A. ARP mode, can only be used for directly connected network nodes
B. Answer mode
C. Netbios mode
D. ICMP mode, can be used for directly connected network nodes, mostly for non-directly connected network nodes
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
A. True
B. False
A. Orion Network Performance Monitor
B. Solorwinds
C. MRTG
D. eSight
E. U2000
A. Basic information of the document
B. Dynamic behavior flow
C. Threat behavior classification
D. Behavior capture chart
E. Document dissemination information
A. First, reassemble IP fragmented packets and TCP streams, then match characteristics, then perform protocol identification and protocol analysis to complete detection, and finally respond to processing.
B. Threat identification based on message port number
C. Protocol identification and protocol analysis are performed first, then IP fragment message reassembly and TCP stream reassembly are performed, then feature matching is performed to wake up intrusion detection, and finally response processing is performed.
D. First, reassemble IP fragmented packets and TCP streams, then perform protocol identification and protocol analysis, then perform feature matching to wake up intrusion detection, and finally perform response processing.
