H12-731_V2.0 HCIE-Security (Written) V2.0 Questions and Answers

Local upgrade methods include scheduled upgrade and immediate upgrade.

Online upgrade methods include scheduled upgrade and immediate upgrade.

C can be upgraded locally to the feature database.

You can upgrade the special library by upgrading in Lee.

TRUE

FALSE

If the attacker cannot notice the fake service provided by the honeypot, the capture efficiency of the honeypot is relatively low

Honeypot technology is to absorb the network by deploying some king machines as bait Trick attackers into attacking them This allows attacks to be captured and analyzed

Discuss the access layer switch equipment as honeypot equipment

The honeypile can only passively wait for the attacker to attack

The minimum key length that the interface can accept is 512

The maximum key length that the interface can accept is 2048

The interface does not have strict security mode enabled

The security level of the CGA address is 1

Intrusion detection technology based on known attack behaviors

Intrusion detection technology based on data mining

Statistical-based intrusion detection technology

Intrusion detection technology based on pattern matching

TRUE

FALSE

Security audit can identify risks by analyzing threat logs

Security audit is usually divided into database audit, behavior audit and operation and maintenance audit

Security audit is generally a post-event audit, because permission management and authorization are the core of security audit

B/S architecture model and C/S class of database audit Implement a two-layer (presentation layer, data access layer) architecture

Access control list

Camera

Encryption

Employment Guidelines

Firewall

Agile Controller-Campus

SecoManager

AgileController-DCN

Collection security

Transport security

Storage security

Exchange security

Achieve active security through correlation analysis and collaborative joint defense.

Abandon the traditional passive cyber threat defense mode and achieve security resilience with business as the center.

Use Al technology to compensate for the lag of threat defense.

Active security and passive defense through the department Protect against attacks at all stages of the cyber attack chain.

TRUE

FALSE

reports an exception

Policy discipline

Report management

Clean the flow

Attack traceability

Log storage

Virus blockade

O&M failure analysis

Whether the address set configuration is the same

Whether the IP addresses of the interfaces are consistent

Whether the service set configuration is the same

Whether the security policy configuration is the same

A and B cannot visit each other

Only A is allowed to access B

A and B are able to visit each other

Only B is allowed to visit A

Static mapping

Static destination NAT

Dynamic destination NAT

Source NAT

Installing threats against network weapons, network trapping defense technology, can use deception to make the attack execute special commands in the trapping system

In the face of viruses, worms, WebShell these weaponized attack methods, can use misleading methods to make the attack traffic be diverted to trap probe O

For the detection behavior in the early stage of the attack, you can use deception to burst into defense. By creating various traps to mislead the attacker. Cause attackers to misunderstand the network structure, attack targets, and vulnerabilities.

Network trapping technology can disguise the actual business and vulnerabilities to mislead the attacker, so that the attacker can infiltrate the trapping system.

TRUE

FALSE

By deceiving network detection activities, fake resources are displayed, so that attackers cannot discover real system information and vulnerabilities

Interact with the attack campaign to confirm the intent and discover the attacker before the breach occurs

Trapping systems discover and block attacker attacks

Interference Attack Gathering System Information diaphragmatic weakness determination" process, inducing the attacker to expose the intention

For port scanning, you can defend by setting the value of the access frequency bureau.

If the access frequency is set too high More false positives will be generated, blocking normal access traffic.

If the rate at which its source IP accesses other protected addresses or ports exceeds the set access frequency threshold, this behavior is regarded as scanning behavior And add the purpose to the blacklist to block scan

If the frequency of the set direction is too low The scanning behavior is not recognized.

Security resources that can be pooled with features Security functions can be divided and combined, and elastically scalable

The functional interface should provide northbound API interfaces to meet the requirements of flexible service configuration

The security resource pool that carries the security business function can be a hardware resource pool or a software resource pool

Need to provide rich security functions to meet the needs of the business

TRUE

FALSE

in the file system Data at rest is protected on the database through storage technology

Check database backups regularly

Protection of data in use when using or processing data

Protect data in transit as it travels across the network

TRUE

FALSE

Data reorganization, > characteristic matching, > application identification, > corresponding processing

Corresponding processing, data reorganization, > trait matching, application identification

Corresponding treatment, characteristics matching. Application identification, data reorganization

Data reorganization. App recognition. Trait matching. Deal accordingly

Sending API attacks generally requires the power of large organizations

API attacks follow the course of the cyber attack chain

API attacks are generally more invisible Hide attacks by encrypting channels, for example

Zero-day vulnerabilities are used in API attacks

TRUE

FALSE

You do not need to configure a security policy to allow health check packets.

The outbound interface of the probe message does not need to be fixed

After specifying the junction of the link health check The outgoing interface of the health probe packet can be consistent with the incoming interface of the response packet.

When configuring the protocol and port of the health check, check whether the corresponding protocol and port are enabled on the peer side.

It cannot be the same as the virtualization server address

It cannot be the same as the address of other servers on the Internet

It cannot be the same as the IP address of the server

Cannot be intertwined with the outgoing IP address of the FW

Protect the security of user communications and the integrity of data, and prevent malicious users from intercepting and tampering with data It can fully protect users from malicious damage during operation

It can provide fine-grained access control to maximize the security of user resources

It provides centralized management of all server and network device accounts, which can complete the monitoring and management of the entire life cycle of the account

It can automatically display the user's operation process and monitor the user's every behavior Determine whether the user's behavior poses a danger to the internal network security of the enterprise

Encrypted storage of data

Ensure data integrity

Data Backup and Recovery

Protection against data destruction

TRUE

FALSE

TRUE

B・ FALSE

TRUE

FALSE

The ways to trigger authentication for access users are: L2TPVPN, IPSecVPN, SSL VPN, etc

Exemption from authentication can be done without entering a username and password Complete the certification and visit the network resources.

Portal authentication refers to the portal authentication page provided by the firewall or third-party server to authenticate users.

Single sign-on refers to the firewall as an authentication point After the user completes authentication, they can go online on the firewall

AV hash

Change

Load break

Noise