NEW QUESTION 1
Which of the following descriptions is wrong about IKE SA?

• A. IKE SA is two-way
• B. IKE is a UDP-based application layer protocol
• C. IKE SA for IPSec SA services
• D. The encryption algorithm used by user data packets is determined by IKE SA.

Answer: D

NEW QUESTION 2
Regarding Ihe description of the packe: in the iptables transmission process, which of the following option is wrong?

• A. When a packet enters the network card, it first matches the PREROUTING chain
• B. Ifthe destination address of the packet is local, the packet will be sent to the INPUT chain
• C. If the destination address of the packet is not local, the system sends the packet to the OUTPUT chain.
• D. If the destination address of the packet is not local,the system sends the packet to the FORWARD chain.

Answer: C

NEW QUESTION 3
In the Client-Initiated VPN configuration, generally it is recommended to plan the address pool and the headquarters or need to of the network address for the different network or need to open proxy forwarding on the gateway device

• A. True
• B. False

Answer: A

NEW QUESTION 4
Which of the following descriptions about windows logs is wrong?

• A. The system log is used to record the events generated by the operating system components, including the crash of the driver, system components and application software, and data
• B. Windows server 2008 system logs stored in the Application.evtx
• C. The application log contains events logged by the application or system program, mainly recording events in the running of the program.
• D. Windows seiver 2008 security lug is sluied in security.evtx

Answer: B

NEW QUESTION 5
Which of the following is the analysis layer device inthe Huawei SDSec solution? r a.

• A. cis
• B. Agile Controller
• C. switch
• D. Firehunter

Answer: D

NEW QUESTION 6
Which ofthe following are core elements ofthe IATF (InformationAssurance Technology Framework) model? (Multiple choice)

• A. Environment
• B. person
• C. Technology
• D. Operation

Answer: BCD

NEW QUESTION 7
IPSec VPN uses an asymmetric encryption algorithm toencrypt the transmitted data

• A. True
• B. False

Answer: B

NEW QUESTION 8
Which of the following options can be used in the advanced settings of Windows Firewall? (Multiple choice)

• A. Restore defaults
• B. Change notification rules
• C. Set connection security rules
• D. Set out inbound rules

Answer: ABCD

NEW QUESTION 9
The matching principle of the security policy is: firstly, find the inter-domain security policy configured manually, and if there is no match, the data packet is directly discarded

• A. True
• B. False

Answer: A

NEW QUESTION 10
Which of the following are international organizations related to information security standardization? (Multiple Choice)

• A. International Organization for Standardization (ISO)
• B. International Electrotechnical Commission (IEC)
• C. International Telecommunication Union (ITU)
• D. Wi-Fi Alliance

Answer: ABC

NEW QUESTION 11
When configuring security policy, a security policy can reference an address set or configure multiple destination IP addresses.

• A. True
• B. False

Answer: A

NEW QUESTION 12
When establishing their own information systems, companies check each operation according to internationally established authoritative standards and can check whether their information systems are safe

• A. True
• B. False

Answer: A

NEW QUESTION 13
Which of the following is not part of adigital certificate?

• A. Public key
• B. Private key
• C. Validity period
• D. Issuer

Answer: B

NEW QUESTION 14
NAPT technology can implement a public network IP address for multiple private network hosts

• A. True
• B. False

Answer: A

NEW QUESTION 15
In the currentnetwork it has deployed other authentication system, device registration function by enabling a single point, reducing the user to re-enter the password. What are correct about single sign-on statements? (Multiple choice)

• A. Device can identify the user through the authentication of the identity authentication system, user access, the device will not pis authentication pages, to avoid further asked to enter a username / password
• B. AD domain single sign-on is only one depbyment model
• C. Although not requireto enter a user password, but the authentication server needs to interact with the user password and devices used to ensure that certification through discussion
• D. AD domain single sign-on login can be minored data stream synchronized manner to the firewall

Answer: AD

NEW QUESTION 16
In practical applications, asymmetric encryption is mainly used to encrypt user data

• A. True
• B. False

Answer: B

NEW QUESTION 17
Which of the following descriptions are correct about the buffer overflow attack? (Multiple Choice)

• A. Buffer overflow attack is the use of software system for memory operation defects, running attack code with high operation authority
• B. Buffer overflow attacks are not related to operating system vulnerabilities and architectures
• C. Buffer overflow attacks are the most common method of attacking software systems
• D. Buffer overflow attack belongs to application layer attack behavior

Answer: ACD

NEW QUESTION 18
The configuration commands for the NAT address pool are as follows: nat address-group 1 section 0 202.202.168.10 202.202.168.20 mode no-pat Of which, the meaning of no-pat parameters is:

• A. Do not do address translation
• B. Perform port multiplexing
• C. Do not convert the source port
• D. Do not convert the destination port

Answer: C

NEW QUESTION 19
Regarding the comparison between windows and Linux, which of the following statements is wrong?

• A. Getting started with Linux is more difficult and requires some learning and guidance.
• B. Windows can be compatible with most software playing most games
• C. Linux is open source code, you can do what you want.
• D. windows is open source, you can do what you want.

Answer: D

NEW QUESTION 20
Which of the following is true about the description of the TCP/IP protocol stack packet encapsulation? (Multiple choice)

• A. The data packet is firsttransmitted to the data link laye
• B. After parsing, the data link layer information is stripped, and the network layer information is known according to the parsing information, such as IP.
• C. After the transport layer (TCP) receives the data packet, the transport layer information is stripped after parsing, and the upper layer processing protocol, such as UDP, is known according to the parsing information
• D. After receiving the data packet, the network layer is stripped after parsing, and the upper layer processing protocol is known according to the parsing information, such as HTTP
• E. After the application layer receives the data packet, the application layer information is stripped after parsing, and the user data displayed at the end is exactly the same as the data sent by the sender host.

Answer: AD

NEW QUESTION 21
Security technology has different methods at different technical levels and areas. Which of the following devices can be used for network layer security protection? (Multiple choice)

• A. Vulnerability scanning device
• B. Firewall
• C. Anti-DDoS device
• D. IPS/IDS device

Answer: BCD

NEW QUESTION 22
Information security levelprotection is the basic system of national information security work

• A. True
• B. False

Answer: A

NEW QUESTION 23
Typical remote authentication modes are: (Multiple Choice)

• A. RADIUS
• B. Local
• C. HWTACACS
• D. LDP

Answer: AC

NEW QUESTION 24
NAT technology can securely transmit data by encrypting data.

• A. True
• B. False

Answer: B

NEW QUESTION 25
Which of the following are multi-user operating systems? (Multiple choice)

• A. MSDOS
• B. UNIX
• C. LINUX
• D. Windows

Answer: BCD

NEW QUESTION 26
About thecontents of HRP standby configuration consistency check, which of the following is not included?

• A. NAT policy
• B. If the heartbeat interface with the same serial number configured
• C. Next hop and outbound interface of static route
• D. Certification strategy

Answer: C

NEW QUESTION 27
Information security levelprotection is to improve the overall national security level, while rationally optimizing the distribution of security resources, so that it can return the greatest security and economic benefits

• A. True
• B. False

Answer: A

NEW QUESTION 28
Which of the following options is not the part of the quintet?

• A. Source IP
• B. Source MAC
• C. Destination IP
• D. Destination Port

Answer: B

NEW QUESTION 29
Which of the following are parts of the PKI architecture? (Multiple Choice)

• A. End entity
• B. Certification Authority
• C. Certificate Registration Authority
• D. Certificate Storage organization

Answer: ABCD

NEW QUESTION 30
......