QUESTION 1

DRAG DROP
Match each of the following application layer service protocols with the correct transport layer
protocols and port numbers.

Answer:

Explanation:
QUESTION 2
Which of the following attack methods is to construct special SQL statements and submit sensitive
information to exploit program vulnerabilities

A. Buffer overflow attack

B. SQL injection attacks
C. Worm attack
D. Phishing attacks

Answer: B

Explanation:

QUESTION 3
A Web server is deployed in an enterprise intranet to provide Web access services to Internet users,
and in order to protect the access security of the server, it should be divided into the _____ area of
the firewall.

A. DMZ
B. DMY

Answer: A

Explanation:

QUESTION 4
At what layer does packet filtering technology in the firewall filter packets?

A. Transport layer
B. Network layer
C. Physical layer
D. Data link layer

Answer: B

Explanation:

QUESTION 5
As shown in the figure, the administrator needs to test the network quality of the 20.0.0 CIDR
block to the 40.0.0 CIDR block on Device B, and the device needs to send large packets for a long
time to test the network connectivity and stability.
A. tracert -a 20.0.0.1 -f 500 -q 9600 40.0.0.2
B. ping -a 20.0.0.1 -c 500 -s 9600 40.0.0.2
C. ping -s 20.0.0.1 -h 500-f 9600 40.0.0.2
D. tracert -a 20.0.0.1 -c 500 -w 9600 40.0.0.2

Answer: B

Explanation:

QUESTION 6
WAF can accurately control and manage users' online behavior and user traffic.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 7
ARP man-in-the-middle attacks are a type of spoofing attack technique.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 8
DRAG DROP
Please classify the following security defenses into the correct classification.
Answer:

Explanation:

QUESTION 9
Regarding the characteristics of the routing table, which of the following items is described correctly

A. Port When a packet matches multiple entries in the routing table, it is forwarded based on the
route entry with the largest metric.
B. Port In the global routing table, there is at most one next hop to the same destination CIDR block.
C. There may be multiple next hops in the global routing table to the same destination.
D. Port When a packet matches multiple entries in the routing table, it is forwarded according to the
longest mask.
Answer: C, D

Explanation:

QUESTION 10
When the Layer 2 switch receives a unicast frame and the MAC address table entry of the switch is
empty, the switch discards the unicast frame.

A. TRUE
B. FALSE

Answer: B

Explanation:

QUESTION 11
Among the various aspects of the risk assessment of IS027001, which of the following does not
belong to the system design and release process?

A. Hold a summary meeting of the project in the information security management stage
B. Determine risk disposal measures and implement rectification plans
C. Determine risk tolerance and risk appetite
D. System integration and information security management system document preparation

Answer: A

Explanation:

QUESTION 12
Which of the following types of malicious code on your computer includes?

A. Oral virus
B. Trojan horses
C. Port SQL injection
D. Oral spyware

Answer: A, B, C, D

Explanation:

QUESTION 13
For which of the following parameters can the packet filtering firewall filter?
A. Port packet payload
B. IP address of the port source destination
C. The MAC address of the source destination
D. Port number and protocol number of the port source

Answer: B, D

Explanation:

QUESTION 14
What is the security level of the Untrust zone in Huawei firewalls?

A. 10
B. 20
C. 5
D. 15

Answer: C

Explanation:

QUESTION 15
Which layer of the protocol stack does SSL provide end-to-end encrypted transmission services?

A. Application layer
B. Data link layer
C. Network layer
D. Transport layer

Answer: D

Explanation:

QUESTION 16
What are the correct entries in the following description of firewall security zones?

A. The DMZ security zone solves the problem of server placement well, and this security area can
place devices that need to provide network services to the outside world.
B. The Local zone is the highest security zone with a priority of 99.
C. Data flows between security domains are directional, including Inbound and Outbound.
D. Normally, the two communicating parties must exchange messages, that is, there are messages
transmitted in both directions between security domains.
Answer: A, C, D

Explanation:

QUESTION 17
Compared with the software architecture of C/S, B/S does not need to install a browser, and users are
more flexible and convenient to use.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 18
What type of ACL does ACL number 3001 correspond to?

A. Layer 2 ACL
B. interface ACL
C. Basic ACL
D. Advanced ACLs

Answer: D

Explanation:

QUESTION 19
What is correct about the following description of device management in the operating system?

A. The main task of port device management is to complete the I/O requests made by users and
classify I/O devices for users.
B. Whenever a process makes an I/O request to the system, as long as it is secure, the device
allocator will assign the device to the process according to a certain policy.
C. Device management can virtualize a physical device into multiple logical devices through
virtualization technology, providing multiple user processes to use.
D. In order to alleviate the problem of speed mismatch between CPU and I/O devices and improve
the parallelism of CPU and I/O devices, in modern operating systems, almost all I/O devices are
exchanging numbers with processors
Buffers are used at all times.

Answer: A, B, C, D
Explanation:

QUESTION 20
SSL VPN is a VPN technology that realizes remote secure access through SSL protocol. Which of the
following software must be installed when using SSL VPN?

A. Browser
B. Firewall
C. Client
D. Antivirus

Answer: C

Explanation:

QUESTION 21
The RADIUS protocol specifies how to pass user information, billing information, authentication and
billing results between the NAS and the RADIUS server, and the RADIUS server is responsible for
receiving the user's connection request, completing the authentication, and returning the result to
the NAS.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 22
The following description of IDS, which items are correct
The IDS cannot be linked to the firewall.

A. Mouth IDS is a fine-grained detection device, through which the live network can be monitored
more accurately.
B. The IDS can be upgraded flexibly and in a timely manner, and the strategic configuration operation
is convenient and flexible.
C. With IDS, system administrators can capture traffic from critical nodes and do intelligent analysis
to find anomalous and suspicious network behavior and report it to administrators.

Answer: A, B, C

Explanation:
QUESTION 23
Which of the following characteristics does a denial-of-service attack include?

A. Unauthorized tampering of the mouth

B. Unauthorized access to the mouth
C. Unauthorized activation of the mouth
D. Unauthorized destruction of the mouth

Answer: A, B, C, D

Explanation:

QUESTION 24
Which of the following is not an encryption algorithm in a VPN?

A. The RIP
B. AES
C. 3DES
D. DES

Answer: A

Explanation:

QUESTION 25
The following description of the intrusion fire protection system IPS, which is correct?

A. The port IPS can be concatenated at the network boundary.

B. The IPS cannot prevent intrusion from occurring in real time.
C. The port IPS can be attached to the switch and port mirrored through the switch.
D. Oral IPS has the ability to customize intrusion prevention rules.

Answer: A, C, D

Explanation:

QUESTION 26
Which of the following are the backup items that HRP can provide?

A. Mouth Server-map table entry

B. Mouth No-PAT table entry
C. Mouth ARP table entry
D. Port TCP session table

Answer: A, B, C, D

Explanation:

QUESTION 27
Which of the following zones is not the firewall default security zone?

A. Trust
B. The Local
C. DMZ
D. Management

Answer: D

Explanation:

QUESTION 28
In the automatic backup mode of hot standby on the second machine, which of the following
sessions is backed up?

A. ICMP session
B. TCP half-connection session
C. Self-session to the firewall
D. UDP first packet session

Answer: A

Explanation:

QUESTION 29
In cases where some configurations alter existing session table entries and want them to take effect
immediately, you can regenerate the session table by clearing the session table information. All
session table information can be cleared by executing the _____firewall session table command.

A. reset
B. set

Answer: A

Explanation:
QUESTION 30
What is the protocol number of the GRE protocol?

A. 47
B. 48
C. 46
D. The 50th

Answer: A

Explanation:

QUESTION 31
DRAG DROP
As shown in the figure, the process of AD single sign-on (querying the security log mode of AD
server), please match the corresponding operation process.
Answer:

Explanation:

QUESTION 32
Which of the following descriptions of server authentication is correct?

A. The visitor sends the username and password that identifies his identity to FW through the portal
authentication page, there is no password stored on F7, FT sends the username and password to a
third-party authentication server, and the verification process is carried out on the authentication
server.
B. Visitors obtain the SMS verification code through the Portal authentication page, and then enter
the SMS verification code to pass the authentication.
C. The visitor sends the username and password that identifies his identity to the third-party
authentication server, and after the authentication is passed, the third-party authentication server
sends the visitor's identity information to FW.
D. The visitor sends the username and password that identifies them to the FW through the portal
authentication page, on which the password is stored and the verification process takes place on the
FW.

Answer: A
Explanation:

QUESTION 33
Which of the following is the numbering range of Layer 2 ACLs?

A. The 3000~3999
B. The 4000~4999
C. The 1000~1999
D. @2000~2999

Answer: A

Explanation:

QUESTION 34
Which of the following operating modes does NTP support?

A. Mouth peer mode

B. Mouth client/server mode
C. Mouth broadcast mode
D. Mouth multicast mode

Answer: A, B, C, D

Explanation:

QUESTION 35
Which of the following protocols is a multichannel protocol?

A. The Telnet
B. THE HITP
C. FTP
D. The SSH

Answer: C

Explanation:

QUESTION 36
Huawei Firewall only supports the inter-domain persistent connection function for TCP packets.

A. TRUE
B. FALSE

Answer: B

Explanation:

QUESTION 37
Which of the following descriptions of single sign-on is correct?

A. The visitor recited the Portal authentication page and sent the username and password to FT to
identify his/her identity, and the password was not stored on the FT, and the FI sent the username
and password to the third-party authentication server, and the authentication process was carried
out on the authentication server.
B. The visitor sends the username and password that identifies his identity to the third-party
authentication server, and after the authentication is passed, the third-party authentication server
sends the visitor's identity information to FW. F7 only records the identity information of the visitor
and does not participate in the authentication process
C. Visitors obtain the SMS verification code through the Portal authentication page, and then enter
the SMS verification code to pass the authentication.
D. The visitor sends the username and password that identifies them to the FW through the portal
authentication page, on which the password is stored and the verification process takes place on the
FW.

Answer: B

Explanation:

QUESTION 38
The shard cache technology will wait for the arrival of the first shard packet, and then reassemble
and decrypt all the packets, and then do subsequent processing by the device to ensure that the
session can proceed normally in some application scenarios.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 39
Which of the following protocols is a file transfer protocol?

A. Mouth POP3
B. Mouth NFS
C. Mouth HITP
D. Mouth DFTP

Answer: B, D

Explanation:

QUESTION 40
The keys used by the IPSec encryption and authentication algorithms can be configured manually or
dynamically negotiated via the ____ protocol. (abbreviation, all uppercase).

A. IKE
B. IKB

Answer: A

Explanation:

QUESTION 41
The following description of asymmetric encryption algorithms, which item is wrong?

A. Compared with symmetric encryption algorithms, the security factor is higher.

B. Encryption is faster than symmetric encryption algorithms.
C. Public keys are generally disclosed to users.
D. Asymmetric encryption algorithms are a pair of keys, divided into public and private keys.

Answer: B

Explanation:

QUESTION 42
The following description of the construction of a digital certificate, which item is wrong

A. The name of the device that issued the certificate can be different from the subject name in the
issuer certificate.
B. The structure of the certificate follows the specification of the X.509 v3 version.
C. The simplest certificate consists of a public key, a name, and a digital signature from a certificate
authority.
D. The issuer signs the certificate information with the private key.

Answer: A
Explanation:

QUESTION 43
The following description of digital certificates, which one is wrong

A. The simplest certificate consists of a public key, a name, and a digital signature from a certificate
authority.
B. Digital certificates contain the owner's public key and related identity information.
C. In general, the key of a digital certificate has an expiration date.
D. Digital certificates do not solve the problem of digital signature technology where the public key
cannot be determined to be the designated owner.

Answer: D

Explanation:

QUESTION 44
As shown, in transmission mode, which of the following locations should the AH header be inserted
in?

A. 3
B. 2
C. 1
D. 4

Answer: B

Explanation:

QUESTION 45
The following description of the AH protocol in IPSec VPN, which one is wrong?

A. Supports data source validation

B. Supports data integrity checking
C. Supports packet encryption
D. Support anti-message replay

Answer: C

Explanation:

QUESTION 46
Which of the following is not an advantage of symmetric encryption algorithms?

A. Suitable for encrypting large amounts of data

B. Low overhead
C. Good scalability
D. High efficiency

Answer: C

Explanation:

QUESTION 47
What is correct in the following description of Security Alliance in IPSec?
There are two ways to set up an IPSec SA

A. manual and IKE.

IPSec SA is uniquely identified by a triple.
B. IPSec SA is a one-way logical connection, usually established in pairs (Inbound and Outbound).
C. Security Alliance SA is a communication peer agreement for certain elements that describes how
peers can communicate securely using secure services such as encryption.

Answer: A, B, C

Explanation:

QUESTION 48
IKE SA is a one-way logical connection, and only one IKE SA needs to be established between two
peers.

A. TRUE
B. FALSE

Answer: B

Explanation:
QUESTION 49
DES is a stream encryption algorithm, because the cipher capacity is only 56 bits, so it is not enough
to deal with the weakness of insufficient security, and later 3DES was proposed.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 50
As shown in the figure, what is the range of the AH protocol authentication range in transmission
mode?

A. The4
B. The3
C. The2
D. The1

Answer: A

Explanation:

QUESTION 51
As shown in the figure, what is the authentication range of the AH protocol in tunnel mode?
A. The3
B. The4
C. The2
D. The1

Answer: B

Explanation:

QUESTION 52
Both digital envelopes and digital signatures guarantee data security and verify the origin of data.

A. TRUE
B. FALSE

Answer: A

Explanation:

QUESTION 53
Certificates saved in DER format may or may not contain a private key.

A. TRUE
B. FALSE

Answer: B

Explanation:
QUESTION 54
The network environment is becoming more and more complex, and network security incidents
occur frequently. While accelerating the construction of informatization, enterprises must not only
resist external attacks, but also prevent internal management personnel from being involved in data
leakage and operation and maintenance accidents due to operational errors and other issues. Which
of the following options might reduce operational risk?

A. According to the administrator configuration, the O&M user corresponds to the background
resource account, and restricts the unauthorized use of the account. mouth Based on the password
security policy, the O&M security audit system automatically modifies the password of the
background resource account at regular intervals.
B. Each system is independently operated, maintained and managed, and the access process is not
audited and monitored.
C. Oral Each department system is independently authenticated and uses a single static password for
authentication.

Answer: A

Explanation:

QUESTION 55
The following description of investigation and evidence collection, which one is correct

A. Documentary evidence is required in computer crime.

B. In all investigation and evidence collection, it is best to have law enforcement agencies involved.
C. Evidence is not necessarily required in the course of the investigation.
D. Evidence obtained by wiretapping is also valid.

Answer: B

Explanation:

QUESTION 56
Data monitoring can be divided into two types: active analysis and passive acquisition.

A. TRUE
B. FALSE

Answer: A

Explanation:
QUESTION 57
Which of the following is not included in the Business Impact Analysis (BIA).

A. Risk identification
B. Impact assessment
C. Incident handling priority
D. Business priorities

Answer: B

Explanation:

QUESTION 58
Which of the following is not a type of Windows log event?

A. Information
B. Debugging
C. Error
D. Warning

Answer: C

Explanation:

QUESTION 59
Which of the following is the correct sequence for incident response management
1. Detection 2 Report 3 Mitigation 4 Lessons learned 5 Fix 6 Recovery 7 Response

A. 1->3->2->7->6->5->4
B. 1->7->3->2->6->5->4
C. 1->3->2->7->5->6->4
D. 1->2->3->7->6->5->4

Answer: B

Explanation:

QUESTION 60
As shown in the figure, nat server global202.106.1.1 inside10.10.1.1 is configured on the firewall.
Which of the following is the correct configuration for interzone rules? ( )[Multiple choice]*
A. rule name c. source-zone untrust. destination-zone trust. destination-address 202.106.1.132,
action permit
B. rule name d, source- zone untrust. destination- zone trust. destination- address10.l0.1.1 32, action
permit
C. rule name b, source- zone untrust, destination- zone trust, source- address10.10.1.1 32, action
permit
D. rule name b, source-zone untrust, destination-zone trust, source-address202.106.l.1 32, action
permit

Answer: B

Explanation:

QUESTION 61
Which of the following NAT technologies can implement a public network address to provide source
address translation for multiple private network addresses ( )*

A. NAPT
B. NAT Server
C. Easy-ip
CT Jinglu
D. NAT No-PAT

Answer: B

Explanation:

QUESTION 62
During the process of establishing IPSec VPN between peers FW_A and FW_B, two types of security
associations need to be established in two stages. In the first stage, _____ is established to verify the
identity of the peers.[fill in the blank]*

A. IKE SA
B. IKE SB
Answer: A

Explanation:

QUESTION 63
Using the ___ method of the Web proxy, the virtual gateway will encrypt the real URL that the user
wants to access, and can adapt to different terminal types.[fill in the blank]*

A. web rewrite
B. reb rewrite

Answer: A

Explanation:

QUESTION 64
Digital envelope technology means that the sender uses the receiver's public key to encrypt the data,
and then sends the ciphertext to the receiver ( )[Multiple choice]*

A. TRUE
B. FALSE

Answer: B

Explanation:

QUESTION 65
IPSec VPN uses an asymmetric algorithm to calculate the ___ key to encrypt data packets.[fill in the
blank]

A. symmetry
B. TRUE

Answer: A

Explanation:

QUESTION 66
When IPSec VPN uses tunnel mode to encapsulate packets, which of the following is not within the
encryption scope of the ESP security protocol? ( )[Multiple choice]*

A. ESP Header
B. TCP Header
C. Raw IP Header
D.ESP Tail

Answer: A

Explanation:

QUESTION 67
Database operation records can be used as ___ evidence to backtrack security events.[fill in the
blank]*

A. electronic
B. phases

Answer: A

Explanation:

QUESTION 68
Drag the phases of the cybersecurity emergency response on the left into the box on the right, and
arrange them from top to bottom in the order of execution.[fill in the blank]*

A. 3142
B. 3143

Answer: A

Explanation:

QUESTION 69
Drag the warning level of the network security emergency response on the left into the box on the
right, and arrange it from top to bottom in order of severity.[fill in the blank]*
A. 3124
B. 3125

Answer: A

Explanation:

QUESTION 70
According to the level protection requirements, which of the following behaviors belong to the scope
of information security operation and maintenance management? ( )*

A. Participate in information security training

B. Backup or restore data
C. Develop an emergency response plan
D. Security hardening of the host

Answer: A, B, C, D

Explanation:

QUESTION 71
In the TCP/P protocol core, which of the following protocols works at the application layer? (
)[Multiple choice]*

A. IGMP
B. ICMP
C. RIP
D. ARP

Answer: C

Explanation:

QUESTION 72
When using passive mode to establish an FTP connection, the control channel uses port 20 and the
data channel uses port 21. ( )[Multiple choice]*
A. True
B. False

Answer: B

Explanation:

QUESTION 73
In the Linux system, which of the following is the command to query the P address information? (
)[Multiple choice]*

A. ifconfig)
B.display ip interface brief
C.ipconfig
D. display ip

Answer: A

Explanation:

QUESTION 74
The trigger authentication method for firewall access user authentication does not include which of
the following? ( )[Multiple choice]*

A. MPLS VPN
B. SSL VPN
C. IPSec VPN
D. L2TP VPN

Answer: A

Explanation:

QUESTION 75
_____ Authentication is to configure user information (including local user's user name, password
and various attributes) on the network access server. The advantage is that it is fast.[fill in the blank]*

A. local authentication
B. total authentication

Answer: A

Explanation:
QUESTION 76
Which of the following descriptions about the main implementation of single sign-on is wrong? (
)[Multiple choice]*

A. Accept PC message mode

B. Query the AD server security log mode
C. Query the syslog server mode
D. Firewall monitors AD authentication packets

Answer: C

Explanation:

QUESTION 77
We should choose the encryption algorithm according to our own use characteristics. When we need
to encrypt a large amount of data, it is recommended to use the ____ encryption algorithm to
improve the encryption and decryption speed.[fill in the blank]*

A. symmetry
B. packets

Answer: A

Explanation:

QUESTION 78
IP packets using the AH+ESP protocol? ( )[Multiple choice]*
A.1
B.2
C.3
D.4

Answer: D

Explanation:

QUESTION 79
Please order the following steps in the PKI life cycle correctly, 1. Issued, 2. storage, 3. Update, 4.
verify[fill in the blank]*

A. 1243
B. 1245
Answer: A

Explanation:

QUESTION 80
Drag the phases of the cybersecurity emergency response on the left into the box on the right, and
arrange them from top to bottom in the order of execution. 1. Inhibition stage, 2. recovery phase, 3.
Detection stage, 4. eradication phase[fill in the blank]*

A. 3142
B. 3143

Answer: A

Explanation:

QUESTION 81
____- The goal is to provide a rapid, composed and effective response in emergency situations,
thereby enhancing the ability of the business to recover immediately from a disruptive event.[fill in
the blank]*

A. business continuity plan

B. business continuity

Answer: A

Explanation:

QUESTION 82
Social engineering is a means of harm such as deception, harm, etc. through psychological traps such
as psychological weaknesses, instinctive reactions, curiosity, trust, and greed of victims ( )

A. TURE
B. False

Answer: A

Explanation:

QUESTION 83
An engineer needs to back up the firewall configuration. Now he wants to use a command to view all
the current configurations of the firewall. May I ask the command he uses is ____[fill in the blank]*
A. display current-configuration
B. current-configuration

Answer: A

Explanation:

QUESTION 84
Please match the following information security risks to information security incidents one by
one.[fill in the blank]*
physical security risk Enterprise server permissions are loosely set
Information Security Management Risk Infected Panda Burning Incense
Information Access Risk Fire destroyed equipment in computer room
application risk Talk to people about leaking company secrets

A. 2413
B. 2414

Answer: A

Explanation:

QUESTION 85
Under normal circumstances, the Emai1 protocols we often talk about include ____, POP3, and
SMTP.[fill in the blank]*

A. IMAP
B. IMAE

Answer: A

Explanation:

QUESTION 86
An enterprise wants to build a server system and requires the following functions: 1. The enterprise
needs to have its own dedicated mailbox, and the sending and receiving of emails needs to go
through the enterprise's server; 2. The server must provide file transfer and access services. Users in
different departments of the enterprise provide accounts with different permissions: 3. When the
enterprise accesses the internal webpage of the enterprise, the enterprise can directly enter the
domain name in the browser to access. To meet the above requirements, which of the following
servers do enterprises need to deploy? ( )*
A. Time synchronization server
B. FTP server (I)
C. DNS server
D. Mail server

Answer: B, C, D

Explanation:

QUESTION 87
The trigger modes of the built-in Portal authentication in the firewall include pre-authentication and
____ authentication[fill in the blank]*

A. session
B. Portal

Answer: A

Explanation:

QUESTION 88
In the authentication policy of the firewall, _____ allows the user to not need to enter the user name
and password, but can obtain the corresponding relationship between the user and the IP, so as to
carry out policy management based on the user[fill in the blank]*

A. Certification-free
B. Certification

Answer: A

Explanation:

QUESTION 89
Which of the following is not the default security zone of the firewall ( )[Multiple choice]*

A. untrust trust
B. trust zone
C. dmz zone
D. isp zone)

Answer: D

Explanation:
QUESTION 90
Which of the following descriptions about the heartbeat interface is wrong ( )?[Multiple choice]*

A. It is recommended to configure at least two heartbeat interfaces. - One heartbeat interface is used
as the master, and the other heartbeat interface is used as the backup.
B. The interface MTU value is greater than 1500 and cannot be used as a heartbeat interface
C. The connection method of the heartbeat interface can be directly connected, or it can be
connected through a switch or router
D. MGMT interface (Gigabi tEtherneto/0/0) cannot be used as heartbeat interface

Answer: B

Explanation:

QUESTION 91
The initial priority of the USG9500VGMP group is related to which of the following factors ( )? *

A. interface bandwidth
B. VRRP priority
C. Number of daughter cards on the interface board
D. The number of CPUs on the D service board

Answer: C, D

Explanation: