H12-711-ENU試験無料問題集（290題）「Huawei HCIA-Security V3.0 認定」

出題：1

Which of the following is not a key technology for anti-virus software?

A. Format the disk

B. Shelling technology

C. Self-protection

D. Real-time upgrade of the virus database

正解：A 解答を投票する

出題：2

Which description about disconnect the TCP connection 4 times-handshake is wrong?

A. when passive close receipt the first FIN, it will send back an ACK, and randomly generated to confirm the serial number

B. passive closing party end need to send a file to the application, the application will close it connection and lead to send a FIN

C. initiative to shut down the sender first FIN active closed, while the other received this FIN perform passive shut down

D. in passive close the sender after the FIN, initiative to close must send back a confirmation, and will confirm the serial number is set to receive serial number 1

正解：A 解答を投票する

出題：3

Which of the following is not in the quintuple range?

A. Destination port

B. Source IP

C. Destination IP

D. Source MAC

正解：D 解答を投票する

出題：4

Which of the following is non-symmetric encryption algorithm?

A. 3DES

B. RC4

C. DH

D. AES

正解：C 解答を投票する

出題：5

Which of the following options does not belong to the log type of the Windows operating system?

A. Business log

B. System log

C. Security log

D. Application log

正解：A 解答を投票する

出題：6

Which of the following are the standard port numbers for the FTP protocol? (Multiple choice)

A. 21

B. 80

C. 20

D. 23

正解：A,C 解答を投票する

出題：7

In the Client-Initiated VPN configuration, generally it is recommended to plan the address pool and the headquarters of the network address for the different network segments, or need to open proxy forwarding on the gateway device.

A. True

B. False

正解：A 解答を投票する

出題：8

Which of the following statements about IPSec SA is true?

A. IPSec SA is two-way

B. IPSec SA is one-way

C. used to generate an encryption key

D. Used to generate a secret algorithm

正解：B 解答を投票する

出題：9

Which of the following is not part of the method used in the Detection section of the P2DR model?

A. Shut down the service

B. Real-time monitoring

C. Testing

D. Alarm

正解：D 解答を投票する

出題：10

Check the firewall HRP status information as follows:
HRP_S [USG_ B] display hrp state
16 : 90 : 13 2010/11/29
The firewall's config state is : SLAVE
Current state of virtual routers configured as slave
GigabitEthernet0/0/0 vird 1 : slave
GigabitEthernet0/0/1 vied 2 : slave
Which of the following description is correct?

A. the firewall must be in a state of preemption

B. the firewall of HRP heartbeats interface is G0/0/0 and G0/0/1

C. the firewall G0/0/0 and 0/1 G0 / interface of VRRP group status is Slave

D. the firewall VGMP group status is Master

正解：C 解答を投票する

出題：11

Which of the following statement is wrong about NAT?

A. Some application layer protocols carry IP address information in the data, but also to modify the data in the upper layer of the IP address information when they make NAT

B. Configure a NAT address pool in the source NAT technology. You can configure only one IP address in the address pool.

C. Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services outside the LAN

D. For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do NAT.

正解：D 解答を投票する

出題：12

The single-point login function of the online user, the user authenticates directly to the AD server, and the device does not interfere with the user authentication process. The AD monitoring service needs to be deployed on the USG device to monitor the authentication information of the AD server.

A. True

B. False

正解：B 解答を投票する

出題：13

Which of the following statement is wrong about L2TP VPN?

A. Applicable to business employees dialing access to the intranet

B. Can be used in conjunction with IPsec VPN

C. Will not encrypt the data

D. Belongs to Layer 3 VPN technology

正解：D 解答を投票する

出題：14

Social engineering is a means of harm such as deception, injury, etc. through psychological traps such as psychological weakness, instinctive reaction, curiosity, trust, and greed.

A. True

B. False

正解：A 解答を投票する

出題：15

Which of the following is the correct description of the investigation and evidence collection?

A. In the process of all investigation and evidence collection, there are law enforcement agencies involved.

B. Document evidence is required in computer crime

C. Evidence obtained by eavesdropping is also valid

D. Evidence is not necessarily required during the investigation

正解：A 解答を投票する

出題：16

The process of electronic forensics includes: protecting the site, obtaining evidence, preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence.

A. True

B. False

正解：A 解答を投票する

出題：17

UDP port scanning means that the attacker sends a zero-byte UDP packet to a specific port of the target host. If the port is open, it will return an ICMP port reachable data packet.

A. True

B. False

正解：B 解答を投票する

出題：18

Security technology has different methods at different technical levels and areas. Which of the following devices can be used for network layer security protection? (Multiple choice)

A. Firewall

B. IPS/IDS device

C. Vulnerability scanning device

D. Anti-DDoS device

正解：A,B,D 解答を投票する

出題：19

In IPSEC VPN, which of the following scenarios can be applied by tunnel mode?

A. between hosts and security gateways

B. between the host and the host

C. Between tunnel mode and transport mode

D. between security gateways

正解：D 解答を投票する

出題：20

Which of the following is true about the description of the firewall?

A. Adding a firewall to the network will inevitably change the topology of the network.

B. Depending on the usage scenario, the firewall can be deployed in transparent mode or deployed in a three-bedroom mode.

C. In order to avoid single point of failure, the firewall only supports side-by-side deployment.

D. The firewall cannot transparently access the network.

正解：B 解答を投票する

H12-711-ENU試験無料問題集「Huawei HCIA-Security V3.0 認定」