Try HCIP-Security-CSSN V3.0 H12-722_V3.0 Practice Exam Questions

test2022-07-06T06:30:41+00:00

By test H12-722_V3.0 free dumps, H12-722_V3.0 Practice Exam Questions, HCIP-Security-CSSN V3.0 0 Comments

H12-722_V3.0 HCIP-Security-CSSN V3.0 exam is one of the three required exams to achieve the HCIP-Security Certification. You’ve come to the right site if you’re studying for the H12-722_V3.0 exam and want to get ahead. Our professional IT experts prepared H12-722_V3.0 Practice Exam Questions, which includes the most recent exam questions and answers. FreeTestShare offers a free H12-722_V3.0 Practice Exam Questions to demonstrate the dump validity. To assist you in making the best purchasing decision, the H12-722_V3.0 Practice Exam thoroughly describes what you will get in the HCIP-Security-CSSN V3.0 exam.

To check how prepared you are, take a free H12-722_V3.0 practice exam right now!

Page 1 of 6

1. In the cloud data center scenario, the USG6000V can implement security inspection of east-west traffic for mutual access within the same VPC.

TRUE

FALSE

2. Which of the following descriptions about the defense principle of UDP Flood is wrong?

Many UDP Floods with variable sources and ports will reduce the performance of network devices that rely on session forwarding or even exhaust the sessions, resulting in network paralysis.

Since the current limiting technology itself cannot distinguish between normal forwarding packets and attack packets, this technology cannot prevent UDP flood attacks.

UDP Flood attacks can consume network bandwidth resources and cause link congestion in severe cases.

UDP finger twist learning can defend against UDP flood attack.

3. Huawei NIP6000 can form two interfaces of the same type into an interface pair, and the traffic entering from one interface is fixedly forwarded from the other interface, and there is no need to query the MAC address table.

TRUE

FALSE

4. Virtual firewalls can only be deployed on mainstream virtualized cloud platforms.

True

False

5. Which of the following supports a variety of hotlink identification algorithms and can effectively solve information theft such as single-source hotlinking, distributed hotlinking and malicious website data theft, to ensure that website resources can only be accessed through this site?

WAF

Firewall

Anti-DDoS

IPS

6. Declare a large content-Length value of C in the Post message, but the body length of the message sent each time is very small, and the server will think that the attacker has subsequent messages to send. The attacker sends a message with a small body length every time to achieve the purpose of keeping the server connected all the time.

What kind of WEB attack principle is described above?

HTTP Flood

CC Slow Header

XSS reflection attack

CC Slow Post

7. Security threats are evolving from pure network threats to application and data security threats. Which of the following are content security threats? (Multiple choice)

Anti-DDos

Viruses

Overflow attack

Overflow Attack Spam

8. If external network users (the security zone in which the Untrust is located) are allowed to access the intranet server (the security zone in which the security zone is located is the DMZ), the destination security zone selected when configuring the security policy is ( ).

DMZ

9. Which of the following threats does the Huawei NIP intrusion prevention device support? (Multiple choice)

Web Application Protection

Malware Control

Client Protection

Virtual Patching

10. Gratuitous ARP can be used to detect ( ) whether the address conflicts, and it can also refresh the switch MAC address table.

Page 2 of 6

11. File filtering is a security mechanism for filtering files based on file types. Which of the following descriptions about file filtering usage restrictions is wrong?

No file type filtering is performed when downloading image files.

The file filtering feature supports IPv4 and IPv6.

File type filtering is required for files that are resumed from a breakpoint.

The file filtering technology can filter the decompressed content. By setting different decompression layers, Fw can monitor and process multiple compressed or super-compressed files.

12. Which of the following descriptions about usage restrictions in IAE global configuration is wrong?

The setting value of the maximum number of decompression layers will not affect the detection results of anti-virus, file filtering and content filtering functions

For a single compressed file, the default detection timeout is 10 seconds. When a multi-layer compressed file containing RAR or ZIP format is detected through the full-text scanning mode, if the detected compressed file is too large, the detection timeout will occur and it will be released directly.

By default, the FW allows HTTP or FTP protocol to resume file transfer traffic

The URL remote query function is controlled by the URL remote query license

13. Which of the following descriptions about anti-virus gateways based on flow scanning is correct?

Higher detection rate than agent-based scanning

Can support decompression operation

Can support packing operation

High performance and low overhead

14. ( ) is a defect in the specific implementation of hardware, software, protocol or system security policy, which can enable attackers to access or destroy the system without authorization.

Vulnerability

15. Drag the steps of electronic forensics on the left into the box on the right, and arrange them from top to bottom in the order of execution.

16. HTTP Slow Post is a traffic-based DoS attack.

TRUE

FALSE

17. Through proxy scanning, Huawei firewalls can transparently transfer data packets that need virus detection to its own protocol stack, and then the firewall's own protocol stack caches all files before sending them to the virus detection engine for virus detection.

TRUE

FALSE

18. ( ) Heuristic sandbox, which simulates the IE browser environment, completely de-obfuscates the page, classifies WEB files through machine learning, performs Shellcode detection on the binary content generated during the browsing process, and detects in real time the various changes in the page execution process. a dangerous behavior. (full English, uppercase)

WEB

19. For HTTP flood, the client can be authenticated by HTTP source authentication. Which of the following is not a source authentication method supported by the Anti-DDos system?

Enhanced Mode (Captcha Authentication)

Basic Mode (META Refresh)

HTTP 302 Redirect Mode

TCP connection reset mode

20. Which type of attack is by sending a large number of defective packets, causing the host or server to crash when processing such packets?

Special control packet attack

Malformed Packet Attack

Illegal Access Attacks

Scanning attacks

Page 3 of 6

21. Which of the following methods does the Anti-DDos system conduct traffic diversion? (Multiple choice)

Static route diversion

BGP drainage

GRE Drainage

Policy-based routing

22. In the cloud-network-integration scenario, what are the northbound interfaces used by the VNGFW? (Multiple Choice)

NETCONF

SNMP

OpenFlow

BGP-LS

23. The following URL: www.exanple.com/sport/cn/index.php? 1ang-zh, where 1ang-zh belongs to ( ) in the URL. (full English, lowercase)

query

24. The Anti-DDos box-type device with single CPU can work in detection mode for some interfaces and in cleaning mode for some interfaces.

TRUE

FALSE

25. Which of the following descriptions about the WAF transparent proxy deployment mode are correct? (Multiple Choice)

In this mode, WAF can still detect HTTP header content

Attack blocking cannot be performed in transparent proxy mode

In the clear proxy mode, WAF can only function as layer 2 forwarding, and cannot detect IP and application layer content

In this mode, the WAF will establish a TCP connection with the client

26. Which of the following descriptions about Huawei FireHunter products are correct? (Multiple Choice)

Firelunter adopts a multi-layered malicious file behavior detection mechanism to detect potential attacks in time.

FireHunter narrows down suspicious files through static analysis.

FireHunter uses intelligent behavioral analysis to identify threats.

FireHunter only supports WEB scenarios to display threats, including threat dissemination information and presentation of threats.

27. Which of the following descriptions about the Anti-DDos system is wrong?

The management center mainly completes the processing of attack events, controls the traffic diversion strategy and cleaning strategy of the cleaning center, and classifies and views various attack events and attack traffic, and generates reports.

The detection center is mainly responsible for the detection and analysis of network traffic.

The main function of the cleaning center is to detect and analyze the DDos attack traffic on the mirrored or split traffic, and provide the analysis data to the management center for judgment.

Anti-DDoS defense system adopts B/S architecture, which is simple and convenient to operate. It can complete business management and monitoring without installing client software. It is suitable for customers to deploy multiple detection and cleaning equipment in multiple regions. Centralized management of equipment.

28. Which of the following descriptions about WAF in-depth security protection technology is wrong?

Although WAP detects round-trip traffic, it is based on a 4-layer protection technology and cannot detect application layer content.

In-depth security protection technology consists of two parts, blacklist feature detection technology and protocol reorganization detection technology.

The blacklist collection detection technology realizes security protection through the collection database matching technology.

In the protocol reassembly detection, WAF can cache all the fragments of the data packet before detection.

29. Analysis is the core function of intrusion detection. Which of the following are the advantages of misuse detection analysis model? (Multiple choice)

Effective detection of impersonation detection of legitimate users.

Be able to identify intrusion behaviors and prompt preventive methods.

No special operating system defect signature library is required.

Detects all known intrusions.

30. In the Huawei cloud-network integration solution, which of the following descriptions about the USG6000V as a tenant boundary security control point is wrong?

It can realize the security detection of north-south traffic

Can be used as SNAT device

Enables border protection between VPCs

Unable to implement traffic security detection for mutual access between different network segments within the same VPC

Page 4 of 6

31. Which of the following descriptions about the concept of intrusion prevention is wrong?

Intrusion prevention is a security mechanism that detects intrusion behaviors (including buffer overflow attacks, Trojan horses, worms, etc.) by analyzing network traffic.

Intrusion prevention can perform protocol analysis and detection on network data flow reorganization, but cannot detect the content of the application layer of packets

Intrusion prevention is a new security defense technology that can both discover and prevent intrusions

Intrusion prevention can not only prevent attacks from outside the enterprise, but also prevent attacks from within the enterprise

32. When the firewall works in bypass detection mode, the firewall can only detect the traffic. When abnormal traffic is detected, it will only generate abnormal traffic logs, and will not forward or process the traffic.

True

False

33. Which of the following descriptions about the big data intelligent security analysis platform is wrong?

Data collection includes log collection and raw traffic collection. Flow probes are responsible for log collection.

In the process of data processing, correlation analysis mainly discovers effective attacks by mining the correlation and temporal relationship between events.

Traffic Baseline Anomaly Detection Add self-learning and user-defined Meteor baselines into memory, and conduct online statistics and analysis of Meteor data. Once the network behavior deviates from the traffic baseline, abnormal events will be output.

Threat Judgment Correlates, evaluates, and judges multiple anomalies to generate advanced threats, and provides data for threat monitoring and attack link visualization.

34. In order to improve forwarding efficiency, WAF will directly release which of the following file types?

asp

png

jsp

php

35. In Anti-DDoS, the role of the cleaning center is to pull and clean the attack traffic according to the control strategy of the security management center, and inject the cleaned normal traffic back to the customer network and send it to the real destination. Which of the following methods are supported when implementing traffic re-injection? (Multiple choice)

Route re-injection

VPN re-injection

Policy route re-injection

Layer 2 re-injection

36. Which of the following options is supported for exception signatures but not supported by signature filters?

Alert

Blocking

Add blacklist

release

37. Intrusion prevention is a security mechanism. Which of the following description about the comparison between IPS and traditional IDS is wrong?

IDS is a security function focused on risk management

IDS devices can only passively detect attacks on protected targets, while IPS is an active intrusion prevention and prevention system

IPS is a security function that focuses on risk control

Traditional IDS and intrusion prevention devices can effectively defend against application-layer attacks, but the false positives and false negatives are too high

38. RFC (Request For Comment) 1918 reserves 3 IP addresses for private use, namely 10.0.0.0-10.255.255.255, ( ), 192.168.0.0-192.168.255.255

172.16.0.0-172.31.255.255

39. Which of the following cleaning solutions is realized through local ATIC combined with cloud services?

SLB

CDN Network

Smart DNS

Cloud traffic cleaning

40. Which of the following DDos attack types can be prevented by current limiting technology?

SYN Flood

ICMP Flood

HTTP Flood

DNS Flood

Page 5 of 6

41. In the Huawei user management solution, the administrator has set two authentication policy rules on the firewall. When the attributes of the data flow do not match any of the rules, which of the following actions will the firewall perform?

Portal authentication for data flow

No authentication for data flow

SMS authentication for data flow

Authentication-free data flow

42. Which of the following is not included in the predefined actions of the signature?

to block

Alert

release

Redirect

43. If internal employees access the Internet through the firewall and find that they cannot connect to the Internet normally, what viewing commands can be used on the firewall to troubleshoot the interface, security zone, security policy and routing table? (Write any viewing command, requirements: command line Words must be complete to receive credit, and cannot be omitted or abbreviated)

display ip routing- table display zone

44. Which of the following is not a matching method for URLs?

Fuzzy matching

Exact matching

Prefix matching

Suffix matching

45. FireHunter is a high-performance APT threat detection system launched by Huawei. It uses multi-engine virtual detection technology and traditional security detection technology to identify malicious files and C&C attacks transmitted in the network. It makes up for the shortcomings of traditional security equipment based on feature detection technology, and effectively avoids the spread of unknown threat attacks.

TRUE

FALSE

46. Huawei USG6000V series is a virtual integrated service gateway based on NFV architecture, with high utilization of virtual resources, and resource virtualization technology only supports a small number of multi-tenant joint use.

True

False

47. When the IPS device is serially deployed in the network, which of the following commands should be configured under the interface of the IPS connecting the upstream and downstream devices?

detect-mode span

detect-mode bridge

detect-mode tap

detect-mode inline

48. The following content security filtering related configurations exist on the NGFW:

Which of the following descriptions is correct? (Multiple choice)

The application behavior control profile profile_appc restricts the user's HITP file upload function

The HITP file upload function from the DMZ zone to the Untrust zone is not affected by this policy

An application behavior control configuration file is called in the security policy policy1

The application behavior control profile profile_appc restricts the user's HTTP browsing behavior

49. Which of the following describes the characteristics of a Trojan horse?

Can copy itself.

The main function is to destroy the file system.

is parasitic.

The trigger mechanism is through the program itself.

50. Source authentication is one of the most used means to defend against HTTP floods. Which of the following is not a mode of source authentication defense?

Scheduled restart

META refresh

Verification code authentication

Redirect

Page 6 of 6

51. When the IPS device is deployed in the network in bypass mode, it can also block the attack connection.

TRUE

FALSE

52. Huawei USG6000 series firewalls support different response actions for different protocols. What are the response actions for the SMTP protocol? (Multiple choice)

Alert

Delete attachments c. to block

to declare

53. Which of the following descriptions about the application scenarios of intrusion prevention equipment is wrong?

In the Internet border scenario, it is usually deployed at the back end of the egress firewall or router, and running to access network

In the IDC scenario, only a single machine can be deployed in the IDC server group to protect data security

It can police the network boundaries of different branches of the intranet of large and medium-sized enterprises, divide the intranet into multiple areas with different security levels, and achieve the requirements of risk isolation and security management and control between areas

It can be bypassed and deployed in the network to monitor the network security status

54. In HUAWEI CLOUD data center SDN network solution, the USG6000V cannot protect the east-west traffic between one network segment of the same VPC intranet.

True

False

55. To prevent leaking the web server version, WAF can remove the ( ) header in the HTTP Response. (English, first letter capitalized)

server

56. When content security filtering technology fails, which of the following aspects can be considered to deal with the failure? (Multiple choice)

Whether the license is valid

Whether the security profile is hit

Whether the configuration is submitted

Need to reconnect