Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Huawei H12-731_V2.0 Dumps Questions Answers

Page: 1 / 10
Total 276 questions

HCIE-Security (Written) V2.0 Questions and Answers

Question 1

Let's take the L2TP over IPSec in the dual-machine scenario What is wrong with the description is the egg? (single selection).

Options:

A.

In this scenario, Fireproof will assign an IP address to the client

B.

After the L2TF tunnel is established, the user cannot access the Internet normally

C.

The parameters set by the client should match the parameters set on the firewall.

D.

The client should initiate a dial-up connection to the virtual address of the dual machine.

Buy Now
Question 2

Which of the following options is not part of the base metric of CVSS assessment? (single selection).

Options:

A.

Scope

B.

Attack vector

C.

Availability impact

D.

Vulnerability severity level

Question 3

Which of the following information cannot be scanned by the nmap tool? (single selection).

Options:

A.

Operating system version

B.

Port

C.

Services

D.

System vulnerabilities

Question 4

Which of the following is not a cybersecurity threat (single selection).

Options:

A.

DDOS attacks

B.

Phishing attacks

C.

IP Spoofing

D.

IP address scanning

Question 5

After you deploy HUAWEI CLOUD ANTI-DDoS Pro or Anti-DDoS Premium (DDoS Pro) or Anti-DDoS Pro, whether or not a DDoS attack occurs All access traffic is sent directly to the origin server IPo

Options:

A.

TRUE

B.

FALSE

Question 6

Configure the source NAT policy for the campus network egress firewall to use the internal network users to access the external network, if you need to use security policies to block access to the external network The source IP address matched in the security policy is the private IP address of the user.

Options:

A.

TRUE

B.

FALSE

Question 7

Which of the following options is a DDOS attack against the application layer? (multiple selection).

As DNS reflection attacks

B. UDP fragmentation attacks

C. HTTP slow attacks

D. TCPSYN flood attack

Options:

Question 8

In the HCIE-Security V2.0 course architecture, which of the following pieces are included? (multiple selection).

Options:

A.

Cloud security

B.

Security operations and analytics

C.

Security attack and defense technology

D.

Code auditing

Question 9

Which of the following items is included in the processing of raw traffic?

Options:

A.

Encrypted traffic parsing

B.

Extract metadata

C.

File restore

D.

Virus detection

Question 10

The intensity of a system security threat is only related to the vulnerability of the system, and a well-protected system is basically immune to attack.

Options:

A.

TRUE

B.

FALSE

Question 11

Which of the following options is part of the business security resiliency (multiple choices)?

Options:

A.

Establish a secure business environment

B.

Improve situational awareness and resiliency of your business

C.

Build defense-in-depth capabilities for your business

D.

Do a good job of protecting the equipment at the point

Question 12

What are the logical/technical access controls in the following equation? (multiple selection).

Options:

A.

Access control list

B.

Camera

C.

Encryption

D.

Employment Guidelines

Question 13

The following describes port scanning Which is wrong? (single selection).

Options:

A.

TCP port scanning uses the three-way handshake feature

B.

The purpose of port scanning is to determine what kind of services are enabled on the peer host, so as to find an entry for intrusion.

C.

When the scanner sends a Syn message If the peer does not reply, the peer port is down.

D.

For UDP port scanning It is to determine whether the port is open by sending a UDP data packet to the peer with a specific port number and observing whether the ICMP port is unreachable packet.

Question 14

The target IP address information can be collected through attacks, such as distributed denial-of-service attacks to obtain the target's IP information. (single selection).

Options:

A.

TRUE

B.

B. FALSE

Question 15

Which is the correct order for IPS to process traffic? (single selection).

Options:

A.

Data reorganization, > characteristic matching, > application identification, > corresponding processing

B.

Corresponding processing, data reorganization, > trait matching, application identification

C.

Corresponding treatment, characteristics matching. Application identification, data reorganization

D.

Data reorganization. App recognition. Trait matching. Deal accordingly

Question 16

When it is not in the same deployment as the log server, only FW can send conference logs to the log server through the IPSec tunnel and GRE tunnel (single selection).

Options:

A.

TRUE

B.

FALSE

Question 17

Right to request rectification by the data controller Which right of the data subject does the data subject belong to the completion of inaccurate/incomplete personal data? (single selection).

Options:

A.

Right of Access

B.

Right to Measure and Remove

C.

Right to Correction

D.

Right to know

Question 18

The following description of information security training Which items are correct? (multiple selection).

Options:

A.

Even for safety training, the focus will be different for different departments.

B.

In terms of training content For senior executives, training on information security strategies and information security laws and regulations is required.

C.

For grassroots employees, some safety technology training should be emphasized.

D.

In terms of training method For most employees, just one induction training is not enough attention, and frequent email campaigns are needed to raise awareness of information security

Question 19

The following describes the service identification Which item ◊ (single selection) is wrong

Options:

A.

Service identification is a reconnaissance technique that identifies the type of service provided by the server.

B.

The SSH protocol will actively inform visitors of their version information.

C.

An attacker can retrieve the relevant hole according to the service version and exploit it.

D.

The identification of all services can be achieved through port scanning technology.

Question 20

Which of the following options are the main dangers of computer Trojans?

Options:

A.

User files are corrupted

B.

Illegal remote control of a computer

C.

Personal accounts, passwords and other information are stolen

D.

Cause the system to slow down or even freeze

Question 21

Which of the following services are security management services in HUAWEI CLOUD solutions?

Options:

A.

DDOS Anti-DDoS Pro IP services

B.

Situational awareness services

C.

SSL certificate management service

D.

Security Expert Services

Question 22

In the following description of IPv6 security features, which one is wrong? (single selection).

As IPv6 DNS and other related protocols are designed for security

B. IPv6 addresses can be generated by encryption However, privacy headers are not supported

C. AH, and ES can be used as extension headers for IPv6 IPsec is used for additional security.

D. The IPv6 address is 128 bits to ensure that the source address is trusted

Options:

Question 23

With the following description of the load balancing feature of USG Firewall Server, what are the correct items?

Options:

A.

The IP address specified in the security policy should be the IP address of the real server

B.

The IP address specified in the security policy should be the IP address of the virtual server

C.

Modifying the destination IP address and destination port number of a packet occurs after querying the inter-domain security policy

D.

Modifying the destination IP address and destination port number occurs before querying the inter-domain security policy

Question 24

The following describes vulnerabilities and identification and assessment Which one is incorrect? (single selection).

Options:

A.

In the technical vulnerability point, identify the vulnerable point of the application system From the audit mechanism Audit storage and access control policies. Data integrity Identification Password protection and other aspects for identification.

B.

Vulnerability identification is also called vulnerability identification, and weakness is the existence of capital itself If there is no corresponding threat, the weakness itself will not cause damage to capital.

C.

Vulnerability points are divided into two types: technical vulnerabilities and management vulnerabilities. The management vulnerability identification image is only for the management part of the organization

D.

The severity of the technical vulnerability of an asset is affected by the organization's management vulnerability. Therefore, the vulnerability of assets should also be assigned with reference to the severity of technical management and organizational management vulnerabilities.

Question 25

The following describes the guiding principles for information security management Which one is incorrect? (single selection).

Options:

A.

Information security requires active defense and comprehensive prevention.

B.

It is necessary to comprehensively consider the constraints of social factors on information security.

C.

It is necessary to clarify the responsibilities and verifiability of countries, enterprises and individuals for information security.

D.

the principle of reducing complexity in engineering principles is the most privileged mechanism that needs to implement access.

Question 26

At this time, there is no defense against C&C attacks that use TLS for encryption

Options:

A.

TRUE

B.

FALSE

Question 27

NIP's service interfaces are all working at Layer 2, which can not change the customer's existing network topology. It provides direct and transparent access to the customer network In addition, the default threat protection policy is configured, and protection can be started after connecting to the network.

Options:

A.

TRUE

B.

FALSE

Question 28

Which of the following options allows complete destruction of data, (multiple selection)

Options:

A.

Degaussing method

B.

Multiple divisions

C.

Overwriting

D.

Mashing method

Question 29

Which of the following behaviors does not pose an information security risk. (Single selection)

Options:

A.

Close unnecessary host ports

B.

Misoperation

C.

Important files are not encrypted

D.

Connect to public WIFI

Question 30

USG firewall's DDoS attack prevention techniques include which of the following?

Options:

A.

Current limiting technology

B.

Cryptography

C.

Fingerprint technology

D.

Source detection technology

Question 31

Let's see which devices can be used as Huawei CIS (Cybersecurity Intelligence system.). Trapping probes in network security intelligence systems?

Options:

A.

firewall

B.

switchboard

C.

router

D.

server

Question 32

How does the following not belong to the firewall to detect viruses? (single selection).

Options:

A.

Heuristic detection technology

B.

First package detection technology

C.

Malicious domain name detection technology

D.

Document reputation detection technology

Question 33

The global nature of the Internet exposes Teb services to attacks of varying sizes, sizes, and sophistications So which of the following options can secure Web services?

Options:

A.

run IIS Lockdown Wizzard

B.

Install the latest operating system patches

C.

Disable default and management of web sites

D.

Disable network printing

Question 34

If the attacker uses a fake address to launch a TCP flood attack Which of the following defenses is most effective? (single).

Options:

A.

Source verification

B.

Fingerprint learning

C.

Session checking

D.

Load inspection

Question 35

Common database security audit techniques according to technical characteristics What are the categories that can be divided into? (multiple selection).

Options:

A.

Agent-based audit technology

B.

Log-based estimation technology

C.

Gateway-based audit technology

D.

Audit technology based on network monitoring

Question 36

A backdoor is a hacking method that obtains access to a program or system from a relatively stealthy channel But it does not overrule the security controls of the software.

Options:

A.

TRUE

B.

FALSE

Question 37

The purpose of access control is to provide access to authorized subjects and prevent any unauthorized and intentional access.

Options:

A.

TRUE

B.

FALSE

Question 38

The following describes the USG firewall VRRP backup group status, which one is wrong

Options:

A.

When the firewall interface fails The VRRP backup group status on the interface is Initialize

B.

When the VGMP group status of the firewall is load-balance The VRRP backup group status on the firewall is Master

C.

If the VGMP group status of the firewall is standby, the VRRP backup group status on the firewall is Backup

D.

When the VGMP group status of the firewall is active, the VRRP backup group status on the firewall is Master

Question 39

Which of the following access control types is defined according to the organization's security policy or (single-select).

Options:

A.

Administrative access control

B.

Logical/technical access control

C.

Physical access control

D.

Corrective access control

Question 40

NIP provides security mechanisms from multiple levels such as administrators and logs to build the security of operation and maintenance Which of the following security options are included?

Options:

A.

Administrator decentralization and domain management mechanism

B.

Anti-brute force mechanism

C.

Protection mechanism for sensitive user information

D.

Access channel control

Question 41

Which of the following options is a major cause of business disruption in the cloud? (multiple selection).

Options:

A.

Vulnerabilities

B.

Data breach

C.

Cyber attacks

D.

Viruses

Page: 1 / 10
Total 276 questions