Which of the following does not belong to Layer 2 VPN?
- A . L2F
- B . PPTP
- C . L2TP
- D . IPsec
When deploying dual-machine hot backup on the firewall, which of the following protocols needs to be used to achieve overall status switching of the VRRP backup group?
- A . VRRP
- B . VGMP
- C . HRP
- D . OSPF
In inter-domain packet filtering, which of the following applies to the Inboud direction?
- A . Untrust>Trust
- B . Local>Trust
- C . DME>Untrust
- D . Local>DNZ
Which of the following statements is correct regarding IPsec SA?
- A . IPsec SA is one-way
- B . IPsec SA is bidirectional
- C . Used to generate encryption keys
- D . Used to generate secret algorithms
After enabling the GRE keepalive function, by default, the device will periodically send keepalive messages to the peer every how many seconds?
- A . 20
- B . 10
- C . 5
- D . 3
Regarding the description of the preemption function of VGMP management, which of the following is incorrect?
- A . By default, the preemption function of the VGMP management group is enabled.
- B . By default, the preemption delay time of the VGMP management group is 40s.
- C . Preemption means that when the original failed master device recovers, its priority will be restored. At this time, its status can be preempted as the master again.
- D . When the VRRP backup group is added to the VGMP management group, the original preemption function on the VRRP backup group becomes invalid.
In the USG series firewall, you can use which of the following function to provide well-known application services for non-well-known ports?
- A . Port mapping
- B . MAC and IP address binding
- C . Packet filtering
- D . Long connection
Regarding the anti-virus response method of the firewall gateway for the HTTP protocol, which of the following statements is incorrect?
- A . When the gateway device blocks the HTTP connection, it pushes the web page to the client and generates logs.
- B . Response methods include announcement and blocking
- C . In the alarm mode, the device only generates logs and sends them out without processing the files transmitted by the HTTP protocol.
- D . Blocking means that the device disconnects from the HTTP server and blocks file transfers
Which of the following options is not a hashing algorithm?
- A . MD5
- B . SHA1
- C . SM1
- D . SHA2
Which of the following protocols cannot be encrypted by SSL VPN?
- A . HTTP
- B . UDP
- C . IP
- D . PPP
The intrusion prevention system is based on which of the following for attack identification?
- A . Port number
- B . Agreement
- C . IP address
- D . Feature library
Which of the following statements about VPNs is false?
- A . Virtual private networks are less expensive than dedicated lines
- B . VPN technology must involve encryption technology
- C . VPN technology is a technology that multiplexes logical channels on actual physical lines.
- D . The emergence of VPN technology allows employees on business trips to remotely access internal corporate servers
Which of the following technologies can hide the internal network of a private network while preventing external attacks on internal servers?
- A . IP spoofing
- B . NAT _
- C . VRRP
- D . Address filtering
Regarding Internet user management, which of the following is incorrect?
- A . Each user group can include multiple users and user groups
- B . Each user group can belong to multiple parent user groups
- C . The system has a default user group by default, which is also the system’s default authentication domain.
- D . Each user belongs to at least one user group and can also belong to multiple user groups.
Which of the following does not include the steps of the security assessment method?
- A . Manual audit
- B . Penetration testing
- C . Questionnaire survey
- D . Data analysis
Regarding the description of an intrusion detection system, which of the following is incorrect?
- A . The intrusion detection system can dynamically collect a large amount of key information through the network and computer, and can analyze and judge the current status of the entire system environment in a timely manner.
- B . Once the intrusion detection system discovers behavior that violates security policies or there are traces of the system being attacked, it can implement blocking operations.
- C . Intrusion detection system includes all software and hardware systems used for intrusion detection
- D . The intrusion detection system can be linked with firewalls and switches to become a powerful "assistant" of the firewall to better and more accurately control traffic access between domains.
Regarding security policy configuration commands, which of the following is correct?
- A . It is forbidden to access the ICMP packets from the trust zone to the untrust zone and the destination address is the 10.1.10.10 host.
- B . Prohibit access from the trust zone to all host ICMP messages in the untrust zone with the destination address 10.1.0.0/16 network segment
- C . Forbid all host ICMP messages from the trust zone to access the untrust zone and whose source address is the 10.1.0.0/16 network segment.
- D . Prohibit access from the trust zone to all host ICMP messages from the untrust zone with the source address 10.2.10.10.
As shown in the figure, in transmission mode, which of the following positions should the AH Header be inserted into?
- A . 1
- B . 2
- C . 3
- D . 4
In Huawei SDSec solution, which layer of equipment does the firewall belong to?
- A . Analysis layer
- B . Control layer
- C . Execution layer
- D . Monitoring layer
Check the HRP status information of the firewall as follows:
HRP S [USG_B] display hrp stateBbs.hh010.com The firewall’s config state is: StandbyCurrent state of virtual routers configured as standby: GigabitEthernet1/0/0 vrid 1: standbyGigabitEthernet1/0/1Vrid 2: standby
Based on the above information, which of the following descriptions is correct:
- A . The status of this firewall VGMP group is Active
- B . The VRRP group status of the G1/0/0 and G1/0/1 interfaces of this firewall is standby.
- C . The HRP heartbeat interfaces of this firewall are G1/0/0 and G1/0/1
- D . This firewall must be in preemption state
Regarding the comparison between windows and linux, which of the following statements is incorrect?
- A . It is difficult for newbies to get started with Linux and they need some learning and guidance.
- B . Windows can be compatible with most software and play most games.
- C . Linux is open source, you can do whatever you want
- D . Windows is open source, you can do whatever you want
Which of the following protocols does not belong to the protocol type that ASPF can detect?
- A . MSTP
- B . FTP
- C . DNS
- D . PPTP
Compared with traditional five-tuple information, which of the following elements is a new element of next-generation firewall?
- A . Destination address
- B . Source port
- C . Application
- D . Agreement number
Which of the following is true regarding firewall security policies?
- A . By default, security policies can control unicast messages and broadcast messages.
- B . By default, security policies can control multicast
- C . By default, the security policy only controls unicast packets.
- D . By default, security policies can control unicast packets, broadcast packets and multicast packets.
Which of the following attacks is not a malformed packet attack?
- A . Teardrop attack
- B . Smurf attack
- C . TCP fragmentation attack
- D . ICMP unreachable message attack
Which of the following descriptions of the VGMP protocol is incorrect?
- A . VGMP adds multiple VRRP backup groups on the same firewall to a management group, and the management group manages all VRRP backup groups uniformly.
- B . VGMP ensures that the status of all VRRP backup groups in the management group is consistent by uniformly controlling the status switching of each VRRP backup group.
- C . The VGMP group device in the Active status will regularly send hello messages to the peer. The stdandby end is only responsible for monitoring hello messages and will not respond.
- D . By default, when the standby end does not receive a hello message from the peer end within three hello message cycles, it will consider that the peer end is faulty and switch itself to the Active state.
Regarding NAT configuration, which of the following is incorrect?
- A . Configure source NAT in transparent mode. The firewall does not support easy-ip mode.
- B . The IP address in the address pool can overlap with the public IP address of the NAT server.
- C . When there is VoIP service in the network, there is no need to configure NAT ALG.
- D . The firewall does not support NAPT conversion of ESP and AH packets.
Regarding the difference between packet filtering firewalls and application proxy firewalls, which of the following descriptions is incorrect?
- A . Applying proxy firewall can speed up intranet users’ access to commonly used websites.
- B . Packet filtering firewalls are usually implemented below the transport layer, and application proxy firewalls are usually implemented above the session layer.
- C . Application layer proxy firewall can provide user authentication.
- D . Packet filtering firewalls do not have data forwarding capabilities and must be deployed in conjunction with routers.
Regarding the description of vulnerability scanning, which of the following is incorrect?
- A . Vulnerability scanning is a network-based technology that remotely monitors the security performance vulnerabilities of a target network or host. It can be used to conduct simulated attack experiments and security audits.
- B . Vulnerability scanning is used to detect whether there are vulnerabilities in the target host system. Generally, it scans the target host for specific vulnerabilities.
- C . Vulnerability scanning is a passive prevention measure that can effectively avoid hacker attacks.
- D . Vulnerability scanning can be performed based on the results of ping scan and port scan
In which of the following stages does the L2TP protocol allocate IP addresses?
- A . Link establishment phase
- B . LCP Negotiation Phase
- C . CHAP stage
- D . NCP negotiation stage
Which of the following descriptions about the VGMP group is correct?
- A . The priority of VRRP in the VGMP group will change as VGMP changes.
- B . VGMP is a protocol used to control the status of VRRP groups
- C . The default priority of USG6000 is 65000
- D . The default priority of USG9000 is 45000
How many bits are the keys used by DES encryption technology, and how many bits are used by 3DES encryption technology.
- A . 56168
- B . 64168
- C . 64128
- D . 56128
Which of the following does not include the trigger authentication method for firewall access user authentication?
- A . MPLS VPN
- B . SSL VPN
- C . IPsec VPN
- D . L2TP VPN
Regarding Windows logs, which of the following descriptions is incorrect?
- A . System logs are used to record events generated by operating system components, mainly including crashes and data of drivers, system components and application software.
- B . The system log of windows server 2008 is stored in Application.evtx
- C . Application logs contain events recorded by applications or system programs, mainly recording events related to program operation.
- D . The security log of windows server 2008 is stored in security.evtx
Which of the following is not a stand-alone anti-virus technology?
- A . Configure anti-virus technology on the network firewall
- B . Use virus detection tools
- C . Patch the system
There are various security threats during the use of the server.
Which of the following options is not a server security threat?
- A . Natural disaster
- B . DDos attack
- C . Hacker attack
- D . Malicious programs
Which of the following descriptions of common hashing algorithms is incorrect?
- A . Hashing algorithms can transform inputs of any length into fixed-length outputs.
- B . SHA-1 has faster calculation speed and higher security than the MD5 algorithm.
- C . The SM3 algorithm is a domestic encryption algorithm. It is used for digital signature and verification, message authentication code generation and verification, and random number generation in cryptographic applications. It can meet the security needs of a variety of cryptographic applications.
- D . SHA-2 is an enhanced version of SHA-1, and its security performance is much higher than SHA-1
In IPsec VPN transmission mode, which part of the data packet is encrypted?
- A . Network layer and upper layer data messages
- B . Original IP header
- C . New IP header
- D . Transport layer and upper layer data messages
Which of the following is an "information destruction incident" in the classification of network security incidents?
- A . Software and hardware failure
- B . Information counterfeiting
- C . Network scanning plagiarism
- D . Listen to Trojan attacks
Which of the following options is not an identifier of IPsec SA?
- A . SPI
- B . Destination address
- C . Source address
- D . Security Protocol
Regarding NAT technology, which of the following descriptions is correct?
- A . The internal server of the NAT network cannot be accessed by external network users, so if you deploy a server that needs to provide external services, you must assign an independent public network address to the server.
- B . NAT reduces the difficulty of network monitoring
- C . NAT technology can only achieve one-to-one address conversion and cannot achieve address reuse.
- D . NAT can hide the intranet IP address
Which of the following is the difference between Network Address Port Translation (NAPT) and Network Address Only Translation (No-PAT)?
- A . After No-PAT conversion, for external network users, all packets come from the same IP address.
- B . No-PAT only supports protocol port conversion at the transport layer
- C . NAPT only supports protocol address translation at the network layer
- D . No-PAT supports protocol address translation at the network layer
Which of the following is not a symmetric encryption algorithm?
- A . IDEA
- B . RSA
- C . AES
- D . 3DES
Which of the following descriptions of HWTACACS protocol features is incorrect?
- A . Use UDP protocol
- B . Separation of authentication and authorization
- C . In addition to the standard HWTACACS message header, the entire message body is encrypted.
- D . Suitable for security control.
When deploying IPsec VPN tunnel mode, use the AH protocol for packet encapsulation.
In the new IP packet header field, which of the following parameters does not require data integrity check?
- A . Source IP address
- B . Destination IP address
- C . TTL
- D . Identification
Data analysis technology is to find and match keywords or key phrases in the acquired data stream or information stream, and analyze the correlation of time.
Which of the following is not an evidence analysis technique?
- A . Password deciphering, data decryption technology
- B . Document digital summary analysis technology
- C . Techniques for discovering connections between different pieces of evidence
- D . Spam tracking technology
Regarding SSL VPN technology, which of the following statements is incorrect?
- A . SSL VPN technology can be perfectly suitable for NAT traversal scenarios
- B . The encryption of SSL VPN technology only takes effect on the application layer
- C . SSL VPN requires a dial-up client
- D . SSL VPN technology expands the network scope of enterprises
Usually we divide servers into two categories: general servers and functional servers. Which of the following options meets this classification standard?
- A . Divided by application level
- B . Classification by purpose
- C . Divide by appearance
- D . Divided by architecture
When IPsec VPN uses transport mode to encapsulate packets, which of the following is not within the certification scope of the ESP security protocol?
- A . ESP Header
- B . IP Header
- C . ESP Iail
- D . ICP Header
Which of the following descriptions of digital fingerprints in digital signatures is incorrect?
- A . The receiver needs to use the sender’s public key to decrypt the digital signature and obtain the digital fingerprint.
- B . It is the data obtained by the sender after calculating the plaintext information through the HASH algorithm.
- C . The receiver will use the sender’s public key to calculate the generated data fingerprint and compare it with the received digital fingerprint.
- D . Digital fingerprint is also called information summary.
Which of the following is the username/password for the first login of the USG series firewall?
- A . Username admin Password Admin@123
- B . User name admin password admin@123
- C . User name admin Password admin
- D . User name admin Password Admin123
Which of the following is not an asymmetric encryption algorithm?
- A . DH
- B . MD5
- C . DSA _
- D . RSA
What is the port number of the SMTP protocol?
- A . 25
- B . 30
- C . 109
- D . 32
Which of the following options does not belong to the log type of the Windows operating system?
- A . Business log
- B . Application logs
- C . Security log
- D . System log
Which of the following is not part of the digital certificate?
- A . Public key
- B . Private key
- C . Validity period
- D . Issuer
Regarding NAT technology, which of the following descriptions is incorrect?
- A . In Huawei firewalls, source NAT technology refers to translating the source address in the IP header of the connection initiated.
- B . In Huawei firewall, Easy IP directly uses the public network address of the interface as the translated address, and there is no need to configure a NAT address pool.
- C . In Huawei firewall, NAT No-PAT technology needs to be implemented by configuring a NAT address pool.
- D . In Huawei firewall, the only NAT technology with port translation is NAPT.
Which of the following configurations can implement the NAT ALG function?
- A . nat alg protocol
- B . alg protocol
- C . nat protocol
- D . detect protocol
Bank A is a rural commercial bank that mainly provides financial services to users such as residents and rural industrial and commercial households within the jurisdiction of this province.
Currently, Bank A’s network needs to undergo a Class A Guarantee Assessment. Which of the following Class A Guarantee ratings is applicable to Bank A?
- A . Level 3 guaranteed level
- B . Level 1 equal protection
- C . Class 4 security protection and above
- D . Level 2 equal protection
In the TCP/IP protocol stack, which of the following protocols works at the application layer?
- A . ICMP
- B . IGMP
- C . RIP
- D . ARP
Which of the following information is not included in the backup content of status information backup in dual-system hot backup?
- A . NAPI related entries
- B . lPv4 session table
- C . IPSEC tunnel
- D . Routing table
Which of the following attacks is not a special message attack?
- A . ICMP redirect message attack
- B . ICMP unreachable message attack
- C . IP address scanning attack
- D . Oversized ICMP message attack
The attacker sends a SYN message with the same source address and destination address, or the source address is a loopback address, to the target host (the source port and destination port are the same), causing the attacker to send a SYN-ACK message to its own address.
What kind of attack does this behavior belong to?
- A . SYN flood attack
- B . TCP spoofing attack
- C . Smurf attack
- D . Land attack
Which of the following is not the default security zone of the firewall?
- A . Untrust Zone
- B . DMZ Zone
- C . Trust Zone
- D . ISP Zone
As shown in the figure, there are two Server Map entries generated after configuring NAT Server. Regarding the information presented in the figure, which of the following descriptions is incorrect?
*Type: Nat Server. ANY→1.1.1.1[192.168.1.1] Type: Nat Server Reverse. 192.168.1.1[1.1.1.1] →ANY
- A . The second Server Map function is that when 192.168.1.1 accesses any address, the source address will be converted to 1.1.1.1 after passing through the firewall.
- B . The function of the first Server Map is that when any address accesses 192.168.1.1, the destination IP will be converted to 1.1.1.1 after passing through the firewall.
- C . The Server Map with the Reverse logo can be deleted using the command.
- D . These two Server Map entries are static, that is, after the NAT Server is configured, the two Server Maps will be automatically generated and will exist permanently.
Which of the following options belongs to Layer 2 VPN technology?
- A . SSL VPN
- B . L2TP VPN
- C . GRE VPN
- D . IPsec VPN
The administrator connects to the firewall through the G1/0/0 interface (the interface has been added to the Trust zone). If the administrator is allowed to log in to the firewall through G1/0/0 for configuration management, how should the administrator configure the traffic allowed in the security policy? direction?
- A . Allow traffic from Trust Zone to Untrust Zone
- B . Allow traffic from Trust Zone to Local Zone
- C . Release traffic from Local Zone to Local Zone
- D . Allow traffic from Trust Zone to Trust Zone
Which of the following options is not a certificate saving file format supported by USG6000 series devices?
- A . PKCS#12
- B . DER
- C . PEM
- D . PKCS#
As shown in the figure, when using the Client – Initiated VPN method to establish an L2TP VPN, which of the following is the destination of the PPP packet?
- A . Access users
- B . LNS
- C . LAC
- D . Server
When the company network administrator configures dual-machine hot backup, configure the status of VRRP backup group 1 as Active, and configure the virtual IP address as 10.1.1.1/24, then the command that needs to be typed in the blank space is?
- A . rule name c
Source-zone untrust
Destination-zone trust
Destination-address 202.106.1.132
Action permit - B . rule name d
Source-zone untrust
Destination-zone trust
Destination-address 10.10.1.132
Action permit - C . security-policy
Rule name a
Source-zone untrust
Source-address 202.106.1.132
Action permit - D . rule name b
Source-zone untrust
Destination-zone trust
Source-address 10.10.1.1 32
Action permit
Which of the following types of firewalls has the highest processing efficiency when processing non-first packet data flows?
- A . Proxy firewall
- B . Packet filtering firewall
- C . Stateful Monitoring Firewall
- D . Software firewall
Which of the following measures can prevent IP spoofing attacks?
- A . Filter specific ports on the border firewall
- B . Set up a route to a specific IP on the border firewall
- C . Deploy target IP address filtering on the border router
- D . Source IP address filtering on the border firewall
What is the agreement number of the AH agreement?
- A . 50
- B . 51
- C . 55
- D . 52
Intrusion prevention equipment can effectively defend against which of the following attacks?
- A . Transport layer
- B . Application layer
- C . Network layer
- D . Physical layer
Some applications, such as Oracle database applications, have no data flow transmission for a long time, causing the firewall session connection to be interrupted, resulting in business interruption. Which of the following is the optimal solution?
- A . Configure a long connection for a certain business
- B . Enable ASPF function
- C . Optimize security policies
- D . Enable shard caching
Vulnerabilities, also called vulnerabilities, refer to defects and deficiencies in computer systems in specific matters of hardware, software, protocols, or system security policies.
Which of the following descriptions of vulnerability characteristics is incorrect?
- A . A vulnerability is a security risk that exposes computers to hacker attacks.
- B . The vulnerability can be exploited remotely.
- C . The vulnerability cannot be patched
- D . Vulnerabilities are unknown beforehand and discovered afterward.
Electronic evidence preservation is directly related to the legal validity of evidence. Only preservation that complies with legal procedures can ensure its authenticity and reliability. Which of the following is not an evidence preservation technology?
- A . Encryption technology
- B . Digital certificate technology
- C . Digital signature technology
- D . Message mark tracking technology
If there is an incident of foreign criminals using the Internet to steal our country’s national secrets, what kind of early warning will the country activate?
- A . Orange Alert
- B . Yellow Alert
- C . Blue Alert
- D . Red Alert
When configuring a GRE Tunnel interface, the Destination address generally refers to which of the following parameters?
- A . Local tunnel interface IP address
- B . Local external network export IP address
- C . Peer’s external network egress IP address
- D . Peer tunnel interface IP address
When a network security incident occurs, investigate intrusions, viruses or Trojans, and patch and strengthen the host.
Which stage of network security emergency response does the above action belong to?
- A . Recovery phase
- B . Detection phase
- C . Eradication phase
- D . Inhibition stage
Regarding IKE SA, which of the following descriptions is incorrect?
- A . IKE SA is two-way
- B . IKE is an application layer protocol based on UDP
- C . IKE SA serves IPsec SA
- D . The encryption algorithm used in user data packets is determined by IKE SA.