2021 Free HCIA-Security V3.0 H12-711_V3.0 Questions and Answers

1. When connecting to Wi-Fi in public places, which of the following is relatively safer?

Connect to unencrypted Wi-Fi hotspots

Connect to the paid Wi-Fi hotspot provided by the operator and only browse the Internet

Connect to unencrypted free Wi-Fi for online shopping

Connect to encrypted free Wi-Fi for online transfer operations

2. Which of the following is the action to be taken in the summary phase of cybersecurity emergency response? (Multiple choice)

Establish a defense system and specify control measures

Evaluate the implementation of emergency plans and propose follow-up improvement plans

Judging the effectiveness of isolation measures

Evaluate the members of the emergency response organization

3. Regarding port mirroring, which of the following descriptions are correct? (Multiple choice)

The mirror port copies the packet to the observing port

The observation port sends the received message to the monitoring device

The mirror port sends the received message to the monitoring device

The observing port copies the packet to the mirror port

4. Which of the following options is the protocol number of GRE?

5. Which of the following descriptions of the VGMP protocol is wrong?

VGMP adds multiple VRRP backup groups on the same firewall to a management group, and the management group manages all VRRP backup groups in a unified manner

VGMP uniformly controls the switching of the status of each VRRP backup group to ensure that the status of all VRRP backup groups in the management group is consistent.

VGMP group devices in Active state will periodically send hello messages to the opposite end, and the stdandby end is only responsible for listening to hello messages and will not respond

By default, when the standby end does not receive the hello message sent by the opposite end for three hello message cycles, it will consider the opposite end to be faulty and switch itself to the Active state.

6. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.

TRUE

FALSE

7. Regarding GRE encapsulation and decapsulation, which of the following descriptions is wrong?

In the encapsulation process, the original data packet is sent to the Tunnel interface through the route search, and then GRE encapsulation is started.

In the encapsulation process. After encapsulation by the GRE module, the data packet will enter the IP module for further processing

In the decapsulation process. After receiving the GRE message, the destination end passes the data packet to the Tunnel interface by searching for a route, and then starts GRE decapsulation.

In the decapsulation process, after the GRE module decapsulates, the data packet will enter the IP module for further processing

8. The repair of antivirus software only needs to repair some system files that were accidentally deleted when checking and killing viruses to prevent system crashes.

TRUE

FALSE

9. Which of the following does not belong to the classification of cybersecurity incidents?

Major cybersecurity incidents

Special cybersecurity incidents

General cybersecurity incidents

Major cybersecurity incidents

10. Regarding single sign on, which of the following statements are correct? (Multiple choice)

The device can identify users who have passed the authentication by the identity authentication system

There is only one deployment mode for AD domain single sign on

Although there is no need to enter the user password, the authentication server needs to interact with the user password and the device to ensure that the authentication is passed

AD domain single sign on can be synchronized to the firewall by mirroring the login data stream

11. Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are correct? (Multiple choice)

VRRP is responsible for sending gratuitous ARP to direct traffic to the new master device when the master device is switched.

VGMP is responsible for monitoring equipment failures and controlling the fast switching of equipment

HRP is responsible for data backup during dual-system hot backup operation

The VGMP group in the Active state may contain the VRRP group in the Standby state

12. The administrator PC is directly connected to the management port of the USG firewall and uses the web method to perform initialization operations. Which of the following statements is correct? (Multiple choice)

The browser of the management PC visits http://192.168.0.1

The IP address of the management PC is manually set to 192.168.0.2-192.168.0.254

The browser of the management PC visits http://192.168.1.1

Set the network card of the management PC to automatically obtain an IP address

13. In the Huawei SDSec solution, which layer of equipment does the firewall belong to?

Analysis layer

Control layer

Executive level

Monitoring layer

14. When deploying dual-system hot backup on the firewall, in order to switch the overall state of the VRRP backup group, which of the following protocols is required?

VRRP

VGMP

HRP

OSPF

15. Regarding the description of firewall dual-system hot backup, which of the following options are correct? (Multiple choice)

When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup groups need to be configured on the firewall

The state of all VRRP backup groups of the same VGMP management group on the same firewall is required to be consistent

The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table, routing table and other information between the master device and the slave device

VGMP is used to ensure the consistency of all VRRP backup group switching

16. Which of the following is the encryption technology used in the digital envelope?

Symmetric encryption algorithm

Asymmetric encryption algorithm

Hashing algorithm

Streaming algorithm

17. The attacker responds to the request by sending ICMP and sets the destination address of the request packet to the broadcast address of the victim network.

What kind of attack does this behavior belong to?

IP spoofing attack

Smurf attack

ICMP redirect attack

SYN flood attack

18. Clients in the Trust zone of the firewall can log in to the FTP server in the Untrust zone, but cannot download files. Which of the following methods can solve the problem? (Multiple choice)

Release 21 port number between Trust and Untrust

When the FTP working mode is port mode, modify the security policy action from Trust to Untrust zone to allow

Enable detect ftp

When FTP working mode is Passive mode, modify the security policy action from Trust to Untrust zone to allow

19. Which of the following is not part of the digital certificate?

Public key

Private key

Validity period

Issuer

20. Which of the following is not a key technology of anti-virus software?

Shelling technology

Self-protection

Format the disk

Real-time update virus database

Leave a Reply Cancel reply