Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

Note! Following H12-731_V2.0 Exam is Retired now. Please select the alternative replacement for your Exam Certification.

H12-731_V2.0 HCIE-Security (Written) V2.0 Questions and Answers

Questions 4

The following describes how the intrusion prevention signature database is upgraded Which is wrong which n single selection)

Options:

A.

Local upgrade methods include scheduled upgrade and immediate upgrade.

B.

Online upgrade methods include scheduled upgrade and immediate upgrade.

C can be upgraded locally to the feature database.

C.

You can upgrade the special library by upgrading in Lee.

Buy Now
Questions 5

End devices and users must authenticate and authorize before they can access the post-authentication domain.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 6

The following is a description of the trapping technique The correct ones are which women's multiple choices).

Options:

A.

If the attacker cannot notice the fake service provided by the honeypot, the capture efficiency of the honeypot is relatively low

B.

Honeypot technology is to absorb the network by deploying some king machines as bait Trick attackers into attacking them This allows attacks to be captured and analyzed

C.

Discuss the access layer switch equipment as honeypot equipment

D.

The honeypile can only passively wait for the attacker to attack

Buy Now
Questions 7

A description of the following IPv6 Secure Neighbor Discovery feature information for one of the interfaces Which one is wrong?

Options:

A.

The minimum key length that the interface can accept is 512

B.

The maximum key length that the interface can accept is 2048

C.

The interface does not have strict security mode enabled

D.

The security level of the CGA address is 1

Buy Now
Questions 8

What are the common database intrusion detection techniques? (Multiple selection)

Options:

A.

Intrusion detection technology based on known attack behaviors

B.

Intrusion detection technology based on data mining

C.

Statistical-based intrusion detection technology

D.

Intrusion detection technology based on pattern matching

Buy Now
Questions 9

Broiler chickens Also known as a zombie, it usually refers to a machine that can be controlled remotely by hackers and is often used in DDOS attacks.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 10

Take the following description of safety measures Which one is wrong? (single selection).

Options:

A.

Security audit can identify risks by analyzing threat logs

B.

Security audit is usually divided into database audit, behavior audit and operation and maintenance audit

C.

Security audit is generally a post-event audit, because permission management and authorization are the core of security audit

D.

B/S architecture model and C/S class of database audit Implement a two-layer (presentation layer, data access layer) architecture

Buy Now
Questions 11

What are the logical/technical access controls in the following equation? (multiple selection).

Options:

A.

Access control list

B.

Camera

C.

Encryption

D.

Employment Guidelines

Buy Now
Questions 12

Huawei's network security intelligence system CIS can only be linked with which of the following devices to block viruses?

Options:

A.

Firewall

B.

Agile Controller-Campus

C.

SecoManager

D.

AgileController-DCN

Buy Now
Questions 13

Which data security is the purpose of data watermark traceability?

Options:

A.

Collection security

B.

Transport security

C.

Storage security

D.

Exchange security

Buy Now
Questions 14

Which of the following is wrong about Huawei's approach to business security resilience? (single selection).

Options:

A.

Achieve active security through correlation analysis and collaborative joint defense.

B.

Abandon the traditional passive cyber threat defense mode and achieve security resilience with business as the center.

C.

Use Al technology to compensate for the lag of threat defense.

D.

Active security and passive defense through the department Protect against attacks at all stages of the cyber attack chain.

Buy Now
Questions 15

The significance of information security standards is to provide an overall level of security Optimize security resource allocation (single selection).

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 16

In the Anh-DDos system What are the functions that ATIC can complete as a management center? (multiple selection).

Options:

A.

reports an exception

B.

Policy discipline

C.

Report management

D.

Clean the flow

Buy Now
Questions 17

The following describes the role of logs Which one is wrong? (single selection).

Options:

A.

Attack traceability

B.

Log storage

C.

Virus blockade

D.

O&M failure analysis

Buy Now
Questions 18

Which of the following items is not part of the firewall dual-machine hot standby ES-induced check is small

Options:

A.

Whether the address set configuration is the same

B.

Whether the IP addresses of the interfaces are consistent

C.

Whether the service set configuration is the same

D.

Whether the security policy configuration is the same

Buy Now
Questions 19

A VPCA and VPCB are created under a virtual data center VDC, and host A (192.168.1.100/24) is applied for in the VPCA Filed Host B (1921682100/24). Now configure VPC access Create a virtual firewall security policy as follows:

Security-policy

Source-zone any

destination-zone any

source-address 192.168.2.100 32

destination-address 192.168.1.100 32

action permit

Which of the following statements is correct?

Options:

A.

A and B cannot visit each other

B.

Only A is allowed to access B

C.

A and B are able to visit each other

D.

Only B is allowed to visit A

Buy Now
Questions 20

In the enterprise network, the source IP address and the destination IP address need to be translated at the same time, and there is no fixed mapping relationship before and after the destination IP address translation The following USC firewall features which combined can buy cash out less demand

Options:

A.

Static mapping

B.

Static destination NAT

C.

Dynamic destination NAT

D.

Source NAT

Buy Now
Questions 21

Which of the following options is not included in the data theft phase of HiSec Insight?

A Ping Tunnel detection

B. DNS Turnel detection

C. Traffic base anomaly detection

D. Web anomaly detection

Options:

Buy Now
Questions 22

In the following description of the principles of network trapping defense, which are correct? (multiple selection).

Options:

A.

Installing threats against network weapons, network trapping defense technology, can use deception to make the attack execute special commands in the trapping system

B.

In the face of viruses, worms, WebShell these weaponized attack methods, can use misleading methods to make the attack traffic be diverted to trap probe O

C.

For the detection behavior in the early stage of the attack, you can use deception to burst into defense. By creating various traps to mislead the attacker. Cause attackers to misunderstand the network structure, attack targets, and vulnerabilities.

D.

Network trapping technology can disguise the actual business and vulnerabilities to mislead the attacker, so that the attacker can infiltrate the trapping system.

Buy Now
Questions 23

Due to the presence of a large number of decoys in the network Attackers will be caught up in an online world where the real is indistinguishable. Attackers often need to spend a lot of time to distinguish the authenticity of information, thereby delaying the attacker's network attack, giving defenders more response time, and reducing the possibility of attackers attacking real systems.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 24

On the principle of defense against trapping Which of the following is described as incorrect=

Options:

A.

By deceiving network detection activities, fake resources are displayed, so that attackers cannot discover real system information and vulnerabilities

B.

Interact with the attack campaign to confirm the intent and discover the attacker before the breach occurs

C.

Trapping systems discover and block attacker attacks

D.

Interference Attack Gathering System Information diaphragmatic weakness determination" process, inducing the attacker to expose the intention

Buy Now
Questions 25

With the following description of network scanning defense technology, which is correct? (single selection).

Options:

A.

For port scanning, you can defend by setting the value of the access frequency bureau.

B.

If the access frequency is set too high More false positives will be generated, blocking normal access traffic.

C.

If the rate at which its source IP accesses other protected addresses or ports exceeds the set access frequency threshold, this behavior is regarded as scanning behavior And add the purpose to the blacklist to block scan

D.

If the frequency of the set direction is too low The scanning behavior is not recognized.

Buy Now
Questions 26

in the architecture of software-defined security Which of the following feature descriptions is correct?

Options:

A.

Security resources that can be pooled with features Security functions can be divided and combined, and elastically scalable

B.

The functional interface should provide northbound API interfaces to meet the requirements of flexible service configuration

C.

The security resource pool that carries the security business function can be a hardware resource pool or a software resource pool

D.

Need to provide rich security functions to meet the needs of the business

Buy Now
Questions 27

One of the reasons why traditional passive defense does not protect against APT attacks is that traditional defense methods cannot correlate and analyze threats.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

In the first half of 2021 alone, there were 944 data breaches that resulted in 3.3 billion data records being compromised. Organizations must follow the principle of which of the following options to keep data safe at all times.

Options:

A.

in the file system Data at rest is protected on the database through storage technology

B.

Check database backups regularly

C.

Protection of data in use when using or processing data

D.

Protect data in transit as it travels across the network

Buy Now
Questions 29

The guarantee of information security does not need to be fully integrated with business implementation, because information security will increase the complexity of the network and reduce the efficiency of business processing. (single selection).

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 30

Which is the correct order for IPS to process traffic? (single selection).

Options:

A.

Data reorganization, > characteristic matching, > application identification, > corresponding processing

B.

Corresponding processing, data reorganization, > trait matching, application identification

C.

Corresponding treatment, characteristics matching. Application identification, data reorganization

D.

Data reorganization. App recognition. Trait matching. Deal accordingly

Buy Now
Questions 31

Which of the following options does not reflect the advanced characteristics of APT attacks? (single selection).

Options:

A.

Sending API attacks generally requires the power of large organizations

B.

API attacks follow the course of the cyber attack chain

C.

API attacks are generally more invisible Hide attacks by encrypting channels, for example

D.

Zero-day vulnerabilities are used in API attacks

Buy Now
Questions 32

The purpose of access control is to provide access to authorized subjects and prevent any unauthorized and intentional access.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 33

Which of the following health check descriptions is correct? (Selection)

Options:

A.

You do not need to configure a security policy to allow health check packets.

B.

The outbound interface of the probe message does not need to be fixed

C.

After specifying the junction of the link health check The outgoing interface of the health probe packet can be consistent with the incoming interface of the response packet.

D.

When configuring the protocol and port of the health check, check whether the corresponding protocol and port are enabled on the peer side.

Buy Now
Questions 34

The following describes the implementation of server IP address planning in the firewall server load balancing function, which are the correct items? (multiple selection).

Options:

A.

It cannot be the same as the virtualization server address

B.

It cannot be the same as the address of other servers on the Internet

C.

It cannot be the same as the IP address of the server

D.

Cannot be intertwined with the outgoing IP address of the FW

Buy Now
Questions 35

The main role of the audit system is to audit security events after the fact To provide sufficient evidence, a security audit product must have which of the following features7

Options:

A.

Protect the security of user communications and the integrity of data, and prevent malicious users from intercepting and tampering with data It can fully protect users from malicious damage during operation

B.

It can provide fine-grained access control to maximize the security of user resources

C.

It provides centralized management of all server and network device accounts, which can complete the monitoring and management of the entire life cycle of the account

D.

It can automatically display the user's operation process and monitor the user's every behavior Determine whether the user's behavior poses a danger to the internal network security of the enterprise

Buy Now
Questions 36

Data storage security is part of the customer's overall security program It is also an important part of data center security and organizational security. Which of the following options is important to keep your data storage secure?

Options:

A.

Encrypted storage of data

B.

Ensure data integrity

C.

Data Backup and Recovery

D.

Protection against data destruction

Buy Now
Questions 37

Domain name information collection is the first step in technical means information collection Domain name information can be collected through a domain name lookup website such as hois (single selection).

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 38

Verify user-provided data in the form of whitelists or blacklists, and construct SQL sentences So that user-supplied data cannot affect the logic of the statement This protects against SQL injection attacks.

Options:

A.

TRUE

B・ FALSE

Buy Now
Questions 39

If the database O&M workload is much greater than the host O&M workload, you can choose to have an independent department outside the original O&M bastion host

The database bastion host.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 40

In Huawei's user management solution, which of the following descriptions of authentication triggers are correct? (multiple selection).

Options:

A.

The ways to trigger authentication for access users are: L2TPVPN, IPSecVPN, SSL VPN, etc

B.

Exemption from authentication can be done without entering a username and password Complete the certification and visit the network resources.

C.

Portal authentication refers to the portal authentication page provided by the firewall or third-party server to authenticate users.

D.

Single sign-on refers to the firewall as an authentication point After the user completes authentication, they can go online on the firewall

Buy Now
Questions 41

Hypothetical has a set of raw data as follows: ・10, 20. 30. 40, 50" The set of data was desensitized by randomly swapping the position of the data, and the desensitized data was: ・30 20. 50. 10. 40\Which of the following algorithms is used in this data masking method? (single selection).

Options:

A.

AV hash

B.

Change

C.

Load break

D.

Noise

Buy Now
Exam Code: H12-731_V2.0
Exam Name: HCIE-Security (Written) V2.0
Last Update: Jul 19, 2024
Questions: 276