Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Huawei H12-722 - Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0)

Huawei H12-722 Premium Access     Download Demo    
Page: 1 / 6
Total 177 questions

With regard to APT attacks, the attacker often lurks for a long time and launches a formal attack on the enterprise at the key point of the incident.

Generally, APT attacks can be summarized into four stages:

1. Collecting Information & Intrusion

2. Long-term lurking & mining

3. Data breach

4. Remote control and penetration

Regarding the order of these four stages, which of the following options is correct?

A.

2-3-4-1

B.

1-2-4-3

C.

1-4-2-3

D.

2-1-4-3

Which of the following iterations is correct for the description of the management center?

A.

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

B.

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

C.

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

D.

The management center is divided into two parts: management server and teaching data collector.

Regarding scanning and snooping attacks, which of the following descriptions is wrong?

A.

Scanning attacks include address scanning and port scanning.

B.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

C.

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

D.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

Which of the following types of attacks are DDoS attacks? 2I

A.

Single packet attack

B.

Floating child attack

C.

Malformed message attack

D.

Snooping scan attack

Which of the following options will not pose a security threat to the network?

A.

Hacking

B.

Weak personal safety awareness

C.

Open company confidential files

D.

Failure to update the virus database in time

The configuration command to enable the attack prevention function is as follows; n

[FW] anti-ddos syn-flood source-detect

[FW] anti-ddos udp-flood dynamic-fingerprint-learn

[FW] anti-ddos udp-frag-flood dynamic fingerprint-learn

[FW] anti-ddos http-flood defend alert-rate 2000

[Fwj anti-ddos htp-flood source-detect mode basic

Which of the following options is correct for the description of the attack prevention configuration? (multiple choice)

A.

The firewall has enabled the SYN Flood source detection and defense function

B.

The firewall uses the first packet drop to defend against UDP Flood attacks.

C.

HTTP Flood attack defense uses enhanced mode for defense

D.

The threshold for HTTP Flood defense activation is 2000.

Which of the following options belong to the network layer attack of the TCP/IP protocol stack? (multiple choice)

A.

Address scanning

B.

Buffer overflow p

C.

Port scan

D.

IP spoofing

In the Huawei USG6000 product, after creating or modifying the security configuration file, the configuration content will not take effect immediately: you need to click the "Prompt" in the upper right corner of the interface.

"Hand in" to activate.

A.

True

B.

False

For the basic mode of HTTP Flood source authentication, which of the following options are correct? (multiple choice)

A.

The basic mode can effectively block the access from the Feng Explor client.

B.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

C.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

D.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

Huawei's USG000 product can identify the true type of common files and over-check the content. Even if the file is hidden in a compressed file, or change the extension

The name of the exhibition can't escape the fiery eyes of the firewall.

A.

True

B.

False