H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Questions 4

When a virus is detected in an email, which of the following is not the corresponding action for detection?

Options:

Warning

Block

Declare

Delete attachments

Buy Now

Questions 5

Under the CLI command, which of the following commands can be used to view the AV engine and virus database version?

Options:

display version av-sdb

display utm av version

display av utm version

display utm version

Buy Now

Questions 6

The administrator of a certain enterprise wants employees of Yangzhi to visit the shopping website during working hours. So a URL filtering configuration file is configured to divide the predefined

The shopping website in the category is selected as blocked. But employee A can still use the company's network to shop online during lunch break. Then what are the following possible reasons

some?

Options:

The administrator has not set the time to vote every day from 9:00 to 18:00

The shopping website does not belong to the predefined shopping website category

The administrator did not submit the configuration after completing the configuration.

The administrator has not applied the URL pass-through configuration file to the security policy.

Buy Now

Questions 7

The virus signature database on the device needs to be continuously upgraded from the security center platform. Which of the following is the website of the security center platform?

Options:

sec. huawei. com.

support.huaver: com

www. huawei. com

security.. huawei. com

Buy Now

Questions 8

Which of the following options is correct for the sequence of the flow-by-stream detection of AntiDDoS?

1. The Netflow analysis device samples the current network flow;

2. Send a drainage command to the cleaning center;

3. Discover the DDoS attack stream;

4.Netior: analysis equipment sends alarms to ATIC management center

5. The abnormal flow is diverted to the cleaning center for further inspection and cleaning;

6. The cleaning center sends the host route of the attacked target IF address server to the router to achieve drainage

7. The cleaning log is sent to the management center to generate a report;

8. The cleaned traffic is sent to the original destination server.

Options:

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

Buy Now

Questions 9

UDP is a connectionless protocol. UDP Flood attacks that change sources and ports will cause performance degradation of network devices that rely on session forwarding.

Even the session table is exhausted, causing the network to be paralyzed. Which of the following options is not a preventive measure for UDP Flood attacks?

Options:

UDP fingerprint learning

Associated defense

current limit

First packet discarded

Buy Now

Questions 10

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

Options:

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Buy Now

Questions 11

When the device recognizes a keyword during content filtering detection, which response actions can the device perform? (multiple choice)

Options:

Warning

Block

Declare

Operate by weight

Buy Now

Questions 12

Based on the anti-virus gateway of streaming scan, which of the following descriptions is wrong?

Options:

Rely on state detection technology and protocol analysis technology

The performance is higher than the agent-based method

The cost is smaller than the agent-based approach

The detection rate is higher than the proxy-based scanning method

Buy Now

Questions 13

In the security protection system of the cloud era, reforms need to be carried out in the three stages before, during and after the event, and a closed-loop continuous improvement should be formed.

And development. Which of the following key points should be done in "things"? (multiple choice)

Options:

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

Buy Now

Questions 14

In the Huawei USG6000 product, after creating or modifying the security configuration file, the configuration content will not take effect immediately: you need to click the "Prompt" in the upper right corner of the interface.

"Hand in" to activate.

Options:

True

False

Buy Now

Questions 15

Information security is the protection of information and information systems to prevent unauthorized access, use, leakage, interruption, modification, damage, and to improve

For confidentiality, integrity and availability. ,

Options:

True

False

Buy Now

Questions 16

Regarding HTTP behavior, which of the following statements is wrong?

Options:

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Buy Now

Questions 17

Which of the following features does Huawei NIP intrusion prevention equipment support? (multiple choice)

Options:

Virtual patch

Mail detection

SSL traffic detection

Application identification and control

Buy Now

Questions 18

For the basic mode of HTTP Flood source authentication, which of the following options are correct? (multiple choice)

Options:

The basic mode can effectively block the access from the Feng Explor client.

The bot tool does not implement a complete HTTP protocol stack and does not support automatic redirection, so the basic mode can effectively defend against HTTP Flood attacks.

hit.

When there is an HTTP proxy server in the network, the firewall will add the IP address of the proxy server to the whitelist, but it will recognize the basic source of the zombie host.

The certificate is still valid.

The basic mode will not affect the user experience, so the defense effect is higher than the enhanced mode.

Buy Now

Questions 19

There are several steps in a stored XSS attack

①The attacker hijacks the user session

②The attacker submits an issue containing known JavaScript

③User login

④The user requests the attacker's question 5

⑤The server responds to the attacker’s JavaScript

⑥ The user's browser sends a session token to the attacker

⑦The attacker's JavaScript is executed in the user's browser

For the ordering of these steps, which of the following options is correct?

Options:

③②⑦⑥④⑤①

③②④⑤⑦⑥①

③②④⑥⑤⑦①

155955cc-666171a2-20fac832-0c042c0428

⑧②⑤⑦④⑥①

Buy Now

Questions 20

Regarding intrusion detection I defense equipment, which of the following statements are correct? (multiple choice)

Options:

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

Buy Now

Questions 21

Regarding the sequence of the mail transmission process, which of the following is correct?

1. The sender PC sends the mail to the designated SMTP Server.

2. The sender SMTP Server encapsulates the mail information in an SMTP message and sends it to the receiver SMTP Server according to the destination address of the mail

3. The sender SMTP Server encapsulates the mail information in an SMTP message according to the destination address of the mail and sends it to the receiver POP3/MAP Senver

4. The recipient sends an email.

Options:

1->2->3

1->2->4,

1->3->2

1->4->3

Buy Now

Questions 22

An enterprise administrator configures a Web reputation website in the form of a domain name, and configures the domain name as www. abc; example. com. .

Which of the following is the entry that the firewall will match when looking up the website URL?

Options:

example

www. abc. example. com

www.abc. example

example. com

Buy Now

Questions 23

Which of the following threats cannot be detected by IPS?

Options:

Virus

Worms

Spam

DoS

Buy Now

Questions 24

Which of the following options is not a feature of big data technology?

Options:

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

Buy Now

Questions 25

If the user's FTP operation matches the FTP filtering policy, what actions can be performed? (multiple choice)

Options:

Block

Declare

Alarm

Execution

Buy Now

Questions 26

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

Options:

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Buy Now

Exam Code: H12-722

Exam Name: Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0)

Last Update: Nov 29, 2024

Questions: 177

PDF + Testing Engine

$66 ~~$164.99~~

Testing Engine

$50 ~~$124.99~~

PDF (Q&A)

$42 ~~$104.99~~

Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

marks4sure logo

Navigation:

H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

PDF + Testing Engine

Testing Engine

PDF (Q&A)

Quick Links

Why Us

Unlimited Packages

Marks4sure

Site Secure