H12-711-ENU試験無料問題集（290題）「Huawei HCIA-Security V3.0 認定」

出題：1

Digital certificates are fair to public keys through third-party agencies, thereby ensuring the non-repudiation of data transmission. Therefore, to confirm the correctness of the public key, only the certificate of the communicating party is needed.

A. True

B. False

正解：B 解答を投票する

出題：2

Which of the following statements are correct about Huawei routers and switches? (Multiple Choice)

A. The router can implement some security functions, and some routers can implement more security functions by adding security boards.

B. The main function of the router is to forward data. Sometimes the firewall may be a more suitable choice when the enterprise has security requirements.

C. The switch has some security features, and some switches can implement more security functions by adding security boards.

D. The switch does not have security features

正解：A,B,C 解答を投票する

出題：3

Intrusion Prevention System (IPS) is a defense system that can block in real time when an intrusion is discovered.

A. True

B. False

正解：A 解答を投票する

出題：4

Which of the following are the default security zones of Huawei firewall? (Multiple Choice)

A. Zone area

B. Trust area

C. Security area

D. Untrust area

正解：B,D 解答を投票する

出題：5

Which of the following options belong to the encapsulation mode supported by IPSec VPN? (Multiple Choice)

A. Tunnel mode

B. ESP mode

C. Transmission mode

D. AH mode

正解：A,C 解答を投票する

出題：6

In the security assessment method, the purpose of the security scan is to scan the target system with a scan analysis evaluation tool to discover related vulnerabilities and prepare for the attack.

A. True

B. False

正解：B 解答を投票する

出題：7

On the surface, threats such as viruses, vulnerabilities, and Trojans are the cause of information security incidents, but at the root of it, information security incidents are also strongly related to people and information systems themselves.

A. True

B. False

正解：A 解答を投票する

出題：8

Which of the following is wrong about the management of Internet users?

A. Each user belongs to at least one user group, also can belong to multiple user groups

B. Each user group can belong to multiple user groups

C. Each user group can include multiple users and user groups

D. The system has a default user group by default, which is also the system default authentication domain.

正解：B 解答を投票する

出題：9

Which of the following is not a requirement for firewall double hot standby?

A. The firewall hardware model is consistent

B. The firewall software version is consistent

C. The firewall interface has the same IP address.

D. The type and number of the interface used are the same.

正解：C 解答を投票する

出題：10

Which of the following is not included in the design principles of the questionnaire?

A. Specificity

B. Integrity

C. Consistency

D. Openness

正解：C 解答を投票する

出題：11

Classify servers based on the shape, what types of the following can be divided into? (Multiple choice)

A. Tower server

B. Blade server

C. X86 server

D. Rack server

正解：A,B,D 解答を投票する

出題：12

In order to obtain evidence of crime, it is necessary to master the technology of intrusion tracking. Which of the following descriptions are correct about the tracking technology? (Multiple Choice)

A. Packet Recording Technology marks packets on each router that has been spoken by inserting trace data into the tracked IP packets.

B. Link detection technology determines the source of the attack by testing the network connection between the routers.

C. Analysis of shallow mail behavior can analyze the information such as sending IP address, sending time, sending frequency, number of recipients, shallow email headers, etc.

D. Packet tagging technology extracts information from attack sources by recording packets on the router and then using data drilling techniques

正解：A,B,C 解答を投票する

出題：13

Which of the following options are correct about the NAT policy processing flow? (Multiple Choice)

A. Server-map is processed after status detection

B. Server-map is processed before the security policy matches

C. The source NAT policy is processed after the security policy is matched.

D. Source NAT policy query is processed after the session is created

正解：A,B,C 解答を投票する

出題：14

In stateful inspection firewall, when opening state detection mechanism, three-way handshake's second packet (SYN + ACK) arrives the firewall. If there is still no corresponding session table on the firewall, then which of the following statement is correct?

A. packets must not pass through the firewall

B. If the firewall security policy allows packets through, then creating the session table

C. packets must pass through the firewall, and establishes a session table

D. If the firewall security policy allows packets through, then the packets can pass through the firewall

正解：A 解答を投票する

H12-711-ENU試験無料問題集「Huawei HCIA-Security V3.0 認定」