and MAC mapping relationship.
D. ARP static binding is a solution to ARP spoofing attacks. It is mainly applied to scenarios where the network size is not large.
Correct Answer: B
216-Which of the following mechanisms is used to implement MAC flooding attacks? (multiple choice)
A. MAC learning mechanism of the switch
B. Switch forwarding mechanism
C. ARP learning mechanism
D. Limit on the number of MAC entries
217-After the firewall uses the hrp standby config enable command to enable the standby device configuration function, all the
information that can be backed up can be directly configured on the standby device, and the configuration on the standby device can
be synchronized to the active device.
A. True
B. False
Correct Answer: A
218- In practical applications, asymmetric encryption is mainly used to encrypt user data.
A. True
B. False
Correct Answer: B
219- When establishing their own information systems, enterprises check each operation according to the internationally
established authoritative standards, and can check whether their information systems are safe.
A. True
B. False
Correct Answer: A
220- Which of the following is the port number used for L2TP packets?
A. 17
B. 500
C. 1701
D. 4500
Correct Answer: C
221- Which of the following does not include the steps in the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire survey
D. Data analysis
Correct Answer: D
A. True
B. False
Correct Answer: B
223- Which of the following is true about firewall security policies?

A. By default, an IPSec policy can control unicast packets and broadcast packets.
B. By default, the security policy can control multicast.
C. By default, the security policy controls only unicast packets.
D. By default, an IPSec policy can control unicast packets, broadcast packets, and multicast packets.
Correct Answer: C
224-Which of the following information is encrypted during the use of digital envelopes? (multiple choice)
A. Symmetric key
B. User data
Correct Answer: AB
225-Which of the following is an action to be taken during the eradication phase of the cybersecurity emergency response?
(multiple choice)
A. Find sick Trojans, illegal authorization, system vulnerabilities, and timely processing
B. Revise the security policy based on the security incident that occurred, enable security auditing
C. Block the behavior of the attack, reduce the scope of influence
D. Confirm the damage caused by security incidents and report security incidents
Correct Answer: AB
226- Which of the following attacks can DHCP Snooping prevent? (multiple choice)
A. DHCP Server counterfeiter attack
B. Intermediaries and IP/MAC spoofing attacks
C. IP spoofing attack
D. Counterfeit DHCP lease renewal packet attack using option82 field
227- Which of the following options are part of the Huawei SDSec solution? (multiple choice)
A. CIS
B. Fierhunter
C. Router
D. AntiDDoS
Correct Answer: BCD
228-A company employee account authority expires, but you can still use the account to access the company server. What are the
security risks of the above scenarios? (multiple choice)
A. Managing security risks
B. Access to security risks
C. System security risks
D. Physical security risks
Correct Answer: ABC
229- Which of the following is the default backup method for hot standby?
A. Automatic backup
B. Manual batch backup
C. Session fast backup
D. Configuration of the active and standby FWs after the device is restarted
Correct Answer: A
230- The network administrator can collect data to be analyzed on the network device by means of packet capture, port mirroring, or log.
A. True
B. False
Correct Answer: A
231-The world's first worm, the "Morris worm," made people realize that as people become more dependent on computers, the
possibility of computer networks being attacked increases, and it is necessary to establish a comprehensive emergency response
system.
A. True
B. False
Correct Answer: A
232- Which of the following are the necessary configurations for IPSec VPN? (multiple choice)
A. Configure IKE neighbors
B. Configure IKE SA related parameters
C. Configuring IPSec SA related parameters
D. Configure the stream of interest
233- Which of the following categories are included in Huawei firewall user management? (multiple choice)
A. Internet user management
B. Access user management
C. Administrator User Management
D. Device User Management
Correct Answer: ABC
234-In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following options is
correct for the description of tracking technology? (multiple choice)
A. Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into the tracked IP
packets.
B. Link detection technology determines the source of the attack by testing the network connection between the routers.
C. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data mining
techniques
D. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time, sending frequency,
number of recipients, shallow email headers, etc.
Correct Answer: ABD
235-When the session authentication mode is used to trigger the firewall's built-in Portal authentication, the user does not actively
perform identity authentication, advanced service access, and device push "redirect" to the authentication page.
A. True
B. False
Correct Answer: A
236- Which of the following is wrong for the description of the intrusion detection system?
A. Intrusion detection system can dynamically collect a large amount of key information through the network and computer,
and can analyze and judge the current state of the entire system environment in time.
B. The intrusion detection system can perform blocking operation if it finds that there is a violation of the security policy or
the system has traces of being attacked.
C. Intrusion detection system includes all hardware and software systems for intrusion detection
D. The flooding detection system can be linked with firewalls and switches to become a powerful “helper” for the firewall,
which is better and more precise to control traffic access between domains.
Correct Answer: C
237-Which of the following options are in the encapsulation mode supported by IPSec VPN? (multiple choice)
A. AH mode
B. Tunnel mode
C. Transmission mode
D. ESP mode
Correct Answer: BC
238- The tunnel address of the two ends of the GRE tunnel can be configured as the address of different network segments.
A. True
B. False
Correct Answer: A
239- Regarding the description of the packet during the iptables transfer process, which of the following options is wrong?
A. When a packet enters the network card, it first matches the PREROUTING chain.
B. If the destination address of the packet is local, the packet will be sent to the INPUT chain.
C. If the destination address of the packet is not local, the system sends the packet to the OUTPUT chain.
D. If the destination address of the packet is not local, the system sends the packet to the FORWARD chain.
Correct Answer: C
240- Which of the following is wrong about the description of the operating system?
A. The operating system is the interface between the user and the computer
B. The operating system is responsible for managing the execution of all hardware resources and control software of the computer
system.
C. The interface between the operating system and the user is a graphical interface.
D. The operating system itself is also software
Correct Answer: C
241- Which of the following does not belong to the conditions required for firewall hot standby?
A. The firewall hardware model is consistent
B. The firewall software version is consistent
C. The interface type and number used are the same.
D. The firewall interface has the same IP address.
Correct Answer: D
242- Which of the following options are correct regarding the NAT policy processing flow? (multiple choice)
A. Server-map is processed after status detection
B. Source NAT policy query is processed after the session is created
C. The source NAT policy is processed after the security policy is matched.
D. Server-map is processed before the security policy matches
Correct Answer: ACD
243- Which of the following options are necessary for the firewall hot standby scenario? (multiple choice)
A. hrp enable
B. hrp mirror session enable
C. hrp interface interface-type interface-number
D. hrp preempt [delay interval]
Correct Answer: AC
244-Manual auditing is a supplement to tool evaluation. It does not require any software to be installed on the target system being
evaluated, and has no effect on the operation and status of the target system. Which of the following options does not include
manual auditing?
A. Manual detection of the host operating system
B. Manual inspection of the database
C. Manual inspection of network equipment
D. Manual inspection of the administrator's operation of the equipment process
Correct Answer: D
245- Which of the following are the default security zones of Huawei firewall? (multiple choice)
A. Zone area
B. Trust area
C. Untrust area
D. Security area
Correct Answer: BC
246- Which level is the corresponding warning for major network security incidents that occur?
A. Red warning
B. Orange warning
C. Yellow warning
D. Blue warning
Correct Answer: B
247- Which of the following descriptions is wrong about the source of electronic evidence?
A. Fax data, mobile phone recording is an electronic evidence related to communication technology.
B. Movies and TV shows belong to electronic evidence related to network technology.
C. Database operation records, operating system logs are computer-related electronic evidence •
D. Operating system, e-mail, chat records can be used as a source of electronic evidence
Correct Answer: B
248- Which of the following statements is correct about the ordering of the call setup process for L2TP corridors?
1. Establish an L2TP tunnel
2. Establish a PPP connection
3. LNS authenticates users
4. Users access intranet resources
5. Establish an L2TP session
A. 1->2->3->5->4
B. 1->5->3->2->4
C. 2->1->5->3->4
D. 2->3->1->5->4
Correct Answer: B
249-The protocol field in the IP packet header identifies the protocol used by the upper layer. Which of the following field values
indicates that the upper layer protocol is the UDP protocol?
A. 6
B. 17
C. 11
D. 18
Correct Answer: B
250-According to the management specifications, the network security system and equipment are regularly checked, the patches are
upgraded, and the network security emergency response drill is organized. Which of the following are the MPDRR network security
modes?
A. Protection link
B. Testing
C. Response link
D. Management
Correct Answer: BC
251- Information security level protection is the basic system of national information security work
A. True
B. False
Correct Answer: A
252- Which of the following is not the identity of the IPSec SA?
A. SPI
B. Destination address
C. Source address
D. Security protocol
Correct Answer: C
253-What is the correct difference between the following pre-accident prevention strategies and post-accident recovery strategies?
(multiple choice)
A. The prevention strategy focuses on minimizing the likelihood of an accident before the story occurs. The recovery strategy focuses
on minimizing the impact and loss on the company after the accident
B. The role of pre-disaster prevention strategies does not include minimizing economic, reputational, and other losses caused by
accidents.
C. Recovery strategy is used to improve business high availability
D. Recovery strategy is part of the business continuity plan
Correct Answer: ACD
254-Which of the following operations are required during the administrator upgrade of the USG firewall software version? (multiple
choice)
A. Upload the firewall version software
B. Restart the device
C. Device factory reset
D. Specify the next time you start loading the software version.
Correct Answer: ABD
255- If the company structure has undergone a practical change, it is necessary to retest whether the business continuity plan is feasible.
A. True
B. False
Correct Answer: A
256-HTTP packets are carried by UDP, and the HTTPS protocol is based on TCP three-way handshake. Therefore, HTTPS is relatively
secure, and HTTPS is recommended.
A. True
B. False
Correct Answer: B
257-The single-point login function of the Internet user is used to authenticate the AD server. The device does not interfere with the
user authentication process. The AD monitoring service needs to be deployed on the USG to monitor the authentication information
of the AD server.
A. True
B. False
Correct Answer: B
258-UDP port scanning means that an attacker sends a zero-byte UDP packet to a specific port of the target host. If the port is open, it
will return an ICMP port reachable data packet.
A. True
B. False
Correct Answer: B
259- Regarding the business continuity plan, is the following statement correct? (multiple choice)
A. Business continuity plan does not require high-level participation of the company in determining the project scope phase
B. BCP needs flexibility because it cannot predict all possible accidents
C. Business continuity plan does not require senior company involvement before formal documentation is formed
D. Not all security incidents must be reported to company executives
Correct Answer: BD
260- When the USG series firewall hard disk is in place, which of the following logs can be viewed? (multiple choice)
A. Operation log
B. Business log
C. Alarm information
D. Threat log
261-Social engineering is a means of harm such as deception, injury, etc. through psychological traps such as psychological weakness,
instinctive reaction, curiosity, trust, greed
A. True
B. False
Correct Answer: A
262-Apply for emergency response special funds, procurement emergency response software and hardware equipment is in the stage of
the network full emergency response in the work content?
A. Preparation stage
B. Inhibition phase
C. Response phase
D. Recovery phase
Correct Answer: A
263-Device destruction attacks are generally not easy to cause information leakage, but usually cause network communication services
to be interrupted.
A. True
B. False
Correct Answer: A
264- Which of the following is incorrect about the description of Internet users and VPN access user authentication?
A. The Internet user and the VPN access user share data, and the user's attribute check (user status, account expiration time, etc.)
also takes effect on VPN access.
B. The local authentication or server authentication process is basically the same for both users. The authentication is performed on
the authentication domain. The user triggers the same method.
C. After the VPN user accesses the network, it can access the network resources of the enterprise headquarters. The firewall can
control the accessible network resources based on the user name.
D. After the VPN access user passes the authentication, it will be online on the user's online list.
Correct Answer: D
265- Which of the following descriptions about the patch is wrong?

A. Patch is a small program created by the original author of the software for the discovered vulnerability.
B. No patching does not affect the operation of the system, so it is irrelevant whether to patch or not.
C. Patches are generally updated.
D. Computer users should download and install the latest patches in time to protect their systems.
Correct Answer: B
266- Which of the following is incorrect about the description of the Intrusion Prevention System (IPS)?
A. IDS devices need to be linked to the firewall to block the intrusion.
B. IPS devices cannot be bypassed in the network.
C. IPS devices can be cascaded at the network boundary and deployed online
D. IPS devices can be blocked in real time once they detect intrusion
Correct Answer: B
267- Guan Zi Huawei's router and text changer, which of the following statements are correct? (multiple choice)
A. The router can implement some security functions, and some routers can implement more security functions by adding security
boards.
B. The main function of the router is to forward data. When the enterprise has security requirements, sometimes the firewall may be
a more suitable choice.
C. The switch has some security functions, and some switches can implement more security functions by adding security boards.
D. The switch does not have security features
Correct Answer: ABC
268- Which of the following options does not belong to the log type of the Windows operating system?
A. Business log
B. Application log
C. Security log
D. System log
Correct Answer: A
269-After the network intrusion event occurs, according to the plan to obtain the intrusion identity, attack source and other
information, and block the intrusion behavior, which actions in the PDRR network security model? (multiple choice)
A. Protection link
B. Testing
C. Response link
D. Recovery link
Correct Answer: BC
270- Which of the following is wrong about the scanning of vulnerabilities?
A. The vulnerability was discovered beforehand and discovered afterwards.
B. Vulnerabilities are generally repairable
C. Vulnerabilities are security risks that can expose computers to hackers
D. Vulnerabilities can be avoided
Correct Answer: D
271-When configuring single sign-on for users, the receiving PC message mode is adopted. The authentication process has the following
steps:
1 The visitor PC executes the login script and sends the user login information to the AD monitor.
2 The firewall extracts the correspondence between the user and the IP from the login information and adds it to the online user
table.
3 AD monitor connects to the AD server to query the login user information, and forwards the queried user information to the
firewall.
4 The visitor logs in to the AD domain. The AD server returns the login success message to the user and issues the login script. Which
of the following is correct?
A. 1-2-3-4
B. 4-1-3-2
C. 3-2-1-4
D. 1-4-3-2
Correct Answer: B
272-The administrator wants to create a web configuration administrator, the device web access port number is 20000, and the
administrator is the administrator level. Which of the following commands is correct?
a.
b.
c.
d.
Correct Answer: A
273-Which of the following options are correct regarding the actions of the security policy and the description of the security profile?
(multiple choice)
A. It is forbidden that if the action of the security policy is “prohibited”, the device will discard this traffic and will not perform content
security check later.
B. The security profile can be applied without being applied to the security policy allowed by the action.
C. The security profile must be applied to the security policy that is allowed to take effect.
D. If the security policy action is "Allow", the traffic will not match the security profile.
Correct Answer: AC
274- Which of the following are the same features of Windows and LINUX systems? (multiple choice)
A. Support multitasking
B. Support graphical interface operations
C. Open source system
D. Support multiple terminal platforms
Correct Answer: ABD
275- In the following configuration process, the device generates a Server-map entry in the following cases? (multiple choice)
A. Automatically generate server-map entries when configuring source NAT.
B. After the NAT server is configured successfully, the device automatically generates a server map entry.
C. A server-map entry is generated when easy-ip is configured.
D. After configuring NAT No-PAT, the device will create a server-map table for the configured multi-channel protocol data stream.
Correct Answer: BD
276- NAT technology can securely transfer data by encrypting data.
A. True
B. False
Correct Answer: B
277- Which of the following is the correct order for event response management?
1 detection
2 report
3 relief
4 summarizing experience
5 repair
6 recovery
7 response
A. 1-3-2-7-5-6-4
B. 1-3-2-7-6-5-4
C. 1-2-3-7-6-5-4
D. 1-7-3-2-6-5-4
Correct Answer: D
278-Regarding the L2TP VPN statement, which of the following is wrong?
A. Applicable to business employees dialing access to the intranet
B. Will not encrypt the data
C. Can be used in conjunction with IPsec VPN
D. Belongs to Layer 3 VPN technology
Correct Answer: D
279- Encryption technology can transform readable information into unreadable information in a certain way.
A. True
B. False
Correct Answer: A
280-ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application layer, and implements a special
security mechanism through the server-map table. Which of the following statements about the ASPF and server-map tables is
correct? (multiple choice)
A. ASPF monitors messages during communication
B. ASPF can dynamically create a server-map
C. ASPF dynamically allows multi-channel protocol data to pass through the server-map table.
D. The quintuple server-map entry implements a similar function to the session table.
Correct Answer: ABC
281- Antivirus software and host firewall have the same effect.
A. True
B. False
Correct Answer: B
282- The process of electronic forensics includes: protecting the site, obtaining evidence, preserving evidence, identifying
evidence, analyzing evidence, tracking and presenting evidence.
A. True
B. False
Correct Answer: A
283-Execute the command on the firewall and display the above information. Which of the following descriptions is correct? (multiple
choice)
A. The status of this firewall VGMP group is Active.
B. The virtual IP address of the G1/0/1 interface is 202.38.10.2.
C. The priority of the VRRP backup group with the VRID of the firewall is 100.
D. Will not switch when the primary device USG_A fails
Correct Answer: ABC
284-In the USG series firewall system view, the device configuration will be restored to the default configuration after the reset saved-
configuration command is executed. No other operations are required.
A. True
B. False
Correct Answer: B
285- Which of the following is the difference between Network Address Port Translation (NAPT) and Switched Network
Address Only (No-PAT)?
A. After No-PAT conversion, for external network users, all messages are from the same IP address.
B. No-PAT only supports protocol port conversion of the transport layer
C. NAPT only supports protocol address translation at the network layer.
D. No-PAT supports protocol address translation at the network layer
Correct Answer: D
286-Which of the following options are correct for the description of a buffer overflow attack?
(multiple choice)
A. Buffer overflow attack exploits the software system's flaws in memory operations, running attack code with high operational
privileges
B. Buffer overflow attacks are not related to operating system vulnerabilities and architectures
C. Buffer overflow attacks are one of the common methods of attacking software systems.
D. Buffer overflow attack is an application layer attack behavior
Correct Answer: ACD
287- Which of the following is not the scope of business of the National Internet Emergency Center?
A. Emergency handling of security incidents
B. Early warning notification of security incidents
C. Providing security evaluation services for government departments, enterprises and institutions
D. Cooperate with other agencies to provide training services
Correct Answer: D
288- The host firewall is mainly used to protect the host from attacks and intrusions from the network.
A. True
B. False
Correct Answer: A
289- Which of the following options are international organizations related to information security standardization? (multiple
choice)
A. International Organization for Standardization (ISO) International Organization for Standardization
B. International Electrotechnical Commission (IEC) International Electrotechnical Commission
C. International Telecommunication Union (ITU) International Telecommunication Union
D. Wi-Fi Alliance Wi-Fi Alliance
Correct Answer: ABC
290- In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following
options is correct for the description of tracking technology? (multiple choice)
A. Packet Recording Technology marks packets on each passing router by inserting trace data into the tracked IP packets
B. Link test technology determines the source of the attack by testing the network link between the routers
C. Packet tagging technology extracts information from attack sources by recording packets on the router and then using
data mining techniques
D. Shallow mail behavior analysis can analyze the information such as sending IP address, sending time, sending
frequency, number of recipients, shallow email headers and so on.
Correct Answer: ABD
291- Digital signature technology obtains a digital signature by encrypting which of the following data?
A. User data
B. Receiver public key
C. sender public key
D. Digital fingerprint
Correct Answer: D
292- On the USG series firewalls, the default security policy does not support modification.
A. True
B. False
Correct Answer: B
293- In the classification of information security level protection systems, which of the following levels defines the damage to
social order and public interest if the information system is destroyed? (multiple choice)
A. First level
User protection level
B. Second level
System audit protection level
C. Third level
Security mark protection
D. Fourth level
Structured protection
294- Which of the following is the analysis layer device in the Huawei SDSec solution?
A. CIS
B. Agile Controller
C. switch
D. Firehunter
Correct Answer: D
295-Which of the following options are correct regarding the control actions permit and deny for firewall interzone forwarding security
policies? (multiple choice)
A. The action of the firewall default security policy is deny
B. Packets are matched immediately after the deny action is removed from the interzone security policy. The other interzone security
policies will not be executed.
C. Even if the packet matches the permit action of the security policy, it will not necessarily be forwarded by the firewall.
D. Whether the message matches the permit action of the security policy or the deny action, it will go to the UTM module for
processing.
Correct Answer: ABC
296- Which of the following is not included in the Corporate Impact Analysis (BIA)?
A. Business priority
B. Accident handling priority
C. Impact assessment
D. Risk identification
Correct Answer: C
297- Which of the following is the main application scenario of tunnel mode when IPSec VPN is deployed?
A. Between the host and the host
B. Between the host and the security gateway
C. Between security gateways
D. Between the host and the server
Correct Answer: C
298-The Huawei Redundancy Protocol (HRP) is used to synchronize the critical configuration and connection status of the firewall to the
standby firewall. Which of the following options is not in the scope of synchronization?
A. Security policy
B. NAT strategy
C. Blacklist
D. IPS signature set
Correct Answer: D
299- Regarding the business continuity plan, is the following statement correct? (multiple choice)
A. Business continuity plan does not require high-level participation of the company in determining the project scope phase
B. It is thought that all accidents that may be suffered cannot be predicted, so BCP needs flexibility.
C. Business continuity plan does not require senior company involvement before formal documentation is formed
D. Not all security incidents must be reported to company executives
Correct Answer: BD

HCIA Security H12-711

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCIA Security H12-711

Uploaded by

Copyright:

Available Formats

1- Regarding the description of the windows log event type, which options are correct?

4- Which of the following is a core part of the P2DR model?

9- Regarding SSL VPN technology, which of the following options is wrong?

12- Which of the following attacks is not a special packet attack?

13- Which of the following attacks is not a malformed message attack?

A. The status of this firewall VGMP group is Active.

50- Which of the following is not a symmetric encryption algorithm?

The meaning of the no-pat parameter is:

73- Which of the following options is the GRE protocol number?

79- Which of the following is not a rating in the cybersecurity incident?

The following correct process ordering should:

92- Which of the following is not part of a digital certificate?

95- Which of the following are malicious programs? (multiple choice)

97- Which of the following is not a major form of computer crime?

104- Which of the following is not an asymmetric encryption algorithm?

119- Which of the following is not a symmetric encryption algorithm?

A. IKE SA has been established

145- Which of the following descriptions is wrong about IKE SA?

146- Which of the following statements is wrong about VPN?

157- Which of the following is wrong about the NAT configuration?

166- Which of the following attacks is not a network attack?

170- Which of the following descriptions is wrong about windows logs?

179- Which of the following statements is true about IPSec SA?

192- Which of the following options is a Layer 2 VPN technology?

205- Which of the following are malicious programs? (multiple choice)

210- Which of the following attacks is not a special packet attack?

223- Which of the following is true about firewall security policies?

265- Which of the following descriptions about the patch is wrong?

You might also like