H12-722_V3.0 Exam Dumps - HCIP-Security-CSSN V3.0

Download and backdoor features

Information collection characteristics

Self-hidden features

Network attack characteristics

By IP addresses

By terminal type

By account

By user information

Generate logs and discard

Generate logs and forward them

Delete the content of the email attachment

Add announcement and generate log

First package detection technology

Heuristic detection technology

Decryption technology

File reputation detection technology 5

Not self-replicating but parasitic

Trojans self-replicate and spread

Actively infectious

The ultimate intention is to steal information and implement remote monitoring

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

True

False

Users can visit www.videobt.com website.

The user can visit the www.bt.com website, but the administrator will receive a warning message.

User cannot access all the sites ending with bt com.

When users visit www.bt. com, they will be blocked.

Configure drainage and re-injection on the testing equipment.

Configure port mirroring on the cleaning device.

Add protection objects on the management center.

Configure drainage and re-injection on the management center.

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

File extension mismatch means that the file type is inconsistent with the file extension.

Unrecognized file type means that the file type cannot be recognized and there is no file extension.

File damage means that the file type cannot be identified because the file is damaged.

Unrecognized file type means that the file type cannot be recognized, and the file extension cannot be recognized.

The firewall is a bypass device, used for fine-grained detection

IDS is a straight line equipment and cannot be used for in-depth inspection

The firewall cannot detect malicious operations or misoperations by insiders

IDS cannot be linked with firewall

The detection center is mainly to pull and clean the attack flow according to the control strategy of the security management center, and re-inject the cleaned normal flow back to the customer.

User network, send to the real destination.

The management center mainly completes the processing of attack events, controls the drainage strategy and cleaning strategy of the cleaning center, and responds to various attack events and attack flows.

View in categories and generate reports.

The main function of the Green Washing Center is to detect and analyze DDoS attack traffic on the flow from mirroring or splitting, and provide analysis data to

The management center makes a judgment.

The firewall can only be used for inspection equipment

SACG and IP address 2.1.1.1 server linkage is not successful

SACG linkage success with controller.

master controller IP address is 1.1.1.2.

master controller IP address is 2.1.1.1.

TRUE

FALSE

True

False

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

The management center is divided into two parts: management server and teaching data collector.

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

True

False

1->2->3

1->2->4,

1->3->2

1->4->3

remote control device

mail server

Internet behavior management equipment

log collection server

True

155955cc-666171a2-20fac832-0c042c0414

False

True

False

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .