H12-722 Exam Dumps - Huawei Certified ICT Professional - Constructing Service Security Network (HCIP-Security-CSSN V3.0)

Block

Declare

Alarm

Execution

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

DF bit is 0, and Fragment Offset + Length> 65535.

The DF bit is 1, and Fragment Ofset + Length <65535.

The firewall is a bypass device, used for fine-grained detection

IDS is a straight line equipment and cannot be used for in-depth inspection

The firewall cannot detect malicious operations or misoperations by insiders

IDS cannot be linked with firewall

www file

PE file

Picture file

Mail

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

IPS is an intrusion detection system that can block real-time intrusions when found

IPS unifies IDS and firewall

IPS must use bypass deployment in the network

Common IPS deployment modes are in-line deployment,

1-3-4-2-5-6-7-8

1-3-2-4-6-5-7-8

1-3-4-2-6-5-8-7

1-3-24-6-5-8-7

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

True

False

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

The virus detection system cannot directly detect compressed files

The anti-virus engine can detect the file type through the file extension

Gateway antivirus default file maximum decompression layer is 3 layers

The implementation of gateway antivirus is based on proxy scanning and stream scanning

It is mainly used for real-time monitoring of the information of the critical path of the network, listening to all packets on the network, collecting data, and analyzing suspicious objects

Use the newly received network packet as the data source;

Real-time monitoring through the network adapter, and analysis of all communication services through the network;

Used to monitor network traffic, and can be deployed independently.

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

True

False.

True

False

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

Infrastructure security

Tenant security

How to do a good job in management, operation and maintenance

Hardware maintenance

Web security protection

Global environment awareness

Sandbox and big data analysis

Intrusion prevention

htttp://www.abcd. com:8080/news/education. aspx

htttp://www.abcd. com:8080,te

/news/education. aspx

/news/education. aspx?name=tom&age=20

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

Users can visit www.videobt.com website.

The user can visit the www.bt.com website, but the administrator will receive a warning message.

User cannot access all the sites ending with bt com.

When users visit www.bt. com, they will be blocked.