H12-722_V3.0 Questions and Answers

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .

HTTP Flood source authentication

HTTP source statistics

URI source fingerprint learning function

Baseline learning

Easy to implement

Accurate detection

Effective detection of impersonation detection of legitimate users

Easy to upgrade

4-1-2-3

1-4-2-3

1-3-2-4

2-4-1-3:

Warning

Block

Declare

Operate by weight

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

Virus

Buffer overflow ρ

System vulnerabilities

Port scan

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

Not self-replicating but parasitic

Trojans self-replicate and spread

Actively infectious

The ultimate intention is to steal information and implement remote monitoring

Infrastructure security

Tenant security

How to do a good job in management, operation and maintenance

Hardware maintenance

display version av-sdb

display utm av version

display av utm version

display utm version

It is impossible to detect violations of security policies.

It can detect all kinds of authorized and unauthorized intrusions.

Unable to find traces of the system being attacked.

is an active and static security defense technology.

155955cc-666171a2-20fac832-0c042c0425

True

False

The administrator has not set the time to vote every day from 9:00 to 18:00

The shopping website does not belong to the predefined shopping website category

The administrator did not submit the configuration after completing the configuration.

The administrator has not applied the URL pass-through configuration file to the security policy.

The firewall has enabled the SYN Flood source detection and defense function

The firewall uses the first packet drop to defend against UDP Flood attacks.

HTTP Flood attack defense uses enhanced mode for defense

The threshold for HTTP Flood defense activation is 2000.

1812

1813

50200

50300

True

False

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

HTTP POST is generally used to send information to the server through a web page, such as forum posting x form submission, username I password login.

When the file upload operation is allowed, the alarm threshold and blocking threshold can be configured to control the size of the uploaded file.

When the size of the uploaded or downloaded file and the size of the content of the POST operation reach the alarm threshold, the system will generate log information to prompt the device management

And block behavior.

When the uploaded or downloaded file size, POST operation content size reaches the blocking threshold, the system will only block the uploaded or downloaded file, POST

operate.

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

(1)(2)(3)(4)(5)

155955cc-666171a2-20fac832-0c042c049

(1)(4)(2)(3)(5)

(1)(2)(4)(3)(5)

(1)(3)(2)(4)(5)

Single packet attack

Floating child attack

Malformed message attack

Snooping scan attack

When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.

When the terminal NAC Agent uninstall, the scanner can send alarm information.

the scanner by the SNMP protocol to obtain network equipment resources information.

scanner and Policy Center controller linkage scan tasks.