HCIP-Security-CSSN(Huawei Certified ICT Professional -Constructing Service Security Network) (H12-722-ENU) Free Practice Test

Question 1

For APT attacks, attackers often lurk for a long time and initiate formal attacks on the enterprise at key points of the incident. APT attacks can generally be summarized in four stages:
1. Collect Information & Invasion
2. Long-term latency & mining
3. Data leakage
4. Remote control and penetration
Which of the following options is correct regarding the ordering of these four phases?

A. 2-1-4-3

B. 1-4-2-3

C. 2-3-4-1

D. 1-2-4-3

Correct Answer: B

Question 2

Intrusion detection is a kind of network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following belongs to the intrusion detection knowledge base?

A. Complete Trojan sample

B. Security policy

C. Specific behavior patterns

D. Complete virus sample

Correct Answer: C

Question 3

Which of the following is correct regarding the order of the mail transfer process?
1. The sending PC sends the mail to the specified SMTP server.
2. The sender SMTP Server encapsulates the mail information in the SMTP message and sends it to the receiver SMTP according to the destination address of the mail.
Server.
3. The sender SMTP Server encapsulates the mail information in the SMTP message and sends it to the receiver POP3/MAP Server based on the destination address of the mail.
4. Recipients send emails.

A. 1->2->3

B. 1->4->3

C. 1->3->4

D. 1->2->4

Correct Answer: D

Question 4

IPS is an intelligent intrusion detection and prevention product. It can not only detect the occurrence of intrusion, but also can stop the occurrence and development of intrusion in real time through a certain response method and protect the information system from substantive attack in real time.
Which of the following statement is wrong about the description of IPS?

A. IPS makes IDS and firewalls unified.

B. IPS is an intrusion detection system that can block in real-time when an intrusion is discovered.

C. IPS must be deployed in bypass mode on the network.

D. The common IPS deployment mode is straight-line deployment.

Correct Answer: C

Question 5

The process of a browser carrying a cookie to request a resource from a server is as shown in the following figure. Which of the following steps have the session ID information in the message?

A. 1, 3, 4

B. 3, 4,

C. 5, 6

D. 2, 4

Correct Answer: B

Question 6

In the deployment of Huawei NIP6000 products, traffic mirroring can only be performed using port mirroring.

A. False

B. True

Correct Answer: A

Question 7

Regarding the process of file filtering, which of the following statements is wrong?

A. The application identification module can identify the type of application hosting the file.

B. After the file extraction fails, the file will still be filtered.

C. The file type identification module is responsible for identifying the real type of the file and the extension of the file based on the file data

D. Protocol decoding is responsible for parsing the file data and file transfer directions in the data stream.

Correct Answer: B

Question 8

Threat after the big data intelligent security analysis platform detect will be synchronized to each network device, and then continue to learn and optimize by collecting to the logs from the network device.

A. False

B. True

Correct Answer: B

Question 9

When you suspect that the corporate network is being attacked by hackers, you have conducted technical investigations.
Which of the following options does not belong to the pre-attack behavior?

A. Planting Malware

B. Brute force cracking

C. Web Application attack

D. Loophole attack

Correct Answer: A

Question 10

When the two-way SSL function is used to decrypt the HTTPS data packet, the value of the reverse proxy series represents the number of times which the data packet can be decrypted.

A. False

B. True

Correct Answer: A

Question 11

In the construction of information security, the intrusion detection system plays a role as a monitor. Through monitoring the traffic of critical nodes in the information system, it conducts in-depth analysis and explores the security events that are taking place. Which of the following are its characteristics?

A. IDS can be linked with firewalls and switches to become a powerful "helper" for firewalls to better and more precisely control access between domains.

B. Unable to detect malicious operations or mis-operations from insiders.

C. Malicious code that is doped in allowable application data streams cannot be correctly analyzed.

D. Cannot perform in-depth inspection

Correct Answer: A

Question 12

Which of the following technologies can achieve content security? (Multiple Choice)

A. Sandbox and Big Data Analysis

B. Intrusion Prevention

C. Web security protection

D. Global environment awareness

Correct Answer: A,B,C,D

Question 13

Which of the following description is correct about the Management Center?

A. The data collector is responsible for abnormal traffic cleaning, centralized device management configuration, and business report presentation.

B. Management Center is divided into two parts: management server and data collector.

C. The management server of the management center is responsible for the cleaning of abnormal traffic, as well as the collection, analysis, aggregation, and storage of service data, and is responsible for reporting the summarized traffic to the management server for report presentation.

D. The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

Correct Answer: B

Question 14

To protect the security of data transmission, more and more websites or companies choose to encrypt traffic through SSL.
Which of the following statements is true about the threat detection of SSL traffic using Huawei NIP6000?

A. Threat-detected traffic is sent directly to the server without encryption.

B. NIP can directly crack and detect SSL encryption.

C. NIP000 does not support SSL traffic threat detection.

D. Processes such as "decryption," "threat detection," and "encryption."

Correct Answer: D

Question 15

Regarding the local black and white list of anti-spam messages, which of the following statements is wrong?

A. The black and white list is matched by extracting the destination IP address of the SMTP connection

B. Black and white lists are matched by extracting the source IP address of the SMTP connection

C. Block the connection if the source IP address of the SMTP connection matches the blacklist

D. The black and white list is matched by the sender's dns suffix

Correct Answer: D

Welcome to TestSimulate

Huawei HCIP-Security-CSSN(Huawei Certified ICT Professional -Constructing Service Security Network) (H12-722-ENU) Free Practice Test