A. When data flows between different security zones, the device security check is triggered and the corresponding security policy is implemented.
B. The firewall can create two security zones of the same priority
C. Firewall can have 12 security zones at most.
D. The firewall has four security zones by default, and the four security zone priorities do not support modification.
A. the routing table
B. the dynamic blacklist
C. Server Map table
D. TCP/UDP sessions table
A. Fierhunter
B. CIS
C. AntiDDoS
D. Router
A. Business log
B. Threat log
C. Operation log
D. Alarm information
A. Questionnaire survey
B. Manual audit
C. Data analysis
D. Penetration test
A. The mirrored port copies the packet to the observing port.
B. The observing port sends the received packet to the monitoring device.
C. The mirrored port sends the received packet to the monitoring device.
D. The observing port copies the packet to the mirrored port.
A. ICMP redirect packet attack
B. IP address scanning attack
C. Large ICMP packet attack
D. ICMP unreachable packet attack
A. windows server 2008 security log is stored in security.evtx
B. The system log is used to record the events generated by the operating system components, including the crash of the driver, system components and application software, and data.
C. windows server 2008 system logs stored in the Application.evtx
D. The application log contains events logged by the application or system program, mainly recording events in the running of the program.
A. True
B. False
A. The administrator can use the threat log to understand the user's security risk behavior and the reason for being alarmed or blocked.
B. The administrator can advertise the content log to view the detection and defense records of network threats.
C. The administrator can learn the security policy of the traffic hit through the policy hit log, and use it for fault location when the problem occurs.
D. The administrator knows the user's behavior, the keywords explored, and the effectiveness of the audit policy configuration through the user activity log.
A. It requires the state of all the VRRP backup groups in the same VGMP management group on the same firewall should be consistent.
B. The firewall active-standby requires the information such as the session table, MAC table, routing table and so on synchronous backup between primary devices and slave devices.
C. When a plurality of regions on the firewall need to provide dual-machine backup function, you need to configure multiple VRRP backup groups on the firewall.
D. VGMP is to ensure all VRRP backup groups' consistency of switching
A. Intrusion detection system includes all hardware and software systems for intrusion detection
B. The intrusion detection system can perform blocking operation if it finds that there is a violation of the security policy or the system has traces of being attacked.
C. The flood detection system can be linked with firewalls and switches to become a powerful "helper" of the firewall, which is better and more precise to control traffic access between domains.
D. The intrusion detection system can dynamically collect a large amount of key information and materials through the network and computer, and can timely analyze and judge the current state of the entire system environment.
A. may IP encrypt layer
B. There is a NAT traversal problem
C. No authentication required
D. Can be used without a client
A. Establish a defense system and specify control measures
B. Evaluation of members of the emergency response organization
C. Determine the effectiveness of the isolation measures
D. Evaluate the implementation of the contingency plan and propose a follow-up improvement plan
