1. When protecting the privacy of personal data, which of the following belongs to the technology used to anonymize data?
A. Marking
B. Hashing
C. Randomization
D. Encryption
Correct answer: C
Answer analysis:
2. In the Huawei HiSec solution, which of the following is not an execution layer device?
A, IPS
B, FireHunter
C, FW
D, UMA
Correct answer: B
Answer analysis: Some question banks choose D, it thinks so (UMA "is a unified operation and maintenance audit system, not a device in the hisec solution), but according to the focus of the question, I privately think that it should be in the execution layer device, and B is in the solution Clear analysis layer equipment, so comprehensively, select B sandbox
3, the following figure is a schematic diagram of the deployment of ECA probes in the network, the following description of the ECA detection scheme, which one is wrong
A, branch network exit It is recommended to deploy an independent flow probe and enable the ECA function
B. The specific selection of the CIS system needs to select the corresponding configuration according to the actual traffic volume
C. The ECA probe form includes two types of flow probe and server built-in probe plug-in
D. The ECA probe mainly Deployed at the egress of the headquarters or the egress of the data center to extract encrypted traffic characteristics
Correct answer: C
Answer analysis: ECA probe forms include independent probe and switch built-in ECA probe
4. Which of the following single sign-on methods does not support the USG firewall?
A. Agile Controler single sign-on
B. AD single sign-on
C. LDAP single sign-on
D. RADIUS single sign-on
Correct answer: C
Answer analysis: AD single sign-on, RADIUS single sign-on, Agile Controller single sign-on
5. Vulnerability scanning tools can be used to find vulnerabilities in systems, applications, and hosts. Which of the following is a commonly used vulnerability scanning tool?
A. Tracert
B. Burp
C. Sparta
D. Nmap
Correct Answer: C Sparta
Answer analysis:
6. The Web reputation function classifies websites, and differentiates them according to different classifications. When a user visits a potentially risky website, he or she can be reminded or blocked by the system in time, thus helping the user to quickly confirm the safety of the target website. Which of the following options does not belong to the classification of Web reputation websites?
A. Default trusted websites
B. Custom trusted websites
C. Custom suspicious websites
D. Predefined trusted websites
Correct answer: A
Answer analysis:
7. The Trojan horse is installed by the attacker without the user's knowledge through deception. Which of the following options belongs to the propagation method of the Trojan horse? A. Using
network sharing
B. Using Outlook mail to spread
C. Sending attack data packets through the network
D. Use the webpage
correct answer: D
Answer Analysis: Trojans on web pages
8. Which of the following devices cannot be linked with Huawei Situational Awareness System to block APT attacks? Single choice
A, NCE-Campus
B, firewall
C, terminal antivirus software
D, SecoManager
Correct answer: A
Answer analysis: I think the C option in this question should refer to the third-party EDR.
iMaster NCE-Campus is the core component of the cloud management network, and it can also be called the cloud management platform. It is a cloud-based network management operation and control system; In addition to the basic management and configuration of cloud-based equipment, remote operation and maintenance monitoring, and user access control, various value-added services can also be realized based on the big data platform.
9. Huawei Situational Awareness System (CIS) cannot be linked with which of the following?
A, AC-Campus
B, SecoManager
C, EDR
D, AC-DCN
correct answer: D
Answer analysis
10. In Huawei's APT threat defense architecture, HiSec Insight mainly collects information for big data security analysis. Which of the following information is not included?
A. Flow probe Metadata metadata
B. Firewall threat logs
C. Netflow
D. Firewall system logs
E. Intelligence information data
Correct answer: B
11. The stored XSS code is stored in the server. When the user visits the corresponding page, the code is executed. As shown in the figure, this is the implementation step of the stored XSS attack. Which of the following options is the second step? work process?
A. The attacker submits the URL prepared by himself to the user
B. The attacker activates the user session
C. The attacker’s JavaScript is executed in the server
D. The attacker submits a question containing known JavaSeript
correct answer: D
Answer analysis: There is no picture in the question, but there is a picture in the analysis, it should be the original version.
12. Which of the following is not a mitigation measure against ICMPV6 error control packet attacks?
A. Limit the rate of error control packets
B. Directly discard error packets that should not appear in the network
C. PMTU refresh limit
D. Add message authentication mechanism
correct answer: D
Answer analysis:
13. In the CloudFabric scenario, which of the following is wrong in the description of cloud-network integration and network virtualization? Single choice A.
In the two scenarios of network virtualization and cloud-network integration, Security VAS is issued through the controller's SecolManager.
B. In cloud-network integration scenarios, security services are issued by cloud platforms.
C. In network virtualization scenarios, security services are issued by the controller Portal.
D , network virtualization, and cloud-network integration scenarios, the current security VAS is issued by the controller Portal
Correct answer: D
Remarks: At least the question is complete, and no specific information can be found in the answer
14. Which of the following is wrong about the method to achieve business security resilience?
A. Realize active security through situational awareness and other technologies.
B. Plan business security according to ISP/IEC 15408/CC.
C. Realize passive security by deploying a threat-centric security system.
D. Passive defense can be achieved by deploying security devices such as firewalls.
correct answer: D
15. Which of the following descriptions of the cloud access security awareness function is wrong?
A. The service awareness function will identify the application and behavior of the traffic.
B. When cloud access security awareness and application-based security policies are configured together, the security policy will take effect first. C. The
cloud access security awareness function will only detect cloud application behavior
. D. Cloud Access security awareness depends on the service awareness function and its feature library
Correct answer: B
Answer analysis:
16. Which of the following descriptions about the networking mode of the advanced version of the CIS system is wrong?
A. The flow probe is the entrance device of the CIS system traffic. It is usually deployed at the port from the internal network to the Internet, or the exit position of the communication between different areas of the internal network. B. The dual-plane networking mode of the advanced version of the CIS system includes the management plane
and the data plane , suitable for scenarios with stable traffic and sufficient network bandwidth.
C. CIS System Advanced Edition contains 6 mainframe types.
D. CIS Advanced Edition has two modes of single-plane networking and double-plane networking.
Correct answer: B
Answer analysis: Dual-plane networking: There are management plane and data plane. It is suitable for scenarios where the traffic is particularly unstable and the network bandwidth is not sufficient.
17. The USG fire protection policy does not support the configuration of one of the following logging functions?
A. Packet loss log
B. Session log
C. Policy hit log
D. Traffic log
Correct answer: A
18. Different types of logs input by the USG firewall are controlled by security policies in different situations. Which of the following log types is controlled by security policies?
A. Session log
B. System log
C. Packet loss log
D. Business log in Dataflow format
Correct answer: A
19. Which of the following descriptions about the state of the VRRP backup group of the USG firewall is wrong?
A. When the state of the VGMP group on the firewall is load-balance, the state of the VRRP backup group on the firewall is Master B.
When the interface of the firewall fails, the state of the VRRP backup group under the interface is Initialize
. C. When the state of the VGMP group on the firewall is standby When the state of the VRRP backup group on the firewall is Backup
D. When the state of the VGMP group on the firewall is active, the state of the VRRP backup group on the firewall is Master
Correct answer: A
Answer analysis: When the status of the VGMP group is active, the status of the VRRP backup group is always Master. When the state of the VGMP group is standby, the state of the VRRP backup group is Backup. When the state of the VGMP group is load-balance, the state of the VRRP backup group is determined by the configuration of the VRRP backup group.
20. Which of the following descriptions about the security policy of the USG firewall is wrong?
A. By default, unicast packets are controlled by security policies.
B. After configuring the undo firewall packet-ilter basic-protocol enable command on the firewall, unicast packets are not controlled by security policies.
C. By default, broadcast packets are Not controlled by security policies
D. By default, multicast packets are not controlled by security policies
Correct answer: B
Answer analysis: undo firewall packet-filter basic-protocol enable is used to disable the security policy control on basic protocol unicast packets
21. Which of the following functions of HUAWEI CLOUD WAF is used for crawler inspection?
A. Access behavior security check
B. IP information camp check
C. User-defined rule check
D. Multiple coding intelligent analysis
Correct answer: C
22. Which of the following descriptions about the business process of the network entrapment program is wrong?
A. The attacker launches a network scanning attack with the purpose of detecting the network structure.
B. The attacker's final attack service is a deliberately constructed emulation service. Therefore, all actions of the attacker are monitored and reported to the CIS platform.
C. When the access traffic reaches the decoy probe, it will send the access traffic to the decoy through the collision between the probe and the decoy.
D. Decoy probes can analyze the frequency of scanning different destination IPs or ports with the same source address, and then virtualize a MAC to respond to the attacker.
Correct answer: B
Answer analysis:
Which of the following descriptions about Huawei UMA unified operation and maintenance audit is wrong?
A. In the case of non-permanent authorization, after the operation and maintenance administrator authorization expires, if there is authorization customization, the authorization will not be deleted.
B. Support the function of automatically modifying the passwords of target devices such as servers and network devices on a regular basis.
C. Support SSH, FIIP, RDP and other protocols.
D. In log management, once a log is deleted, it cannot be restored.
correct answer: D
Answer analysis:
Which of the following descriptions about the principle of ECA encrypted traffic detection technology is wrong? Single choice
A. The core technology of ECA plus traffic detection is to generate ECA detection classification model
B. Extract the plaintext data of encrypted traffic through the front-end ECA probe, including TLS handshake information, TCP statistics, DNS/HTTP related information , and report them to the CIS system
C. Based on the feature vectors obtained from the analysis and forensics, use machine learning methods to use sample data for training to generate a classifier model. D. Security researchers
analyze The black and white sample set, combined with open source intelligence, domain name, IP, SSL and other information, extracts characteristic information of encrypted traffic.
Correct answer: B
Answer analysis:
Which of the following descriptions about intrusion prevention is correct?
A. The default actions of predefined signatures include release, alarm and block.
B. When the intrusion prevention configuration file is referenced in the security policy, the direction of the security policy must be consistent with the direction of the attack traffic.
C. The custom signature priority is higher than the predefined signature priority.
D. Intrusion prevention intelligently detects intrusion behavior and cannot block it.
Correct answer: A
Answer analysis:
Which of the following descriptions about eLog online logs and dump logs is (incorrect)?
A. The online log is free from the process of decompression, so the speed is the fastest.
B. The dump log is usually an uncompressed file database.
C. Online logs take up less space, while dumped logs take up more space.
D. Online logs are usually compressed file databases.
Correct answer: A
Answer analysis: The correct one is A, the wrong one is BCD, and there is a problem with the title.
Among the following filters based on email content, which one is wrong? (Single choice)
A. Email attachment controlB
. Email address checkingC
. Anonymous email detectionD
. Spam prevention
correct answer: D
Answer Analysis
Digital certificates can guarantee the credibility of the public key of the communication peer during data transmission.
A. TRUE
B. FALSE
Correct answer: A
Answer analysis:
In the scenario where the firewall virtual system outputs logs to the eLog under the root system, which of the following descriptions about the output method is correct? A.
Port Range logs cannot be output to the eLog corresponding to the virtual system, but can only be output to the eLog connected to the root system eLog.
B. You can manually configure the output of the session log to the eLog connected to the root system.
C. It is not possible to output packet loss logs to the eLog connected to the root system through manual configuration.
D. It is not possible to manually configure the output of business logs to the eLog connected to the root system.
Correct answer: A
Answer analysis: single choice A, multiple choice AB
Which of the following risks does not exist in the life cycle of data generation, transmission, storage, and destruction?
A. Data use risk
B. Data storage risk
C. Data transmission risk
D. Data production risk
correct answer: D
Answer analysis:
Which of the following types of logs cannot use the Netflow log format?
A. URL session logs
B. IPv4 session logs
C. Semi-join session logs
D. IPv6 NAT64 session logs
Correct answer: A
Answer analysis:
Which of the following is not supported by the administrator login method supported by the IPS?
A. HTTP
B. SSH
C. Telnet
D. Console
Correct answer: A
Answer analysis:
Which of the following descriptions about deploying the CIS data collection function is correct?
A. By deploying the mirroring function on the flow probe, the Netflow data flow is sent to the big data platform.
B. When the log collector transmits the logs to the big data platform, it is recommended to use the SSL method, because SSL is relatively safe at that time, but the overhead is higher.
C. Syslog logs will be normalized before being reported to the big data platform, but Netflow logs will not be normalized.
D. Send the information to the big data platform by deploying the splitting function on the flow probe.
Correct answer: B
Analysis of the answer: There are versions on the Internet that choose B, and some choose C. Personally, I tend to choose B.
Multi-factor authentication is mainly used in login protection and operation protection scenarios.
A. correct
B. wrong
Correct answer: B
Answer analysis:
Multiple services of HUAWEI CLOUD are designed to be integrated with the key management service (DEW) to facilitate customer key management. Currently, DEW only supports key management for object storage, cloud hard disk, and cloud database services.
A. correct
B. wrong
Correct answer: B
Answer analysis:
Which of the following descriptions of the relationship between safety management is wrong?
A. Safety and quality containment
B. Safety and production considerations
C. Safety and speed mutual protection
D. Safety and danger coexist
Correct answer: B
Answer analysis:
Which of the following descriptions about the restrictions on the use of the intelligent route selection function of the USG firewall is wrong?
A. The firewall does not support intelligent route selection for IPv6 traffic.
B. The policy routing feature does not support IPv6, but multi-exit policy routing supports forwarding IPv6 packets.
C. If both IPv4 and IPv6 traffic exist on the same interface, when the intelligent route selection interface is configured During overload protection, the interface may be overloaded but the overload protection function does not take effect.
D. The firewall will not perform global intelligent route selection for the traffic sent from itself
Correct answer: B
Answer analysis:
The Web reputation function classifies websites and performs differentiated processing according to different categories. When a user visits a potentially risky website, he or she can be reminded or blocked by the system in time, thus helping the user to quickly confirm the safety of the target website. Which of the following options does not belong to the classification of Web reputation websites?
A. Predefined trusted websites
B. Custom trusted websites
C. Custom suspicious websites
D. Default trusted websites
correct answer: D
Answer analysis: The web reputation of the firewall is divided into: predefined trusted websites, custom trusted websites, custom suspicious websites
Which of the following services belongs to the security management service in the HUAWEI CLOUD solution?
A. Situation awareness service
B. Vulnerability scanning service
C. Database security service
D. Enterprise host security service
Correct answer: A
Answer analysis:
Which of the following is false about the approach to business security resilience?
A. Active security through technologies such as situational awareness.
B. Plan business security according to ISP/IEC 15408/CC.
C. Realize passive security by deploying a threat-centric security system.
D. Passive defense can be achieved by deploying security devices such as firewalls.
correct answer: D
answer analysis
The hard disk is a non-volatile memory based on a hard rotating disk on the host computer. It stores and retrieves data on a flat magnetic surface. Then the data hard disk saves the file according to which of the following options is saved in the hard disk? A,
slice
B , block
C, cluster
D, object
Correct answer: C
Answer analysis:
In Huawei's user management solution, which of the following statements is incorrect for the local ID card scenario of Internet users?
A. After the authentication is successful, the firewall records the correspondence between the user and the IP address used by the visitor.
B. During authentication, the firewall verifies the user and password used by the visitor, and authenticates the visitor.
C. When a visitor accesses network resources, the policy on the firewall determines the authority of the visitor based on the user or the group the user belongs to. D. The
administrator stores information such as user/group and password on the authentication server according to the organizational structure of the enterprise
correct answer: D
Answer analysis: stored on the certified firewall, not the server.
The access key used as an identity credential can be authenticated when accessing HUAWEI CLOUD. What information is included in the access key to verify identity?
A. Password
B. Username
C. Public key
D. Signature
correct answer: D
Answer analysis:
Regarding the description of the situational awareness workflow, which of the following statements is wrong?
A. The situational awareness product CIS supports automatic query to the cloud reputation center. It does not need to load the reputation library locally, thereby saving storage resources.
B. The situational awareness technology is in Data collection can not only collect the logs of various devices and hosts to collect threat information, but also detect threats by collecting traffic. The
situational awareness technology can display the threat attack path, so as to report to the administrator to block the attack
. D. Situational awareness Technology may not be able to detect certain single-point attacks in APT attacks
correct answer: D
Which function of the Anti-DDoS Pro service can be used to defend against DDoS attacks launched by forged source IP? Single choice A
, source verification
B, IP reputation database
C, malformed message filtering
D, fingerprint learning
Correct answer: A
Answer analysis: