H12-724 Questions and Answers

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

Centralized deployment

Distributed deployment

Hierarchical deployment

Two-machine deployment

True

False

Enhanced mode refers to the authentication method using verification code.

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

The enhanced mode is superior to the basic mode in terms of user experience.

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

The action of signing iD3000 is an alarm

The action of signing ID3000 is to block

Unable to determine the action of signature ID3000

The signature set is not related to the coverage signature

Mail with source address 10.17.1.0/24 will be blocked

Mail with source address 10.18.1.0/24 will be blocked

Mail with source address 10.17.1.0/24 will be released

Mail with source address 10.18.1.0/24 will be released

True

False

Users can use Any Office Perform authentication.

User can't use web Way to authenticate.

Users can use Web Agent Perform authentication.

Users can use their own 802. 1X The client authenticates.

The cleaning center completes the functions of drainage, cleaning, and re-injection of the flow after cleaning in the abnormal flow.

There are two types of drainage methods: static drainage and dynamic drainage.

Re-injection methods include: policy route re-injection, static route re-injection, VVPN back-injection and layer 2 same.

The cleaning equipment supports rich and flexible attack prevention technologies, but it is ineffective against cc attacks and ICMP Flood attacks.

③④②⑤①

⑤①②④③

②④①⑤③

⑤③④②①

AP Certification

Link authentication

User access authentication

data encryption

SACG Authentication is generally used in scenarios where a stable network performs wired admission control.

SACG Authentication is generally used in scenarios where new networks are used for wireless admission control.

SACG It is generally deployed in a bypass mode without changing the original network topology.

SACG Essentially through 802.1X Technology controls access users.

True

False

802.1X Authentication can only be initiated by the client.

802.1X Certification can only be done by certified equipment(like 802.1X switch)Initiate

8021X The client can trigger authentication through multicast or broadcast.

The authentication equipment department triggers authentication through multicast or unicast.

Keywords are the content that the device needs to recognize during content filtering.

Keywords include predefined keywords and custom keywords.

The minimum length of the keyword that the text can match is 2 bytes. ,

Custom keywords can only be defined in text mode.

400.

404

200

503

The mobile office platform is safe and reliable and goes online quickly.

Users can access the network safely and quickly.

Unified terminal management and fine control.

Network gateway deployment

Planting malware

Vulnerability attack

Web application attacks

Brute force

Asset management can register assets automatically or manually.

Enable the automatic asset registration mode, the asset registration process does not require end users to participate.

Automatic registration of assets is suitable for situations where the asset number is automatically maintained by the business manager.

Manually registering assets means that the administrator I Way to create an asset record on the business manager, and put the asset number in Any Office Enter it to complete the asset registration

process.

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

Dual machine hot backup

Power supply. 1+1 redundant backup

Hardware Bypass

Link-group

Software and Patch

sharing information and system account information

System Log

processes, services and startup

Intranet users access the data center/Internet.

When traveling users access intranet resources, traveling users pass VPN Access to the intranet.

Work as a team.

Realize mutual communication between devices.

True

False

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

Press "0U" to synchronize

AO Synchronize by "group", "0U describes the organizational structure

AO Press "Group" "Synchronize," "Group" Jida organization structure

LDAP synchronization by "group"

192.168.1.0 definitely is Agile Controller-Campus Manager IP address

if 192.126.200.11 Is the server of the post-authentication domain, then IP Address is 192.18.0.1 If your terminal has not passed the authentication, it is possible to access the server.

192.168.100.1 definitely is Agile Controller-Campus Controller IP address.

If in 6 Within minutes of the conversation 192.168.0.19 154->/192.162.0.11: 15080 Not refreshed,IP Address is 192.168.0.119 If the device wants to IP Address is 192.168.200.11 For device communication, the session must be re-established.

True

False

The administrator has not set the time to vote every day from 9:00 to 18:00

The shopping website does not belong to the predefined shopping website category

The administrator did not submit the configuration after completing the configuration.

The administrator has not applied the URL pass-through configuration file to the security policy.

True

False

Create new account

Use existing social media accounts

No authentication, no account required

Scan public QR code

True

False

ARP Message

DHCP Message P

DHCPv6 Message

ICMP Message

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

The attachment size limit is for a single attachment, not for the total size of all attachments.

Provide unified and secure access to enterprise mobile applications on mobile terminals.

The tunnel is dedicated and cannot be penetrated by viruses.

Applications are quickly integrated and can be extended.

It can be quickly integrated and docked with the enterprise application cloud platform.

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

The management center is divided into two parts: management server and teaching data collector.

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

Different places can have different security policies.

The location has nothing to do with safety.

There can only be one place in the company.

Place and location have nothing to do.

Local account authentication

Anonymous authentication

AD Account Verification

MAC Certification

Deployment Management Center MC Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy Business Manager SM Time, support HA, Provide based on Keepalived Technical HA Active/standby switchover.

Deploy business controller 3SC Time, support HA, Provide a backup solution in resource pool mode, which needs to be deployed N+1 indivual SC

Deploy the database DB Time, support HA use SQL Server Database mirroring technology requires the deployment of master DB+Mirroring DB+witness DB.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.

Lack of effective protection against application layer threats.

It cannot effectively resist the spread of viruses from the Internet to the intranet.

Ability to quickly adapt to changes in threats.

Unable to accurately control various applications, such as P2P, online games, etc. .

Can access the network? Can also access network resources.

Cannot access the network.

Can pick up? The network needs to be repaired before you can access network resources.

You can access the network, but you need to re-authenticate to access network resources.

True

155955cc-666171a2-20fac832-0c042c0414

False

remote control device

mail server

Internet behavior management equipment

log collection server

The access layer switch does not start EAP Transparent transmission function.

wireless 02K In the scenario, the access control device is not equipped with a security board

AD The service controller is not added in the authentication scenario AD area.

The user account or password is incorrectly configured.

True

False