Scribd Logo
Carica

Benvenuto in Scribd!

  • Security Mock Exam Right or Wrong

    Caricato da

    hamza syaho
    209 visualizzazioni11 pagine
    This document contains a mock exam for a security certification. It includes 25 multiple choice questions testing knowledge of firewalls, VPNs, encryption, and other cybersecurity topics. The questions cover topics like stateful inspection firewalls, SYN flood attacks, encryption key length, protocols, and default credentials. The mock exam provides single best answer choices for each question along with explanations of whether each answer choice is right or wrong.

    Descrizione originale:

    Titolo originale

    Security Mock Exam

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    This document contains a mock exam for a security certification. It includes 25 multiple choice questions testing knowledge of firewalls, VPNs, encryption, and other cybersecurity topics. The questions cover topics like stateful inspection firewalls, SYN flood attacks, encryption key length, protocols, and default credentials. The mock exam provides single best answer choices for each question along with explanations of whether each answer choice is right or wrong.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    209 visualizzazioni11 pagine

    Security Mock Exam Right or Wrong

    Caricato da

    hamza syaho
    This document contains a mock exam for a security certification. It includes 25 multiple choice questions testing knowledge of firewalls, VPNs, encryption, and other cybersecurity topics. The questions cover topics like stateful inspection firewalls, SYN flood attacks, encryption key length, protocols, and default credentials. The mock exam provides single best answer choices for each question along with explanations of whether each answer choice is right or wrong.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 11

    Security Mock Exam

    Right or Wrong
    1. Stateful inspection firewalls create and maintain session tables to keep track of TCP
    and UDP sessions and use security policies to control which sessions can be created.
    Only the packets associated with the created sessions are forwarded.

    Answer: Right

    2. IN SYN flood attacks, an attacker sends a large number of SYN packets to the server
    but does not acknowledge the SYN-ACK packets. Therefore, the server maintains a lot
    of half-open TCP connections, exhausting the server resources.

    Answer: Right

    3. For a encryption algorithm, a longer key takes more time to crack.

    Answer: Right

    4. The Protocol field of IP packet headers identifies the upper-layer protocol. If the field
    value is 6, the upper-layer protocol is TCP. If the field value is 17, the upper-layer
    protocol is UDP.

    Answer: Right

    5. IKE enables key exchange negotiation and SA establishment to simply the use and
    management of IPSec.

    Answer: Right

    Single Choice

    1. Stateful inspection firewalls forward subsequent packets (subsequent packets) mainly


    based on _______?

    A. Route table

    B. Session table

    C. FIB table

    D. MAC address table

    Answer: B
    2. Which of the following modes is the IKE mode in the second phase?

    A. Passive mode

    B. Main mode

    C. Quick mode

    D. Aggressive mode

    Answer: C

    3. ACL 2009 is ( )

    A. A basic ACL

    B. An advanced ACL

    C. A time-based ACL

    D. A MAC-based ACL

    Answer: A

    4. In network security, attacks can undermine network resources and make them invalid
    or unavailable. Such attacks are targeted at ( ).

    A. Authenticity

    B. Availability

    C. Confidentiality

    D. Integrity

    Answer: B

    5. What is default username and password of USG firewall?

    A. admin/Admin@123

    B. admin@123/Admin@123

    C. admin/Huawei@123

    D. adminuser/Huawei_123

    Answer: A
    6. Which of the following zones can be deleted?

    A. Trust Zone

    B. DMZ Zone

    C. Untrust Zone

    D. Security Zone

    Answer: D

    7. Which one of the following orders about the firewall packet forwarding process is
    correct?1. check Security Policy. 2. Check Routing table. 3. Check Server-map. 4.
    Check NAT policy

    A. 2-3-4-1

    B. 4-2-1-3

    C. 2-4-1-3

    D. 3-2-1-4

    Answer: D

    8. Which one of the following functions is not supported by SSL VPN?

    A. File sharing

    B. Network extension

    C. Web push

    D. Port forwarding

    Answer: C

    9. Which type of firewall is the most efficient in forwarding non-first packet data?

    A. Stateful inspection firewall

    B. Packet filtering firewall

    C. Proxy firewall

    D. Software firewall

    Answer: A
    10. Which of the following items is not included in a server map entry of the USG
    series?

    A. Destination port

    B. Protocol

    C. Source IP address

    D. Destination IP address

    Answer: C

    11. In firewall hot backup networking, in order to achieve overall status switching,
    which protocol is needed?

    A. HRP

    B. VRRP

    C. IGMP

    D. VGMP

    Answer: D

    12. Which of the following option is not the feature of IPSec AH protocol?

    A. Data integrity

    B. Anti-replay

    C. Confidentiality

    D. Authenticity

    Answer: C

    13. Which of the following option is not included in network layer attack?

    A. ICMP flood attacks

    B. IP spoofing

    C. Smurf attacks

    D. ARP spoofing

    Answer: D
    14. Which of the following algorithms uses the same key for encryption and
    decryption?

    A. RSA (1024)

    B. MD5

    C. SHA-1

    D. DES

    Answer: D

    15. Which of the following Layer-3 VPN is more secure?

    A. L2F

    B. GRE

    C. IPSec

    D. PPTP

    Answer: C

    16. Which of the following option does not belong to symmetric encryption algorithm?

    A. AES

    B. DES

    C. 3DES

    D. RSA

    Answer: D

    17. Which of the following headers contains a VLAN tag?

    A. TCP header

    B. IP header

    C. Ethernet Frame

    D. UDP header

    Answer: C
    18. Stateful inspection firewalls forward subsequent packets (non-first packets) mainly
    based on _______?

    A. MAC address table

    B. FIB table

    C. Session table

    D. Routing table

    Answer: C

    19. Which one of the following protocols is a multi-channel protocol?

    A. FTP

    B. HTTP

    C. Telnet

    D. SMTP

    Answer: A

    20. Which of the following statements about ARP spoofing attacks is incorrect?

    A. The ARP mechanism checks only normal packet interactions.

    B. ARP static binding can be used to defend against ARP spoofing attacks, and it is
    used mainly on small-scale networks.

    C. ARP spoofing attacks are implemented only through ARP replies.

    D. When a host sends a normal ARP request, an attacker responds before the server
    responds, causing the host to establish an incorrect mapping between the IP and MAC
    addresses.

    Answer: C

    21. What is the security level of trust zone?

    A. 50

    B. 5

    C. 100

    D. 85

    Answer: D
    22. To enable employees on a business trip to access the intranet file server, which of
    the following SSL VPN functions is the optimal solution?

    A. Port forwarding

    B. File sharing

    C. Network extension

    D. Web proxy

    Answer: B

    23. Which of the following attacks is a type of traffic attack?

    A. Smurf

    B. IP sweep

    C. Teardrop

    D. SYN flood

    Answer: D

    24. Which of the following option the protocol number of AH?

    A. 51

    B. 49

    C. 52

    D. 50

    Answer: A

    25. Which of the following zone can be deleted?

    A. DMZ

    B. Local

    C. Trust

    D. Security

    Answer: D
    Multiple Choice

    1. Which information can be backed up by HRP?

    A. TCP/UDP session table

    B. Dynamic blacklist

    C. Server map entry

    D. Routing table

    Answer: A B C

    2. Which of the following user access and authentication methods are supported by the
    Policy Center system?

    A. Network access without authentication

    B. Web, identify authentication

    C. Agent, identify authentication and security authentication

    D. WebAgent, identify authentication and part of security authentication

    Answer: B C D

    3. Which of the following are main functions of Memory Management ?

    A. Memory scheduling

    B. Memory protection

    C. Memory allocation

    D. Memory expansion

    Answer: B C D

    4. Which of the following scenarios can IP-link be applied to?

    A. Static routing

    B. Hot backup

    C. Persistent connection

    D. Link aggregation

    Answer: A B
    5. What does AAA mean?

    A. Authorization

    B. Accounting

    C. Audit

    D. Authentication

    Answer: A B D

    6. Which of the following VPN access methods are suitable for mobile working?

    A. IPSec VPN

    B. GRE VPN

    C. SSL VPN

    D. L2TP VPN

    Answer: C D

    7. Which of the following capabilities can encryption provide?

    A. Confidentiality

    B. Non-repudiation

    C. Scalability

    D. Integrity

    Answer: A B D

    8. Which of the following statements about buffer overflow attacks are correct?

    A. The buffer overflow attack is one of the most common methods for attacking
    software systems.

    B. The buffer overflow attack is a type of application-layer attack.

    C. Buffer overflow attacks use software system memory operation defects with high
    operating privileges to run attack code.

    D. Operating system vulnerabilities and architecture will not cause buffer overflow
    attacks.

    Answer: A B C
    9. What kind of method can the administrators upgrade USG firewall software?

    A. ssh

    B. HTTPS

    C. telnet

    D. FTP

    Answer: B D

    10. Which of the following items are combined to uniquely identify an SA?

    A. Security protocol number

    B. SPI

    C. Destination IP address

    D. Source IP address

    Answer: A B C

    11. Which of following statements about IDS are correct?

    A. The IDS dynamically collects a large volume of key information and analyzes and
    identifies the status of the entire system.

    B. The IDS can block detected policy breaches and attacks.

    C. The IDS system is comprised of all software and hardware systems for intrusion
    detection.

    D. The IDS system can function with firewalls and switches to better control external
    access.

    Answer: A C D

    12. The features of IPS include:

    A. Auto-learning and auto-sensing

    B. In-line deployment

    C. Real-time prevention

    D. Online mode

    Answer: A C D
    13. Which of the following algorithms are encryption algorithms?

    A. DES

    B. 3DES

    C. MD5

    D. SHA-1

    Answer: A B

    14. What features does the NAT technology have?

    A. If bidirectional NAT is configured, external users can access the resources on the
    private network without any restriction.

    B. The IP address translation is transparent for both private and public network users.
    Users cannot percept the translation process.

    C. NAT hides private IP addresses and improves network security.

    D. NAT does not support NAPT for private IP addresses.

    Answer: B C D

    15. Which of following user authentication methods are supported by the terminal
    security system?

    A. IP address authentication

    B. User name/Password authentication

    C. MAC address authentication

    D. LDAP authentication

    Answer: B C D

    Potrebbero piacerti anche