H12-711 Exam - HCNA-Security - CBSN (Constructing Basic Security Network)

NEW QUESTION 1
On the USG series firewalls, the default security policy does not support modification

• A. True
• B. False

Answer: B

NEW QUESTION 2
Regarding the relationship and role of VRRPA/GMP/HRP. which of the following statements are correct?(Multiple choice)

• A. VRRP is responsible for sending free ARP to direct traffic to the new primary device during active/standby switchover.
• B. VGMP is responsible for monitoring equipment failures and controlling fast switching of equipment.
• C. HRP is responsible for data backup during hot standby operation
• D. VGMP group in the active state may include the VRRP group in the standby state.

Answer: ABC

NEW QUESTION 3
What are the advantages of address translation techniques included? (Multiple choice)

• A. Address conversion can make internal network users (private IPaddress) easy access to the Internet
• B. Many host address conversion can make the internal LAN to share an IP address on the Internet
• C. Address conversion that can handle the IP header of encryption
• D. Address conversion can block internal network users,improve the safety of internal network

Answer: ABD

NEW QUESTION 4
Which of the following is the analysis layer device inthe Huawei SDSec solution? r a.

• A. cis
• B. Agile Controller
• C. switch
• D. Firehunter

Answer: D

NEW QUESTION 5
Which of the following is wrong about the management of Internet users?

• A. Each user group can include multiple users and user groups
• B. Each user group canbelong to multiple user groups
• C. The system has a default user group by default, which is also the system default authentication domain.
• D. Each user belongs to at least one user group, also can belong to multiple user groups

Answer: B

NEW QUESTION 6
In Huawei SDSec solution, which layer of equipment does the firewall belong to?

• A. Analysis layer
• B. Control layer
• C. Executive layer
• D. Monitoring layer

Answer: C

NEW QUESTION 7
Which of the following are the hazards of traffic attacks? (Multiple choice)

• A. Network paralysis
• B. Server downtime
• C. Data is stolen
• D. The page has been tampered with

Answer: AB

NEW QUESTION 8
Which ofthe following optionsis the correct sequence ofthe four phases ofthe Information Security
Management System (ISMS)?

• A. Plan->Check->Do->Action
• B. Check->Plan->Do->Action
• C. Plan->Do->Check->Action
• D. Plan->Check->Action->Do

Answer: C

NEW QUESTION 9
Which of the following is the default backup method for double hot standby?

• A. Automatic backup
• B. Manual batch backup
• C. Session fast backup
• D. Configuration of the active and standby FWs after the device is restarted

Answer: A

NEW QUESTION 10
Which of the following are part of the SSL VPN function? (Multiplechoice)

• A. User authentication
• B. Port scanning
• C. File sharing
• D. WEB rewriting

Answer: AC

NEW QUESTION 11
Which of the following is not a rating in the network security incident?

• A. Major network security incidents
• B. Special network security incidents
• C. General network security incidents

Answer: B

NEW QUESTION 12
Which ofjhe following is the encryption technology used in digital envelopes?

• A. Symmetric encryption algorithm
• B. Asymmetric encryption algorithm
• C. Hash algorithm
• D. Streaming algorithm

Answer: B

NEW QUESTION 13
If the administrator uses ’he default authentication domain to authenticate a user, you onlyneed to enter a user name when the user logs, if administrators use the newly created authentication domain to authenticate the user, the user will need to enter login "username @ Certified domain name"

• A. True
• B. False

Answer: A

NEW QUESTION 14
Which ofthe following does not belong to the user authentication method in the USG firewall?

• A. Free certification
• B. Password authentication
• C. Single sign-on
• D. Fingerprint authentication

Answer: D

NEW QUESTION 15
Which of the following does not include the steps of the safety assessment method?

• A. Manual audit
• B. Penetration test I
• C. Questionnaire survey
• D. Data analysis

Answer: D

NEW QUESTION 16
Intrusion Prevention System (IPS) is a defense system that can block in real time when an intrusion is discovered

• A. True
• B. False

Answer: A

NEW QUESTION 17
IPSec VPN technology does not support NAT traversal when encapsulating with ESP security protocol, because ESP encrypts the packet header

• A. True
• B. False

Answer: B

NEW QUESTION 18
Which of the following is true about firewall security policies?

• A. By default, the security policy can control unicast packets andbroadcast packets.
• B. By default, the security policy can control multicast.
• C. By default, the security policy only controls unicast packets.
• D. By default, the security policy can control unicast packets, broadcast packets, and multicast packets.

Answer: C

NEW QUESTION 19
In the security assessment method, the purpose ofthe security scan is to scan the target system with a scan analysis evaluation tool to discover related vulnerabilities and prepare for the attack.

• A. True
• B. False

Answer: B

NEW QUESTION 20
ASPF (Application Specific Packet Filter) is a kind of packet filtering basedon the application layer, it checks the application layer protocol information and monitor the connection state of the application layer protocol. ASPF by Server Map table achieves a special security mechanism. Which statement about ASPF and Server map table are correct? (Multiple choice)

• A. ASPF monitors the packets in the process of communication
• B. ASPF dynamically create and delete filtering rules
• C. ASPF through server map table realize dynamic to allow multi-channel protocol data to pass
• D. Quintupleserver-map entries achieve a similar functionality with session table

Answer: ABC

NEW QUESTION 21
In order to obtain evidence of crime, it is necessary to master :he technology of intrusion tracking. Which of the following descriptions are correct about thetracking technology? (Multiple Choice)

• A. Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into the tracked IP packets.
• B. Link detection technology determines the source of the attack by testing the network connection between the routers
• C. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data drilling techniques
• D. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time, sending frequency, number of recipients, shallow email headers, etc.

Answer: ABD

NEW QUESTION 22
The single-point login function of the online user, the user authenticates directly to the AD server, and the device does not interfere with the user authentication process. The AD monitoring service needs to be deployed on the USG device to mcnitorthe authentication information of the AD server.

• A. True
• B. False

Answer: B

NEW QUESTION 23
Which of the following are remote authentication methods? (Multiple choice)

• A. RADIUS
• B. Local
• C. HWTACACS
• D. LLDP

Answer: AC

NEW QUESTION 24
Which of the following is not a hash algorithm?

• A. MD5
• B. SHA1
• C. SM1
• D. SHA2

Answer: C

NEW QUESTION 25
Except built-in Portal authentication, firewall also supports custom Portal authentication, when using a custom Portalauthentication, no need to deploy a separate external Portal sever.

• A. True
• B. False

Answer: B

NEW QUESTION 26
......