Which of the following devices can detect unknown malicious files transmitted in the network in a virtual environment?
A . eSight
B . LogCenter
C . FireHunter
D . WAF
Answer: C
In a dual-system hot-standby network, when configuring an HRP heartbeat interface, if the address of the peer heartbeat interface is specified, which of the following types of VGMP Hello packets are sent between firewalls?
In a dual-system hot-standby network, when configuring an HRP heartbeat interface, if the address of the peer heartbeat interface is specified, which of the following types of VGMP Hello packets are sent between firewalls?
A . Unicast message
B . Broadcast message
C . Multicast message
D . UDP packets
Answer: A
Which of the descriptions of the virtual system is incorrect?
Which of the descriptions of the virtual system is incorrect?
A . There are two types of virtual systems on the NGFW: root system and virtual system.
B . A special virtual system that exists by default on the NGFW is called the root system.
C . The logical devices that are divided and run independently on the NGFW are called virtual systems.
D . If the virtual system function is not enabled, the root system does not exist.
Answer: D
The following figure shows the application scenario of L2TP over IPSec. The client uses the pre-shared-key method for IPSec authentication. How should the IPSec security policy be configured on the LNS side? (Multiple choice)
The following figure shows the application scenario of L2TP over IPSec. The client uses the pre-shared-key method for IPSec authentication. How should the IPSec security policy be configured on the LNS side? (Multiple choice)
A . Negotiate using IKE v1 main mode
B . Negotiate using IKE v2
C . Configure IPSec security policy
D . Configure IPSec Policy Template
Answer: BD
When using the Radius server to authenticate users, it is necessary to configure the corresponding user name and password on both the Radius server and the firewall.
When using the Radius server to authenticate users, it is necessary to configure the corresponding user name and password on both the Radius server and the firewall.
A . TRUE
B . FALSE
Answer: B
Which of the following statements regarding the configuration of file share paths is correct?
If using SSL VPN to provide file sharing function, all files under the shared directory are visible to end users.
Which of the following statements regarding the configuration of file share paths is correct?
A . The format of SMB type resource is: //IP address (hostname)/shared folder. The SMB type resource path can be a multi-level shared folder directory.
B . The format of NFS type resource is: //IP address (hostname)/dir1/dir2/shared folder. An NFS type resource path can only have a first-level shared folder directory.
C . Select SMB for file sharing resources under Windows system.
D . Select SMB for file sharing resources under Linux system.
Answer: C
When configuring the IPSec VPN certificate authentication method, if you choose the "RSA signature" authentication method, which of the following steps need to be configured? (Multiple choice)
When configuring the IPSec VPN certificate authentication method, if you choose the "RSA signature" authentication method, which of the following steps need to be configured? (Multiple choice)
A . Upload the CA certificate
B . Upload the local certificate
C . Upload the peer device certificate
D . Create a public-private key pair for the local device
Answer: ABC
After completing the configuration of intelligent routing, it is found that the traffic is not forwarded according to the configuration. What measures can the administrator take? (Multiple choices)
After completing the configuration of intelligent routing, it is found that the traffic is not forwarded according to the configuration. What measures can the administrator take? (Multiple choices)
A . Reconfigure the intelligent routing strategy
B . Wait for the session table to age
C . Manually clear session table information through the command line reset firewall session table
D . Submit the configuration for it to take effect
Answer: BC
Which of the following information is included in the main mode negotiation process in the first phase of IKE v1 negotiation? (Multiple choice)
Which of the following information is included in the main mode negotiation process in the first phase of IKE v1 negotiation? (Multiple choice)
A . IKE Proposal Set
B . IPSec Proposal Set
C . DH key exchange public information
D . Identity information of both parties
Answer: ACD
In the IDC room, a Huawei USG6000 series firewall can be used to divide into several virtual systems, and then the root firewall administrator can generate virtual system administrators to manage each virtual system.
In the IDC room, a Huawei USG6000 series firewall can be used to divide into several virtual systems, and then the root firewall administrator can generate virtual system administrators to manage each virtual system.
A . TRUE
B . FALSE
Answer: A