Real HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU Exam Dumps Questions [2022]

Eleanor2024-10-14T15:36:02+00:00

By Eleanor HCIP-Security, Huawei

As introduced, all the HCIP-Security V3.0 certification exams are available online, including real HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU exam dumps questions. The HCIP-Security-CSSN V3.0 (H12-722_V3.0-ENU) covers content security filtering technology, Web security, intrusion detection and prevention technology, anti-virus technology, network attack prevention technology, big data and cloud security technology. The real H12-722_V3.0-ENU exam dumps are based on the exam contents to provide you with the latest questions and answers for good preparation.

Read HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU Free Dumps Below

Page 1 of 4

1. Huawei USG6000 products can identify the real type of common files and filter and check the content. Even if the file is hidden in a compressed file, or the extension is changed, the firewall cannot escape the eyes of the firewall.

TRUE

FALSE

2. Which of the following statements about network intrusion detection systems (NIDS) is false?

It is mainly used for real-time monitoring of network critical path information, listening to all packets on the network, collecting data, and analyzing suspicious objects

Use newly received network packets as data source;

Real-time monitoring through network adapters, and analysis of all communication traffic through the network;

Used to monitor network traffic and can be deployed independently.

3. In the security protection system in the cloud era, it is necessary to carry out reforms in the three stages before, during and after the event, and form a closed-loop continuous improvement and development.

Which of the following key points should be fulfilled in "during things"? (Multiple choice)

Vulnerability Intelligence

Defense in Depth

Offensive and defensive posture

Fight back against hackers

4. Regarding the description of keywords, which of the following are correct? (Multiple choice)

Keywords are the content that the device needs to recognize when filtering content.

Keywords include predefined keywords and custom keywords.

The shortest length of the keyword that the text can match is 2 bytes.

Custom keywords can only be defined in text.

5. Network attacks are mainly divided into two categories: single-packet attacks and traffic-based attacks. Single-packet attacks include scanning and snooping attacks, malformed packet attacks and special packet attacks.

TRUE

FALSE

6. Submit

3 -> 1 -> 4 -> 2 -> 5

3 -> 2 -> 4 -> 1 -> 5

3 -> 2 -> 1 -> 4 -> 5

3 -> 1 -> 2 -> 4 -> 5

7. Which of the following statements about firewalls and IDS is true?

Firewalls are bypass devices for fine-grained detection

IDS is an in-line device and cannot perform in-depth detection

The firewall cannot detect malicious operations or mis operations by insiders

IDS cannot be linked with the firewall

8. The configuration command to enable the attack defense function is as follows:

[FW] anti-ddos syn-flood source-detect

[FW] anti-ddos udp-flood dynamic-fingerprint-learn

[FW] anti-ddos udp-frag-flood dynamic-fingerprint-learn

[FW] anti-ddos http-flood defend alert-rate 2000

[FW] anti-ddos http-flood source-detect mode basic

Which of the following about the description of the attack defense configuration is correct? (Multiple Choice)

The firewall has enabled the SYN Flood source detection defense function.

The firewall uses the first packet drop to defend against UDP flood attacks.

HTTP flood attack defense uses enhanced mode for defense.

The threshold for HTTP flood defense to start is 2000.

9. Which of the following options are used to upgrade the anti-virus signature database of Huawei USG6000 products? (Multiple choice)

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

10. Which of the following options is not part of the basic DDoS attack prevention configuration process?

The system starts traffic statistics.

The system is associated with the configuration application for fingerprint learning.

The system starts attack defense.

The system performs preventive actions.

Page 2 of 4

11. Huawei WAF products are mainly composed of front-end execution, back-end central systems and databases. The database mainly stores the front-end detection rules and configuration files such as black and white lists.

TRUE

FALSE

12. For the description of the DNS Request Flood attack, which of the following statement is correct?

The DNS Request Flood attack against the cache server can use redirection to verify the legitimacy of the source.

For the DNS Request Flood attack on the authorized server, the client can be triggered to send a DNS request in a TCP packet to verify the legitimacy of the source I

During the source authentication process, the firewall will trigger the client to send a DNS request in a TCP packet to verify the validity of the source IP, but it will consume the TCP connection resources of the DNS cache server to a certain extent.

Redirection can be implemented not only for the source IP address accessing the attacked domain name, but also for the destination IP address accessing the attacked domain name.

13. Which of the following statements about IPS is false?

Override signatures take precedence over signatures in the signature set.

When the "source security zone" and "destination security zone" are the same, it means that the IPS policy is applied in the domain.

Modifications to the IPS policy will not take effect immediately, and you need to submit a compilation to update the configuration of the IPS policy.

The signature set can contain both predefined signatures and custom signatures.

14. Part of the reason why APT attacks have become difficult to defend against is that they exploit zero-day exploits. This zero-day vulnerability usually takes a lot of time to research and analyze and develop corresponding defense methods.

TRUE

FALSE

15. Huawei NIP6000 products provide a carrier-class high reliability mechanism from multiple levels to ensure the stable operation of the equipment. Which of the following belong to networking reliability? (Multiple choice)

Dual-system hot backup

Power 1+1 redundant backup

Hardware Bypass

Link-group

16. Regarding the file filtering technology in the USG6000 product, which of the following descriptions is wrong?

It can identify the application hosting the file, the file transfer direction, the file type and the file extension.

Even if the file type is modified, it can identify the real type of the file.

It can identify the type of files transmitted by itself, and can block, alert and announce specific types of files.

It supports filtering the content after decompression of the compressed file.

17. Misuse detection through the detection of similar intrusion behaviors in user behavior, or the detection of those behaviors that use system defects to indirectly violate system security rules, intrusion activities in the system are found. Which of the following is not a feature of misuse detection?

easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

18. Which of the following regarding the order of the document filtering technology processing flow is correct?

(1) The security policy is applied as permit

(2) Protocol decoding

(3) File type identification

(4) Application identification

(5) File filtering

(1) (2) (3) (4) (5)

(1) (4) (2) (3) (5)

(1) (2) (4) (3) (5)

(1) (3) (2) (4) (5)

19. The firewall anti-virus module whitelist rule is configured as "*example*". Which of the following matching methods is used in this configuration?

Prefix matching

Suffix matching

Keyword matching

Exact matching

20. Due to the difference of network environment and system security strategy, the specific implementation of intrusion detection system is also different.

What are the four main components of the system?

Event extraction, intrusion analysis, reverse intrusion and remote management.

Event extraction, intrusion analysis, intrusion response, and field management.

Event recording, intrusion analysis, intrusion response and remote management.

Event extraction, intrusion analysis, intrusion response, and remote management.

Page 3 of 4

21. In Huawei USG6000 products, IAE provides an integrated solution, and all content security detection functions are integrated in a well-designed high-performance engine. Which of the following is not a content security detection feature supported by this product?

Application recognition and perception

URL Classification and Filtering

Video Content Filtering

Intrusion Prevention

22. UDP is a connectionless protocol. A large number of UDP flood attacks that change sources and ports will cause the performance of network devices that rely on session forwarding to degrade or even exhaust the session table, resulting in network paralysis. Which of the following is not a defense against UDP flood attacks?

UDP fingerprint learning

Linked Defense

Current limiting

The first packet is discarded

23. Regarding the global configuration of file filtering configuration files for Huawei USG6000 products, which of the following descriptions is correct?

File filtering, content filtering, and anti-virus detection are not available when files are corrupted. At this time, files can be released or blocked according to business requirements.

When the file extension does not match, if the action is "Allow" or "Alert", file filtering, content filtering and anti-virus detection will be performed according to the file type.

When the number of compression layers of a file is greater than the configured "Maximum number of decompression layers", the firewall cannot filter the file.

When the file type cannot be identified, file filtering, content filtering and anti-virus detection are not performed.

24. For an antivirus gateway based on flow scanning, which of the following descriptions is wrong?

Relying on state detection technology and protocol analysis technology

The performance is higher than the proxy-based method

The overhead is smaller than the proxy-based method

The detection rate is higher than the proxy-based scanning method

25. Configure the following commands on the Huawei firewall:

[USG] firewall defend ip-fragment enable

Which of the following would be recorded as aggressive behavior? (Multiple choice)

The DF bit is 1, and the MF bit is also 1 or the Fragment Offset is not 0,

The DF bit is 0, the MF bit is 1 or the Fragment Offset is not 0,

The DF bit is 0, and Fragment Offset + Length > 65535.

The DF bit is 1, and Fragment Offset + Length < 65535.

26. What content can the content filtering technology of Huawei USG6000 filter? (Multiple choice)

Keywords included in the content of the uploaded file

Keywords contained in the downloaded file

File Type

Direction of file upload

27. For the description of the AntiDDoS system, which of the following options is correct?

The detection center mainly pulls and cleans the attack traffic according to the control strategy of the security management center, and injects the cleaned normal traffic back to the customer network and sends it to the real destination.

The management center mainly completes the processing of attack events, controls the traffic diversion strategy and cleaning strategy of the cleaning center, and classifies and views various attack events and attack traffic, and generates reports.

The main function of the cleaning center is to detect and analyze the DDoS attack traffic on the mirrored or split traffic, and provide the analysis data to the management center for judgment.

Firewalls can only be used as detection devices.

28. IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusion, but also suspend the occurrence and development of intrusion behaviors in real time through a certain response method, and protect the information system from substantial attacks in real time.

Which of the following statements about IPS is false?

IPS is an intrusion detection system that can block intrusions in real time.

IPS makes IDS and firewall unified.

IPS must be deployed in bypass mode in the network.

The common IPS deployment mode is in-line deployment.

29. 1.If the user's FTP operation matches the FTP filtering policy, what actions can be performed? (Multiple choice)

block

Announcement

Alert

to execute

30. Which of the following are common reasons for IPS detection failure? (Multiple choice)

IPS policy is not submitted for compilation

Incorrect Policy IDs associated with IPS policy domains

The IPS function is not turned on

Bypass function is disabled in IPS

Page 4 of 4

31. Regarding anti-spam response codes, which of the following statements is false?

The response code will vary depending on the RBL service provider.

USG treats emails matching the response code as spam.

If the response code is not returned or the reply code is not configured on the USG, the mail is released.

The response code is uniformly specified as 127.0.0.1.

32. After the application behavior control configuration file is referenced, it will take effect immediately, and no configuration submission is required.

TRUE

FALSE

33. Regarding the processing flow of file filtering, which of the following statements is false?

After the file decompression fails, the file will still be filtered.

The application identification module can identify the application type that carries the file.

Protocol decoding is responsible for parsing out the file data and file transfer direction in the data stream.

The file type identification module is responsible for identifying the real type of the file and the extension of the file according to the file data

34. Which of the following types of DDoS attacks fall into?

Single-packet attack

Traffic-based attack

Malformed Packet attack

Snooping Scanning attack

35. In the penetration stage of APT attack, which of the following attack behaviors will the attacker generally have?

Long-term latency and key data collection.

Leak the key data information obtained to the third party of interest.

Through phishing emails with attachments of 0day vulnerabilities, the user's terminal becomes a springboard for attacks.

The attacker sends C&C attacks or other remote commands to the infected host, so that the attack spreads laterally in the intranet.

36. Which of the following attacks are attacks against web servers? (Multiple choice)

Website Phishing and Spoofing

Website Trojans

SQL Injection

Cross-site scripting attacks

37. What aspects of information security are at risk from unauthorized access? (Multiple choice)

Confidentiality

Integrity

Availability

Recoverability

38. The figure below shows the configuration of the URL filtering configuration file. Which of the following statements about this configuration is correct?

The firewall will check blacklist entries before checking whitelist entries.

Assuming that the user visits the www.exzample.com website, which belongs to both the humanities and social networking categories, the user cannot access the website at this time.

The user visits the website www.exzample.com. When the black and white list is not hit, the user will query the predefined URL category entry.

The default action means that all sites are allowed access. Hence the configuration is wrong here.

39. Huawei NIP6000 products have zero-setting network parameters and plug-and-play functions, because the interface and interface pair only work at layer 2, and no IP address needs to be set.

TRUE

FALSE

40. Cloud sandbox for detection

Which of the following order of the process is correct?

1-3-4-2

1-4-2-3

1-4-3-2

3-1-4-2

Real HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU Exam Dumps Questions [2022]

Real HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU Exam Dumps Questions [2022]

Read HCIP-Security-CSSN V3.0 H12-722_V3.0-ENU Free Dumps Below

Share this post

Author

Related Posts