H12-722 Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0) Questions and Answers

Unable to detect new types of worms

The process of trying to log in to the system is recorded

Use Ping to perform network detection and be alerted as an attack

Web-based attacks are not detected by the system

UDP fingerprint learning

Associated defense

current limit

First packet discarded

It is mainly used for real-time monitoring of the information of the critical path of the network, listening to all packets on the network, collecting data, and analyzing suspicious objects

Use the newly received network packet as the data source;

Real-time monitoring through the network adapter, and analysis of all communication services through the network;

Used to monitor network traffic, and can be deployed independently.

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

Patching the system can completely solve the virus intrusion problem

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

All computer viruses must be parasitic in files and cannot exist independently

True

False

Complete virus sample

Complete Trojan Horse

Specific behavior patterns

Security Policy

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

True

155955cc-666171a2-20fac832-0c042c0414

False

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

Configure drainage and re-injection on the testing equipment.

Configure port mirroring on the cleaning device.

Add protection objects on the management center.

Configure drainage and re-injection on the management center.

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

Only packets in one direction pass through the firewall

The same message passes through the firewall multiple times

IPS underreporting

Excessive traffic causes the Bypass function to be enabled

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .

Rely on state detection technology and protocol analysis technology

The performance is higher than the agent-based method

The cost is smaller than the agent-based approach

The detection rate is higher than the proxy-based scanning method

True

False.

Warning

Block

Declare

Operate by weight

Fraggle and Smurt

Land and Smurf

Fraggle and Land

155955cc-666171a2-20fac832-0c042c0423

Teardrop and Land35

Virtual patch

Mail detection

SSL traffic detection

Application identification and control

Cannot control the number of received email attachments

When the spam processing action is an alert, the email will be blocked and an alert will be generated

You can control the size of the attachment of the received mail

Cannot perform keyword filtering on incoming mail

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

The file filtering configuration file is not referenced in the security policy

File filtering configuration file is incorrect

License is not activated.

The action configuration of the file extension does not match is incorrect