H12-724 Exam Dumps - HCIP-Security (Fast track) V1.0

Local account authentication

Anonymous authentication

AD Account Verification

MAC Certification

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

DF bit is 0, and Fragment Offset + Length> 65535.

The DF bit is 1, and Fragment Ofset + Length <65535.

Visitors can use their mobile phone number to quickly register an account

The administrator can assign different permissions to each visitor

Reception staff cannot create guest accounts

There is a violation of the guest account, and the administrator cannot retrospectively

True

False

Exemption from approval

Administrator approval

Receptionist approval

Self-approved by visitors

The aggregation layer device is not configured RADIUS Certification template.

Agile Controller-Campus The switch is not added on NAS equipment.

Connect to the terminal on the device to open 802.1X Function.

The Layer 2 link is used between the access device and the aggregation device, and it is not turned on 802 Instrument transparent transmission function

The mobile office platform is safe and reliable and goes online quickly.

Users can access the network safely and quickly.

Unified terminal management and fine control.

Network gateway deployment

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

Use BGP to publish UNR routes to achieve dynamic diversion.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

ICMP redirect message attack) 0l

Oversized ICMP packet attack

Tracert packet attack

IP fragment message item

Disclosure of personal information

Threats to the internal network

Leaking corporate information

Increasing the cost of enterprise network operation and maintenance

The priority of the coverage signature is higher than that of the signature in the signature set.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain either predefined signatures or custom signatures. 832335

True

False

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

Website phishing deception

Website Trojan

SQL injection

Cross-site scripting attacks 2335

Deploy the main DB

Deploy image DBO

Deploy witness DB

Deploy MC and SM dual machine backup

Discard message

URL Address redirected to Portal Authentication page

Direct travel

Send authentication information to authentication server

The data boy is huge

A wide variety of data

Low value density

Slow processing speed

True

False

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Hardware fault-> connection fault-> NAC client fault-> Policy Center server fault

connection fault-> Hardware fault-> NAC client fault-> Policy Center server fault

Hardware fault-> connection fault-> Policy Center server fault-> NAC client fault

hardware fault-> NAC client fault-> connection fault-> Policy Center server fault

True

False

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

User isolation between groups means that users in different groups cannot communicate, but internal users in the same group can communicate

Isolation within a user group means that users within the same group cannot communicate with each other.

The user isolation function is related to the same AP Layer 2 packets between all wireless users on the Internet cannot be forwarded to each other

Intra-group isolation and inter-group isolation cannot be used at the same time

Complete virus sample

Complete Trojan Horse

Specific behavior patterns

Security Policy

If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.

If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.

If end users are scattered in different geographical locations, a distributed deployment solution is recommended.

If end users are scattered in different regions, a centralized deployment solution is recommended.

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

MAC Certification

82.1 Certification

Portal Certification

MAC(prioritized

True

False

Warning

Block

Declare

Operate by weight

Through the mail client, you can connect No or Exchange Mail system.

Support automatic mail transmission encryption, transmission encryption method supports a full range of IPSec/TLS protocol.

Online survey of attached documents is not supported.

Support MAP4/SMTP/EAS Send and receive emails with standard protocols such as, and support real-time email push.

True

155955cc-666171a2-20fac832-0c042c0414

False

Keywords are the content that the device needs to recognize during content filtering.

Keywords include predefined keywords and custom keywords.

The minimum length of the keyword that the text can match is 2 bytes. ,

Custom keywords can only be defined in text mode.

True

False

PADIUS Used on the client and 802.1X Information such as user names and passwords are passed between switches.

PADIUS Used in 802.1X Switch and AAA Information such as user name and password are passed between servers.

PADIUS Used for Portal Server pushes to users Web page.

PADIUS Used for server to SACG Security policy issued by the device

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

Authentication data flow has passed SACG filter.

TSM No hardware is added to the system SACG equipment.

SACG Enable the default inter-domain packet filtering.

Privileges are misconfigured IP

The firewall has enabled the SYN Flood source detection and defense function

The firewall uses the first packet drop to defend against UDP Flood attacks.

HTTP Flood attack defense uses enhanced mode for defense

The threshold for HTTP Flood defense activation is 2000.

Planting malware

Vulnerability attack

Web application attacks

Brute force

Portal server IP

Portal page URL

shared-key

Portal Protocol version

True

155955cc-666171a2-20fac832-0c042c0433

False

MAC Certification is based on MAC The address is an authentication method that controls the user's network access authority. It does not require the user to install any client software.

MAC Bypass authentication is first performed on the devices that are connected to the authentication 802 1X Certification;If the device is 802. 1X No response from authentication, re-use MAC The authentication method verifies the legitimacy of the device.

MAC During the authentication process, the user is required to manually enter the user name or password.

MAC The bypass authentication process does not MAC The address is used as the user name and password to automatically access the network.

True

False

True

False

In the learning process, you should start from collecting samples, analyze their characteristics and then perform machine learning.

Machine learning only counts a large number of samples, which is convenient for security administrators to view.

In the detection process, the characteristics of unknown samples need to be extracted and calculated to provide samples for subsequent static comparisons.

Security source data can come from many places, including data streams, messages, threat events, logs, etc.

Direction is not enabled

The direction is turned on, but no specific direction is selected

The severity level of the configuration is too high

The protocol selection technique is correct

Prefix matching

Suffix matching

155955cc-666171a2-20fac832-0c042c043

Keyword matching

Exact match