Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Right or Wrong
1. Stateful inspection firewalls create and maintain session tables to keep track of TCP
and UDP sessions and use security policies to control which sessions can be created.
Only the packets associated with the created sessions are forwarded.
Answer: Right
2. IN SYN flood attacks, an attacker sends a large number of SYN packets to the server
but does not acknowledge the SYN-ACK packets. Therefore, the server maintains a lot
of half-open TCP connections, exhausting the server resources.
Answer: Right
Answer: Right
4. The Protocol field of IP packet headers identifies the upper-layer protocol. If the field
value is 6, the upper-layer protocol is TCP. If the field value is 17, the upper-layer
protocol is UDP.
Answer: Right
5. IKE enables key exchange negotiation and SA establishment to simply the use and
management of IPSec.
Answer: Right
Single Choice
A. Route table
B. Session table
C. FIB table
Answer: B
2. Which of the following modes is the IKE mode in the second phase?
A. Passive mode
B. Main mode
C. Quick mode
D. Aggressive mode
Answer: C
3. ACL 2009 is ( )
A. A basic ACL
B. An advanced ACL
C. A time-based ACL
D. A MAC-based ACL
Answer: A
4. In network security, attacks can undermine network resources and make them invalid
or unavailable. Such attacks are targeted at ( ).
A. Authenticity
B. Availability
C. Confidentiality
D. Integrity
Answer: B
A. admin/Admin@123
B. admin@123/Admin@123
C. admin/Huawei@123
D. adminuser/Huawei_123
Answer: A
6. Which of the following zones can be deleted?
A. Trust Zone
B. DMZ Zone
C. Untrust Zone
D. Security Zone
Answer: D
7. Which one of the following orders about the firewall packet forwarding process is
correct?1. check Security Policy. 2. Check Routing table. 3. Check Server-map. 4.
Check NAT policy
A. 2-3-4-1
B. 4-2-1-3
C. 2-4-1-3
D. 3-2-1-4
Answer: D
A. File sharing
B. Network extension
C. Web push
D. Port forwarding
Answer: C
9. Which type of firewall is the most efficient in forwarding non-first packet data?
C. Proxy firewall
D. Software firewall
Answer: A
10. Which of the following items is not included in a server map entry of the USG
series?
A. Destination port
B. Protocol
C. Source IP address
D. Destination IP address
Answer: C
11. In firewall hot backup networking, in order to achieve overall status switching,
which protocol is needed?
A. HRP
B. VRRP
C. IGMP
D. VGMP
Answer: D
12. Which of the following option is not the feature of IPSec AH protocol?
A. Data integrity
B. Anti-replay
C. Confidentiality
D. Authenticity
Answer: C
13. Which of the following option is not included in network layer attack?
B. IP spoofing
C. Smurf attacks
D. ARP spoofing
Answer: D
14. Which of the following algorithms uses the same key for encryption and
decryption?
A. RSA (1024)
B. MD5
C. SHA-1
D. DES
Answer: D
A. L2F
B. GRE
C. IPSec
D. PPTP
Answer: C
16. Which of the following option does not belong to symmetric encryption algorithm?
A. AES
B. DES
C. 3DES
D. RSA
Answer: D
A. TCP header
B. IP header
C. Ethernet Frame
D. UDP header
Answer: C
18. Stateful inspection firewalls forward subsequent packets (non-first packets) mainly
based on _______?
B. FIB table
C. Session table
D. Routing table
Answer: C
A. FTP
B. HTTP
C. Telnet
D. SMTP
Answer: A
20. Which of the following statements about ARP spoofing attacks is incorrect?
B. ARP static binding can be used to defend against ARP spoofing attacks, and it is
used mainly on small-scale networks.
D. When a host sends a normal ARP request, an attacker responds before the server
responds, causing the host to establish an incorrect mapping between the IP and MAC
addresses.
Answer: C
A. 50
B. 5
C. 100
D. 85
Answer: D
22. To enable employees on a business trip to access the intranet file server, which of
the following SSL VPN functions is the optimal solution?
A. Port forwarding
B. File sharing
C. Network extension
D. Web proxy
Answer: B
A. Smurf
B. IP sweep
C. Teardrop
D. SYN flood
Answer: D
A. 51
B. 49
C. 52
D. 50
Answer: A
A. DMZ
B. Local
C. Trust
D. Security
Answer: D
Multiple Choice
B. Dynamic blacklist
D. Routing table
Answer: A B C
2. Which of the following user access and authentication methods are supported by the
Policy Center system?
Answer: B C D
A. Memory scheduling
B. Memory protection
C. Memory allocation
D. Memory expansion
Answer: B C D
A. Static routing
B. Hot backup
C. Persistent connection
D. Link aggregation
Answer: A B
5. What does AAA mean?
A. Authorization
B. Accounting
C. Audit
D. Authentication
Answer: A B D
6. Which of the following VPN access methods are suitable for mobile working?
A. IPSec VPN
B. GRE VPN
C. SSL VPN
D. L2TP VPN
Answer: C D
A. Confidentiality
B. Non-repudiation
C. Scalability
D. Integrity
Answer: A B D
8. Which of the following statements about buffer overflow attacks are correct?
A. The buffer overflow attack is one of the most common methods for attacking
software systems.
C. Buffer overflow attacks use software system memory operation defects with high
operating privileges to run attack code.
D. Operating system vulnerabilities and architecture will not cause buffer overflow
attacks.
Answer: A B C
9. What kind of method can the administrators upgrade USG firewall software?
A. ssh
B. HTTPS
C. telnet
D. FTP
Answer: B D
10. Which of the following items are combined to uniquely identify an SA?
B. SPI
C. Destination IP address
D. Source IP address
Answer: A B C
A. The IDS dynamically collects a large volume of key information and analyzes and
identifies the status of the entire system.
C. The IDS system is comprised of all software and hardware systems for intrusion
detection.
D. The IDS system can function with firewalls and switches to better control external
access.
Answer: A C D
B. In-line deployment
C. Real-time prevention
D. Online mode
Answer: A C D
13. Which of the following algorithms are encryption algorithms?
A. DES
B. 3DES
C. MD5
D. SHA-1
Answer: A B
A. If bidirectional NAT is configured, external users can access the resources on the
private network without any restriction.
B. The IP address translation is transparent for both private and public network users.
Users cannot percept the translation process.
Answer: B C D
15. Which of following user authentication methods are supported by the terminal
security system?
A. IP address authentication
D. LDAP authentication
Answer: B C D