HCIA-Security V3.0 (H12-711) Free Practice Test

Question 1

Which of the following is an action to be taken during the eradication phase of the cybersecurity emergency response? (Multiple Choice)

A. Confirm the damage caused by security incidents and report security incidents

B. Block the behavior of the attack, reduce the scope of influence

C. Revise the security policy based on the security incident that occurred, enable security auditing

D. Find sick Trojans, illegal authorization, system vulnerabilities, and deal with it in time

Correct Answer: C,D

Question 2

When the NAT server is configured on the USG system firewall, a server-map table is generated. Which of the following does not belong to the content in the performance?

A. Destination IP

B. protocol number

C. Source IP

D. Destination port number

Correct Answer: C

Question 3

Which of the following attacks is not a cyber-attack?

A. IP spoofing attack

B. ICMP attack

C. MAC address spoofing attack

D. Smurf attack

Correct Answer: C

Question 4

IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.

A. False

B. True

Correct Answer: A

Question 5

In the IPSec VPN transmission mode, which part of the data packet is encrypted?

A. Transport layer and upper layer data packet

B. Original IP packet header

C. New IP packet header

D. Network layer and upper layer data packet

Correct Answer: A

Question 6

In the classification of the information security level protection system, which of the following levels defines the damage to the social order and the public interest if the information system is destroyed? (multiple choice)

A. Fourth level Structured protection

B. First level User-independent protection level

C. Second level System audit protection level

D. Third level Security mark protection

Correct Answer: A,B,C,D

Question 7

Which of the following operations are necessary during the administrator upgrade of the USG firewall software version? (Multiple Choice)

A. Upload the firewall version software

B. Restart the device

C. Device factory reset

D. Specify the next time you start loading the software version.

Correct Answer: A,B,D

Question 8

During the configuration of NAT, which of the following will the device generate a Server-map entry? (Multiple Choice)?

A. A server-map entry is generated when easy-ip is configured.

B. Automatically generate server-map entries when configuring source NAT.

C. After configuring NAT No-PAT, the device will create a server-map table for the configured multi-channel protocol data stream.

D. After the NAT server is configured successfully, the device automatically generates a server map entry.

Correct Answer: C,D

Question 9

For the occurrence of network security incidents, the remote emergency response is generally adopted first. If the problem cannot be solved for the customer through remote access, after the customer confirms, it is transferred to the local emergency response process.

A. False

B. True

Correct Answer: B

Question 10

Based on the GRE encapsulation and de-encapsulation, which description is error?

A. Encapsulation Process: The original data packets transmit the data packets through looking up routing to the Tunnel interface to trigger GRE encapsulation.

B. Encapsulation Process: After GRE module packaging, the data packet will enter the IP module for further processing

C. De-encapsulation Process: After the destination receives GRE packets, transmitting the data packets through looking up the routing to the Tunnel interfaces to trigger GRE encapsulation.

D. De-encapsulation Process: After GRE module de-encapsulation, the data packets will enter the IP module for further processing.

Correct Answer: C

Question 11

Caesar Code is primarily used to encrypt data by using a stick of a specific specification.

A. False

B. True

Correct Answer: A

Question 12

Which of the following attacks is not a malformed message attack?

A. TCP fragment attack

B. Teardrop attack

C. Smurf attack

D. ICMP unreachable packet attack

Correct Answer: D

Question 13

Which of the following description is wrong about the Intrusion Prevention System (IPS)?

A. IDS devices need to be linked to the firewall to block the intrusion.

B. IPS devices cannot be bypassed in the network.

C. IPS devices can be blocked in real time once they detect intrusion

D. IPS devices can be cascaded at the network boundary and deployed online

Correct Answer: B

Question 14

Which of the following is correct about firewall IPSec policy?

A. By default, IPSec policy can control multicast.

B. By default, IPSec policy can control unicast packets and broadcast packets.

C. By default, IPSec policy only controls unicast packets.

D. By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets 。

Correct Answer: C

Question 15

Terminal detection is an important part of the future development of information security. Which of the following methods belong to the category of terminal detection? (Multiple Choice)

A. Monitor the host registry modification record

B. Prevent users from accessing public network search engines

C. Install host antivirus software

D. Monitor and remember the external device

Correct Answer: A,C

Welcome to TestSimulate

Huawei HCIA-Security V3.0 (H12-711) Free Practice Test