H12-711試験無料問題集（290題）「Huawei HCIA-Security V3.0 認定」

出題：1

The repair of anti-virus software only needs to be able to repair some system files that were accidentally deleted when killing the virus to prevent the system from crashing.

A. True

B. False

正解：A 解答を投票する

出題：2

IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.

A. True

B. False

正解：B 解答を投票する

出題：3

Fire Trust domain FTP client wants to access an Untrust server FTP service has allowed the client to access the server TCP 21 port, the client in the Windows command line window can log into the FTP server, but can not download the file, what are the following solutions? (Multiple choice)

A. Trust Untrust domain configuration is enabled detect ftp

B. the FTP works with the port mode modify the Untrust Trust domain to allow the inbound direction between the default access strategy

C. FTP works with Passive mode modify the domain inbound direction between the Untrust Trust default access policy to allow

D. take the Trust between Untrust domain to allow two-way default access strategy

正解：A,B,D 解答を投票する

出題：4

The attacker by sending ICMP response request, and will request packet destination address set to suffer Internet radio address.
Which kind of attack does this behavior belong to?

A. IP spoofing attack

B. ICMP redirect attack

C. SYN flood attack

D. Smurf attack

正解：D 解答を投票する

出題：5

Against IP Spoofing, which of the following description is wrong?

A. After IP spoofing attack is successful, the attacker can use forged any IP address to imitate legitimate host to access to critical information

B. IP spoofing is to use the hosts' normal trust relationship based on the IP address to launch it

C. The hosts based on IP address's trust relationship can login directly without entering password verification

D. An attacker would need to disguise the source IP addresses as trusted hosts, and send the data segment with the SYN flag request for connection

正解：A 解答を投票する

出題：6

NAT technology can securely transmit data by encrypting data.

A. True

B. False

正解：B 解答を投票する

出題：7

Which of the following options are correct about the control actions permit and deny of the firewall interzone forwarding security policy? (Multiple Choice)

A. Even if the packet matches the permit action of the security policy, it will not necessarily be forwarded by the firewall.

B. The action of the firewall default security policy is deny

C. Whether the message matches the permit action of the security policy or the deny action, the message will be processed by the UTM module.

D. The packet is matched immediately after the inter-domain security policy deny action, and the other interzone security policy will not be executed.

正解：A,B,D 解答を投票する

出題：8

Which of the following is the core part of the P2DR model?

A. Protection

B. Policy Strategy

C. Detection

D. Response

正解：B 解答を投票する

出題：9

Which of the following statements are correct about the differences between pre-accident prevention strategies and post-accident recovery strategies? (Multiple Choice)

A. Recovery strategy is used to improve business high availability

B. The role of pre-disaster prevention strategies does not include minimizing economic, reputational, and other losses caused by accidents.

C. The prevention strategy focuses on minimizing the likelihood of an accident before the story occurs. The recovery strategy focuses on minimizing the impact and loss on the company after the accident

D. Recovery strategy is part of the business continuity plan

正解：A,C,D 解答を投票する

出題：10

Which of the following attacks does not belong to special packet attack?

A. ICMP redirect packet attack

B. IP address scanning attack

C. Large ICMP packet attack

D. ICMP unreachable packet attack

正解：B 解答を投票する

出題：11

In the USG system firewall, the ________ function can be used to provide well-known application services for non-known ports.

A. MAC and IP address binding

B. Port mapping

C. Packet filtering

D. Long connection

正解：B 解答を投票する

出題：12

Digital certificates are fair to public keys through third-party agencies, thereby ensuring the non-repudiation of data transmission. Therefore, to confirm the correctness of the public key, only the certificate of the communicating party is needed.

A. True

B. False

正解：B 解答を投票する

出題：13

Which of the following is correct about firewall IPSec policy?

A. By default, IPSec policy can control multicast.

B. By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets 。

C. By default, IPSec policy can control unicast packets and broadcast packets.

D. By default, IPSec policy only controls unicast packets.

正解：D 解答を投票する

H12-711試験無料問題集「Huawei HCIA-Security V3.0 認定」