Regarding the description of the Windows log event type, which of the following is correct? (Multiple Choice)
- A . Warning event refers to an event that the application, driver or service is successful.
- B . Error events usually refer to the loss of functionality and data. For example, a service cannot be loaded as a system boot, an error event is generated.
- C . When the disk space is insufficient, it will be recorded as a "information event".
- D . Failure audit event refers to a failure of security login attempts, such as failure when a user view accesses a network drive, is recorded as a failure audit event.
Which types of the following can the encryption technology be divided into? (Multiple Choice)
- A . Symmetrical encryption
- B . Fractional symmetric encryption
- C . Fingerprint encryption
- D . Data encryption
Which of the following is the status information that can be backed up by the HRP (Huawei Redundancy Protocol) protocol? (Multiple Choice)
- A . Conference table
- B . ServerMap entry
- C . Dynamic blacklist
- D . Routing table
Which of the following is the core part of the P2DR model?
- A . Policy
- B . Protection
- C . Detection
- D . Response
Evidence identification needs to solve the integrity verification of evidence and determine if it meets the standards that can be used. Regarding the standards of evidence identification, which of the following statement is correct?
- A . Relevance standard refers to that if the electronic evidence can have a material impact on the facts of the case to a certain extent, the court should rule that it is relevant.
- B . Objective standard refers to the acquisition, storage, and submission of electronic evidences shall be legal, and the basic rights such as national interests, social welfare and personal privacy do not constitute strict violations.
- C . Legality standard is to ensure that electronic evidence is collected from the initial acquisition, and the content is not changed in the process of submission as litigation evidence.
- D . Fair standard refers to that only the legal subject obtains the evidentiary material by legal means has evidentiary ability.
Data Analysis Technology is to find, match keywords or key phrases, and analyze the correlation of time in data streams or information streams that have been obtained.
Which of the following does not belong to evidence analysis technology?
- A . Password decipherment, data decryption technology
- B . File Digital Summary Analysis Technology
- C . Exploring the technology of the connection between different evidence
- D . Spam tracking technology
About AH and ESP security protocols, which of the following statements are correct? (Multiple Choice)
- A . AH can provide the functions of encryption and verification
- B . ESP can provide the functions of encryption and verification
- C . AH’s protocol number is 51
- D . ESP’s protocol number is 51
DDoS attack belongs to which attack type?
- A . Snoop scan attack
- B . Malformed packet attack
- C . Special packet attack
- D . Flow type attack
About SSL VPN technology, which of the following statement is wrong?
- A . SSL VPN technology is perfect for NAT traversal scenarios
- B . Encryption of SSL VPN technology only takes effect on the application layer
- C . SSL VPN requires dial client
- D . SSL VPN technology expands the network range of enterprises
Which options can be operated in the advanced settings of the Windows Firewall? (Multiple Choice)
- A . Restore default
- B . Change Notification Rules
- C . Set connection safety rules
- D . Set inbound and outbound rules
When configuring NAT Server on the USG Series Firewall, a Server-Map table is generated. Which item below does not belong to content in this performance?
- A . Destination IP
- B . Destination port number
- C . Agreement number
- D . Source IP
Which attack below does not belong to a special packet attack?
- A . ICMP redirection packet attack
- B . ICMP unreachable packet attack
- C . IP address scan attack
- D . Super ICMP Packet Attack
Which attack below is not a malformated packet attack?
- A . TEARDROP attack
- B . Smurf attack
- C . TCP shard attack
- D . ICMP unreachable message attack
"Caesar Password" is mainly encrypted by using a stick of specific specifications.
- A . True
- B . False
Which of the following is a remote authentication method? (Multiple Choice)
- A . RADIUS
- B . Local
- C . HWTACACS
- D . LLDP
When the firewall hard disk is on the throne, which of the following statement about the firewall log is correct?
- A . Administrators can announce the content log to view the detection and defense record of network threats
- B . Administrators can understand the user’s security risk behavior and the cause of the alarm or blocking reason via threat logs.
- C . Administrators know the user’s behavior, the keyword of the exploitation, and the effectiveness of the audit policy configuration through user activity logs.
- D . Administrators can use the security policy in which traffic hits in the policy, for fault location when there is a problem.
In the Client-Initiated VPN configuration, it is generally recommended to plan the address pool and headquarters network address as different network segments, otherwise you need to turn on the proxy forwarding function on the gateway device.
- A . True
- B . False
In addition to supporting built-in Portal authentication, firewall also supports custom Portal authentication, and does not require separate deployment of external Portal servers when using custom Portal authentication.
- A . True
- B . False
NAPT technology can implement a public IP address for multiple private network hosts.
- A . True
- B . False
IPSec VPN technology does not support NAT crossing when using the ESP security protocol package, because ESP encrypts the header of the packet.
- A . True
- B . False
Which item is correct about SSL VPN?
- A . Can be used without the client
- B . Can encrypt the IP layer
- C . There is a NAT crossing problem
- D . No authentication
Some applications such as Oracle Database Applications, has no data streaming for a long time, so that the firewall session connection is interrupted, resulting in business interruption, which of the following is the optimal solution?
- A . Configure a long connection for one business
- B . Open the ASPF function
- C . Optimize safety strategy
- D . Open Split Cache
"Implementing security monitoring management for information and information systems, preventing illegal use of information and information systems", is to achieve which feature in information security?
- A . Confidentiality
- B . Controllability
- C . Non-repudiation
- D . Integrity
When configuring a security policy, a security policy can reference the address set or configure multiple destination IP addresses.
- A . True
- B . False
Which of the following is not a quintuple range?
- A . Source IP
- B . Source Mac
- C . Destination IP
- D . Destination port
Which of the following statement is wrong about the L2TP VPN of Client-Initialized?
- A . After the remote user access the Internet, the L2TP tunnel connection request can be initiated directly from the remote LNS through the client software.
- B . The LNS device receives the user’s L2TP connection request, and the user can be verified according to the username and password.
- C . LNS assign private IP addresses for remote users.
- D . The remote users do not need to install VPN client software
About the description of the vulnerability scan, which of the following is wrong?
- A . Vulnerability Scan is a technology based on network remote monitoring target network or host security performance vulnerability, which can be used to simulate attack experiments and security audits.
- B . Vulnerability scan is used to detect if the target host system has a vulnerability, generally a scan for a specific vulnerability for the target host
- C . Vulnerability scan is a passive prevention measures to effectively avoid hacker attack behavior
- D . Vulnerability scan can be used according to the results of ping scanning and port scanning
Regarding the firewall security strategy, which of the following is wrong?
- A . If the security policy is Permit, the discarded message will not be accumulated "hitting"
- B . When configuring the security policy name, you cannot reuse the same name.
- C . Adjust the order of the security policy, do not need to save the configuration file, take effect immediately
- D . Huawei USG series firewall security strategy entry cannot exceed 128
What protection levels are included in TCSEC standard? (Multiple Choice)
- A . Verification Protection
- B . Forced Protection
- C . Self-protection
- D . Passive Protection
Which one of the options below belong to the component of the PKI architecture? (Multiple Choice)
- A . Terminal entity
- B . Certificate certification authority
- C . Certificate registration authority
- D . Certificate Storage authority
"Be good at observation" and "keep suspicion" can help us better identify security threats in the online world.
- A . True
- B . False
In tunnel encapsulation mode, there is no need to have the routing to the destination private network segment, because the data will reseal using the new IP header to find routing table.
- A . True
- B . False
About the description of the Windows firewall, which of the following statements are correct? (Multiple Choice)
- A . Windows firewalls can only allow or prohibit preset programs or features and programs installed on the system, and cannot customize the release rules in accordance with protocols or port numbers.
- B . Windows firewall not only allows or prohibits preset programs or features and programs installed on the system, but also support to customize the release rules in accordance with protocols or port numbers.
- C . If in the process of setting up the Windows firewall, the Internet cannot be accessed, you can quickly restore the firewall to the initial state using the restored default value function.
- D . Windows firewall can change the notification rule in the closed state
Regarding the investigation and evidence collection, which of the following statement is correct?
- A . Evidence is not necessarily needed in an investigation
- B . Evidence acquired by eavesdropping is also effective
- C . During all investigation and evidence, preferably with law enforcement involved.
- D . Document evidence is required in computer crimes
Regarding the online user management, which of the following is incorrect?
- A . Each user group can include multiple users and user groups
- B . Each user group can belong to multiple parent user groups
- C . The system has a default user group by default, and it is also the system default authentication domain.
- D . Each user at least belongs to one user group, or it can belong to multiple user groups.
Which of the following is not used by the Detection link in the P2DR model?
- A . Real-time monitoring
- B . Detection
- C . Alarm
- D . Close service
Which item below is not a Linux operating system?
- A . CentOS
- B . RedHat
- C . Ubuntu
- D . MAC OS
In some scenarios, it is necessary to convert the source IP address, but also convert the destination IP address, which technology of the following is used by these scenarios?
- A . Two-way NAT
- B . Source Nat
- C . NAT-Server
- D . Nat Alg
Which protocols below can guarantee the confidentiality of data transmission? (Multiple Choice)
- A . Telnet
- B . SSH
- C . FTP
- D . HTTPS
On the USG series firewall, after configuring the web redirection, the the authentication page cannot pop up. Which item below does not belong to the cause?
- A . Unconfigured authentication policy or authentication policy configuration error
- B . Unenable WEB authentication function
- C . Browser SSL version is not matched with the firewall authentication page SSL version
- D . The port number of the authentication page service is set to 8887