HCIP-Security-CTSS V3.

0 mock exam

1.(Multi-choice) If port 80 is occupied, what failures will happen to the business manager.

A.The business server can not be installed normally.

B.Business server can not be configured.

C.Business server can not start normally.

D.Business Manager can not communicate with Business Server.

2.(Multi-choice) eSight provides IPSec VPN service discovering, which of following methods of

IKE negotiation authentication are supported by eSight?

A.Preshared Key

B.Digital signature

C.Digital Envelope

D.Certificate

3.(Single-choice) When the Agile Controller-Campus functions as the RADIUS server to provide

authentication functions, which port needs to be configured as the authentication port on the

access control device?

A.1812

B.1813

C.8443

D.8080

4.(Ture or False) In MAC address authentication, if a terminal does not respond to the 802.1X

authentication request from the access control device, the access control device automatically

obtains the MAC address of the terminal and sends it to the RADIUS server as the credential for

verification.

5.(Single-choice) Which statement about the ACL used in association between the SACG device

and TSM system is true?

A.Users can randomly specify the default ACL number.

第 1 页, 共 5 页
 HCIP-Security-CTSS V3.0 mock exam

B.The default ACL number must be 3999.

C.As the SACG device receives rules from the TSM system through ACLs numbered 3099 to

3999, users must ensure that these ACLs are not referenced by other functions before

associating the SACG device with the TSM system.

D.The SACG device can associate with the TSM system even if ACLs numbered 3099 to 3999 are

referenced by other functions.

6. (Multi-choice) Which accounts are third-party server accounts?

A.AD account

B.Mobile certificate account

C.Anonymous account

D.Guest account

7.(Single-choice) When the security policy is synchronized with eSight, what is the maximum

number of synchronization devices per time?

A.10

B.30

C.50

D.100

8.(Single-choice) Netconf is one kind of network configuration and management protocol based

on_____?

A.XML

B.HTML

C.JAVA

D.Python

9.(Ture or False) The free mobility function provides a special access control mode and grants

specified rights to users based on the access location, access time, access mode, and terminal
第 2 页, 共 5 页
 HCIP-Security-CTSS V3.0 mock exam

type. Users enjoy the same rights and network experience as long as the access conditions

remain unchanged.

10. (Multi-choice) Which statements about the integrated and distributed deployment scenarios

of the Agile Controller-Campus are true?

A.If most users are concentrated in an area and only a few users are located in branch offices,

the integrated deployment mode is recommended.

B.If most users are concentrated in an area and only a few users are located in branch offices,

the distributed deployment mode is recommended.

C.If users are distributed in different areas, the distributed deployment mode is recommended.

D.If users are distributed in different areas, the integrated deployment mode is recommended.

11.(Single-choice) When dealing with the terminal security system failure, the administrator

should take which measures at first to solve the large-scale problem.

A.Collect client logs for analysis.

B.Confirm whether the business configuration is enabled or the configuration is correct.

C.Delete the relevant business configuration.

D.According to the error code to find the cause and solve the problem.

12. (Multi-choice) Assume that Portal authentication is correctly configured on the Agile

Controller-Campus. The configuration commands on the access control switch are as

follows:                                              

[S5720]authentication free-rule 1 destination ip 10.1.31.78 mask 255.255.255.255

Which statements are true?                     

A.After the configuration is complete, the switch automatically permits data flows to access the

Agile Controller-Campus without manual configuration.

B.After the configuration is complete, users can directly access network resources before

passing authentication.

C.After the configuration is complete, the administrator needs to manually permit access to the
第 3 页, 共 5 页
 HCIP-Security-CTSS V3.0 mock exam

specified network segment.

D.Terminals can access the host with the IP address 10.1.31.78 only after passing authentication.

13.(Multi-choice) Which statements about MAC address authentication and MAC address

bypass authentication are true?

A.MAC address authentication controls a user's network access rights based on the user's

interface and MAC address. The user does not need to install any client software.

B.In MAC address bypass authentication, the system performs 802.1X authentication on the

access terminal first. If the terminal does not respond to 802.1X authentication, MAC address

authentication is used to verify the device validity.

C.During the MAC address authentication process, the user needs to enter a user name or

password.

D.In the MAC address bypass authentication process, the terminal MAC address is not used as

the user name and password for automatic network access.

14.(Ture or False) A BSSID is the MAC address of an AP and identifies the BSS managed by the

AP.

15. (Multi-choice) Which actions can be performed on the Agile Controller-Campus after user

authentication succeeds?

A.Providing remote assistance for users accessing the network using AnyOffice

B.Forcibly disconnecting users

C.Auditing user login and logout records

D.Suspending or disabling mobile certificate accounts or assigning roles to the accounts

16.(Single-choice) Which device is usually used as the hardware SACG in the Agile Controller-

Campus solution?

A.Router

B.Switch
第 4 页, 共 5 页
 HCIP-Security-CTSS V3.0 mock exam

C.Firewall

D.IPS

17.(Ture or False) An account belongs to only one user group. That is, one user belongs to only

one department.

18. (Single-choice) Accounts on the Agile Controller-Campus are classified into two types: local

account and external account. Which statement is not a local account?

A.Common account

B.Guest account

C.Anonymous account

D.Mobile certificate account

19. (Multi-choice) To enhance AP security, an AC can authenticate the APs that attempt to

connect to the network. What authentication methods does Huawei AC support?

A.MAC address authentication

B.Password authentication

C.Non-authentication

D.SN authentication

20. (Single-choice) Which statement about WIPS/WIDS is true?

A.WIDS is a wireless intrusion prevention system.

B.WIPS is a wireless intrusion detection system.

C.WIDS is a wireless intrusion countermeasure system.

D.WIPS is a wireless intrusion prevention system.

Answers: 1.AC     2.AC     3.A     4.F      5.C     6.AB       7.D      8.A      9.T      10.AC      11.B     

12.AB     13.AB      14.T      15.ABCD      16.C      17.T      18.D       19.ACD     20. D

第 5 页, 共 5 页