H12-722_V3.0 HCIP-Security-CSSN V3.0 Questions and Answers

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

Patching the system can completely solve the virus intrusion problem

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

All computer viruses must be parasitic in files and cannot exist independently

Text

Regular expressions

Community word

Custom keywords

Plan

Implementation

termination

Monitoring

1->2->3

1->2->4,

1->3->2

1->4->3

The virus detection system cannot directly detect compressed files

The anti-virus engine can detect the file type through the file extension

Gateway antivirus default file maximum decompression layer is 3 layers

The implementation of gateway antivirus is based on proxy scanning and stream scanning

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .

NAC Agent support MAC account login.

Web page login for authentication and can perform checks Strategy.

Web Agent login for identity certification and security certification.

NAC Agent cannot be installed on Windows Vista operating system.

True

False.

Long-term latency and collection of key data.

Leak the acquired key data information to a third party of interest

155955cc-666171a2-20fac832-0c042c044

Through phishing emails, attachments with 0day vulnerabilities are carried, causing the user's terminal to become a springboard for attacks.

The attacker sends a C&C attack or other remote commands to the infected host to spread the attack horizontally on the intranet.

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

True

False

Planting malware

Vulnerability attack

Web application attacks

Brute force

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

The firewall will first check the blacklist entries and then the whitelist entries.

Assuming that the user visits the www.exzample.com website, which belongs to the categories of humanities and social networks at the same time, the user cannot access the

website.

The user visits the website www.exzample.com, and when the black and white list is not hit, the next step is to query the predefined URL category entry.

The default action means that all websites are allowed to visit. So the configuration is wrong here.

Policy routing back annotation,

GRE back note:

MPLS LSP back injection

BGP back-annotation

The detection rate is higher than the flow scanning method

System overhead will be relatively small

Cache all files through the gateway's own protocol stack

More advanced operations such as decompression, shelling, etc. can be performed

True

155955cc-666171a2-20fac832-0c042c0421

False

True

155955cc-666171a2-20fac832-0c042c0433

False

TRUE

FALSE

Teardrop attack

Ping of Death attack

IP Spoofng attack

Land attack