As shown in the following figure, the BFD for OSPF network is as follows: 1. OSPF is running between the three devices: FW_A, FW_B, and FW_C. The neighbors are in the FULL state. The association between BFD and OSPF is complete. BFD is complete. To establish a BFD session, the following instructions are correct?
After the BFD session is established, the two systems periodically send BFD control packets. If a system does not receive any packets from the peer within the detection time, the status of the BFD session is considered to be Down. Which mode of detection is this mode called BFD?
112. The ESP only verifies the IP payload and can perform NAT traversal, but the ESP encrypts the Layer 4 port information and causes the PAT function to be unusable. This problem can be solved by using the IPSec transparent NAT function, which encapsulates the ESP packet in the UDP header and comes with the necessary port information to make the PAT work normally.
What is the correct statement about the Eth-trunk function?
Avoid DHCP server spoofing attacks. DHCP snooping is usually enabled. What is the correct statement?
An intranet has made a network, the old equipment is offline, the new network equipment is brought online, and after the service test, it is found that most of the original service traffic cannot work normally. What is the quickest way to restore the business?
As shown in the figure, the Eth-trunk function is required to bind the interface. On this basis, if you need to implement the load balancing function of each interface, you need to add the following configuration command?
The HRP technology can implement the standby firewall without any configuration information. All the configuration information is synchronized by the main firewall to the standby firewall through HRP, and the configuration information is not lost after the restart.
134. Which of the following is the connection status data to be backed up in the HRP function?
When an attack occurs, the result of packet capture on the attacked host (1.1.1.1) is as shown in the figure. What kind of attack is this attack?
In the USG firewall, which two commands can be used to view the running status and memory/CPU usage of the device components (main control board, board, fan, power supply, etc.)?
Because the policy in the traffic limiting policy does not restrict the deny rule, you do not need to use the deny rule.
When using the optical bypass interface, the Bypass link has two working modes, automatic mode and forced mode.
Which of the following states indicates that a BFD session has been successfully established?
As shown in the figure, the firewall is dual-system hot standby. In this networking environment, all service interfaces of the firewall work in routing mode, and OSPF is configured on the upper and lower routers. Assume that the convergence time of OSPF is 30s after the fault is rectified. What is the best configuration for HRP preemption management?
Man-in-the-middle attacks are: the middleman completes the data exchange between the server and the client. In the server's view, all messages are sent or sent to the client. From the client's point of view, all messages are also sent or sent.
The figure shows the data flow direction of the Bypass interface in the Bypass working mode and the non-Bypass working mode. What are the following statements about the working flow of the electrical Bypass interface?
Which of the following protocols does the USG firewall hot standby not include?
In the IPSec active/standby link backup application scenario, gateway B uses IPSec tunneling technology and gateway A to establish an IPSec VPN.
An administrator can view the status of the device components by the following command: The status of the Slot3 board is Abnormal. What are the possible causes of the following faults?
The IPSec establishment of a device is unsuccessful. The debug print information is as follows. What are the possible causes of the fault?
? %%01IKE/4/WARING(1):phase2:proposal mismatch,please check ipsec proposal configuration 0 34476900 %%01IKE/7/DEBUG(d) dropped message from 3.3.3.1 due to notification type NO_PROPOSAL_CHOSEN
Accessing the headquarters server through the IPSec VPN from the branch computer. The IPSec tunnel can be established normally, but the service is unreachable. What are the possible reasons?
The static fingerprint filtering function is to defend the attack traffic by configuring a static fingerprint to process the packets that hit the fingerprint. Generally, the anti-DDoS device capture function can be used to input fingerprint information to static fingerprint filtering.
Run the display ike sa command to check the IKE SA information. The following statement is correct?
The server health check mechanism is enabled on the USG firewall of an enterprise to detect the running status of the back-end real server (the three servers are Server A, Server B, and Server C). When the USG fails to receive the response from Server B multiple times. When the message is received, Server B will be disabled and the traffic will be distributed to other servers according to the configured policy.
What is the correct statement about the ip-link feature?
Which attack method is CC attack?
In dual-system hot backup, the backup channel must be the primary interface on the interface board. Which type is not supported?
The ip-link principle is to continuously send ICMP packets or ARP request packets to the specified destination address, and check whether the ICMP echo reply or ARP reply packet of the destination IP response can be received.
In the TCP/IP protocol, the TCP protocol provides a reliable connection service, which is implemented using a 3-way handshake. First handshake: When establishing a connection, the client sends a SYN packet (SYN=J) to the server and enters the SYN_SENT state, waiting for the server to confirm; the second handshake: the server receives the SYN packet and must send an ACK packet (ACK=1) To confirm the SYN packet of the client, and also send a SYN packet (SYN=K), that is, the SYN-ACK packet, the server enters the SYN_RCVD state; the third handshake: the client receives the SYN-ACK packet of the server. Send the acknowledgement packet ACK (SYN=2 ACK=3) to the server. After the packet is sent, the client and server enter the ESTABUSHED state and complete the handshake. Regarding the three parameters in the 3-way handshake process, which one is correct?
When an IPSec VPN is set up on both ends of the firewall, the security ACL rules of both ends are mirrored.
Copyright © 2021-2024 CertsTopics. All Rights Reserved
