Huawei HCIP-Security-CSSN(Huawei Certified ICT Professional -Constructing Service Security Network)

QUESTION NO: 1
Which of the following are the network layer attacks of the TCP/IP stack? (Multiple Choices)

A. Address scan B. Port scanning C. IP spoofing D. Buffer overflow

Correct Answer: A,C

QUESTION NO: 2
To protect the security of data transmission, more and more websites or companies choose to encrypt traffic through SSL.
Which of the following statements is true about the threat detection of SSL traffic using Huawei NIP6000?

A. Processes such as "decryption," "threat detection," and "encryption." B. Threat-detected traffic is sent directly to the server without encryption. C. NIP can directly crack and detect SSL encryption. D. NIP000 does not support SSL traffic threat detection.

Correct Answer: A

QUESTION NO: 3
When the two-way SSL function is used to decrypt the HTTPS data packet, the value of the reverse proxy series represents the number of times which the data packet can be decrypted.

A. True B. False

Correct Answer: B

QUESTION NO: 4
Regarding the file filtering configuration file global configuration of the Huawei USG6000 product, which of the following is correct?

A. When the file extension does not match, if the action is "Allow" or "Alert", file filtering, content filtering, and anti-virus detection are performed according to the file type. B. File filtering, content filtering and anti-virus detection are not available when the file is corrupted. At this time, the file can be released or blocked according to business requirements. C. When the number of the file compressed layers is greater than the configured maximum number of uncompressed layers, the firewall cannot filter the file. D. When the file type is not recognized, file filtering, content filtering, and anti-virus detection are not performed.

Correct Answer: C

QUESTION NO: 5
When you suspect that the corporate network is being attacked by hackers, you have conducted technical investigations.
Which of the following options does not belong to the pre-attack behavior?

A. Planting Malware B. Web Application attack C. Loophole attack D. Brute force cracking

Correct Answer: A

QUESTION NO: 6
Which of the following description is incorrect about the cleaning center?

A. The cleaning equipment supports a variety of flexible attack defense technologies, but it is ineffective for CC attack and ICMP flood attack defense. B. The re-injection methods include: policy route reinjection, static route reinjection, VPN reinjection, and Layer 2 peering. C. There are two drainage ways of static drainage and dynamic drainage. D. The cleaning center completes the function of drainage, cleaning, and flow reinjection after cleaning for abnormal flow.

Correct Answer: A

QUESTION NO: 7
Misuse detection discovers intrusion activity in system by detecting similar behaviors of user intrusions, or by detecting violations of system security rules indirectly by exploiting system flaws.
Which of the following is not misuse detection feature?

A. Easy to upgrade B. Effective detection of impersonation of legitimate users C. Accurate detection D. Easy to implement

Correct Answer: B

QUESTION NO: 8
The main attack defense technologies of Huawei USG6000 include source detection, fingerprint learning and correlation defense.

A. True B. False

Correct Answer: B

QUESTION NO: 9
Huawei USG6000 product can virus scan and process certain file transfer protocols, but which of the following protocol does not include?

A. IMAP B. POP3 C. FTP D. TFTP

Correct Answer: D

QUESTION NO: 10
Which of the following are typical intrusions? (Multiple choices)

A. Tampering Web pages B. Computer is infected by U disk virus C. Copy/View Sensitive Data D. The power supply in the equipment room is abnormally interrupted

Correct Answer: A,C

QUESTION NO: 11
Which of the following are the common causes of IPS detection failures? (Multiple choices)

A. IPS policy is not submitted for compilation B. Bypass function in IPS is turned off C. Policy IDs with incorrect associations between IPS policy domains D. IPS function is not enabled

Correct Answer: A,C,D

QUESTION NO: 12
URL filtering technology can access control URLs for users according to different time objects and address objects, and achieve the purpose of accurately managing user online behavior.

A. FALSE B. TRUE

Correct Answer: B

Huawei HCIP-Security-CSSN(Huawei Certified ICT Professional -Constructing Service Security Network) - H12-722 Exam Questions