Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Based on the following information analysis on the firewall, which of the following options are correct?

A.

The first packet of this data flow enters from the Trust zone interface and is sent from the Untrust zone interface.

B.

This data stream has been NAT translated

C.

uses NPAT conversion technology

D.

firewall has virtual firewall function enabled

The attacker sends a large number of invite messages to the SIP server, causing the SIP server to refuse service. Which layer of the OSI model is this attack based on?

A.

application layer

B.

network layer

C.

transport layer

D.

data link layer

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

A.

bypass deployment dynamic drainage using strict mode

B.

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

C.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

D.

adopts "basic mode". Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

The enterprise network is as shown in the figure. On the USG_A and USG_B, hot standby is configured, and USG_A is the master device. The administrator wants to configure SSL VPN on the firewall so that branch employees can access the headquarters through SSL VPN. Which virtual gateway address should the SSL VPN be?

A.

202.38.10.2/24

B.

202.38.10.3/24

C.

202.38.10.1/24

D.

10.100.10.2/24

Which of the following security services can a secure multi-instance provide for a virtual firewall?

A.

address binding

B.

blacklist

C.

ASPF

D.

VPN routing

The topology diagram of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 [USG9000_A-bfd session-aa] commit [USG9000_A-bfd session-aa] quit What are the correct statements about this segment?

A.

command bfd aa bind peer-ip 1.1.1.2 is used to create a BFD session binding policy for detecting link status.

B.

"[USG9000_A] bfd" is incorrectly configured in this command and should be changed to [USG9000_A] bfd enable to enable BFD function.

C.

[USG9000_A-bfd session-aa] commit is optional. If no system is configured, the system will submit the BFD session log information by default.

D.

The command to bind a BFD session to a static route is also required: [USG9000_A]ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa

The branch firewall of an enterprise is configured with NAT. As shown in the figure, USG_B is the NAT gateway. The USG_B is used to establish an IPSec VPN with the headquarters. Which parts of the USG_B need to be configured?

A.

Configure the nat policy. The reference rule is to allow the source and destination of the intranet to be all ACLs.

B.

Configure the IKE peer, use the name authentication, and remote-address is the outbound interface address of the headquarters.

C.

Configure the nat policy. The reference rule is to protect the data flow from the enterprise intranet to the headquarters intranet in the first deny ipsec, and then permit the data flow from the intranet to the internet.

D.

Configure an ipsec policy template and reference ike peer

What are the three elements of an abnormal flow cleaning solution?

A.

cleaning center

B.

Testing Center

C.

Management Center

D.

Collection Center

According to the dual-system hot backup network diagram, what are the correct descriptions in the following dual-system hot backup preemption function?

A.

VRRP backup group itself has a preemption function. As shown in the figure, after USG_A fails and recovers, USG_A will use the preemption function to change to the master state again.

B.

The preemption function of the V VGMP management group is similar to that of the VRRP backup group. When the faulty backup group in the management group recovers, the management group priority will be restored.

C.

By default, when the preemption delay is 0, the preemption is never preempted.

D.

After the VRRP backup group is added to the VGMP management group, the original preemption function on the backup group will be invalid.

When using the SSL VPN client to start the network extension, the prompt "Connection gateway failed", what are the possible reasons for the failure?

A.

If the proxy server is used, the proxy server settings of the network extension client are incorrect.

B.

The route between the B PC and the virtual gateway is unreachable.

C.

TCP connection between the network extension client and the virtual gateway is blocked by the firewall

D.

username and password are incorrectly configured