H12-724 Sample Questions Answers

Basic networking includes deploying one SM Server, one SC Server, one DB and a AE server.

AE In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SC server.

SC In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup SM server.

DB In addition to the deployment of basic networking components, the reliability of the network also requires the deployment of an additional backup DB..

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

MAC Certification is based on MAC The address is an authentication method that controls the user's network access authority. It does not require the user to install any client software.

MAC Bypass authentication is first performed on the devices that are connected to the authentication 802 1X Certification;If the device is 802. 1X No response from authentication, re-use MAC The authentication method verifies the legitimacy of the device.

MAC During the authentication process, the user is required to manually enter the user name or password.

MAC The bypass authentication process does not MAC The address is used as the user name and password to automatically access the network.

③②⑦⑥④⑤①

③②④⑤⑦⑥①

③②④⑥⑤⑦①

155955cc-666171a2-20fac832-0c042c0428

⑧②⑤⑦④⑥①

True

False

ID

Message length

Agreement

Direction

1812

1813

50200

50300

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

The main function is to prevent network attacks based on source address spoofing.

In strict mode, it does not check whether the interface matches. As long as there is a route to the source address, the message can pass.

The loose mode not only requires corresponding entries in the forwarding table, but also requires that the interface must match to pass the URPF check.

Use URPF's loose mode in an environment where routing symmetry cannot be guaranteed.

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

True

False

Worms exist in a parasitic way

155955cc-666171a2-20fac832-0c042c0413

Viruses mainly rely on system vulnerabilities to spread

The target of the worm infection is other computer systems on the network.

The virus exists independently in the computer system.

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

After the file decompression fails, the file will still be filtered. .

The application identification module can identify the type of application that carries the file.

Protocol decoding is responsible for analyzing the file data and file transmission direction in the data stream.

The file type recognition module is responsible for identifying the true type of the file and the file extension based on the file data

Deploy the main DB

Deploy image DBO

Deploy witness DB

Deploy MC and SM dual machine backup

User use portal Page for authentication

Users follow WeChat for authentication.

User use IAC Client authentication

User use Pota At the first certification,RAOIUS Used by the server cache terminal MAC Address, if the terminal goes offline and then goes online again within the validity period of the cache,RAIUS The server directly searches the cache for the terminal's MAC The address is discussed.

Checking strategies are mainly used to check some static settings of the terminal, such as whether the screen saver is set, whether the antivirus software is installed; whether there is illegal Outreach etc. z00

Monitoring strategies are mainly used for real-time monitoring of events that occur in the system, such as whether anti-virus software is installed and whether PPPOE dial-up access is used Network, etc.-Once an incident is detected, some control can be taken.

The security check strategy only includes two types of end-host check-type strategies and end-user behavior check-type strategies.

Terminal host security management is mainly implemented by inspection strategies, and end user behavior management is mainly implemented by monitoring strategies.

Mail with source address 10.17.1.0/24 will be blocked

Mail with source address 10.18.1.0/24 will be blocked

Mail with source address 10.17.1.0/24 will be released

Mail with source address 10.18.1.0/24 will be released

True

False

You can check whether the screen saver is enabled on the terminal

You can check whether the screen saver password is enabled

Only supports Windows operating system

Screen saver settings cannot be automatically repaired

(1)(2)(3)(4)(5)

155955cc-666171a2-20fac832-0c042c049

(1)(4)(2)(3)(5)

(1)(2)(4)(3)(5)

(1)(3)(2)(4)(5)

TCP packets

UDP packet

ICMP message

FTP message

True

False

True

False

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

True

False

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

Planting malware

Vulnerability attack

Web application attacks

Brute force

Microsoft Windows operating system patches

Microsoft SQL Windows database patch

Microsoft Internet Explorer patches

android system patches

File extension mismatch means that the file type is inconsistent with the file extension.

Unrecognized file type means that the file type cannot be recognized and there is no file extension.

File damage means that the file type cannot be identified because the file is damaged.

Unrecognized file type means that the file type cannot be recognized, and the file extension cannot be recognized.

After completing the configuration, SACG can successfully link with the Agile Controller-Campus.

After completing the configuration, SACG cannot successfully link with Agile Contrlle-Campus. P

Can issue pre-authentication domain ACL.

The linkage cannot be successful but the terminal can access the pre-authentication domain server.

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

Data preprocessing

Threat determination

Distributed storage

Distributed index

Website phishing deception

Website Trojan

SQL injection

Cross-site scripting attacks 2335

True

False

True

False

True

False

Enable Guest VLAN so that users can obtain the installation package in Guest VLAN

Configure Free-rule and web push functions on the switch to push the installation package to users.

Copy the installation packages to each other via U disk.

Installed by the administrator for each user.

Keywords are the content that the device needs to recognize during content filtering.

Keywords include predefined keywords and custom keywords.

The minimum length of the keyword that the text can match is 2 bytes. ,

Custom keywords can only be defined in text mode.

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

When a terminal device accesses the network, it first authenticates the user's identity through the access device, and the access device cooperates with the authentication server to complete the user Authentication.

The terminal device directly interacts with the security policy server, and the terminal reports its own status information, including virus database version, operating system version, and terminal Information such as the patch version installed on the device.

The security policy server checks the status information of the terminal, and for terminal devices that do not meet the corporate security standards, the security policy server reissues. The authorization information is given to the access device.

The terminal device selects the answer to the resource to be accessed according to the result of the status check.

True

False

Brute force

Crowd attack

DoS Denial of service attack

Weak IV attack

The enterprise network is relatively scattered, there are multiple branches, and the branch users are larger in scale.

A scenario where there are less than 2,000 branch users, and the headquarters and branch networks are relatively stable.

The terminal security management business between the branch and the headquarters is relatively independent, and the headquarters provides supervision and control over the branch terminal security management business.

It is difficult to guarantee the quality of the network between the branch and the headquarters, and the network between the headquarters and the branch may be interrupted, making the terminal of the

branch no longer available.

Download and backdoor features

Information collection characteristics

Self-hidden features

Network attack characteristics

Obtain

deploy

run

Uninstall

TRUE

FALSE

True

False

The user distribution range is large, and the access control requirements are high.

The deployment of the access control strategy is significant.

Access rights are difficult to control.

User experience technology

A serious violation will prohibit access to the post-authentication domain.

The access control list of the post-authentication domain has not been delivered SACG.

ALC The number of rules issued is too many, and a lot of time is required to match, causing interruption of access services.

Agile Controller-Campus Wrong post-authentication domain resources are configured on the server.