Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

DDoS is an abnormal packet that an attacker sends a small amount of non-traffic traffic to the attack target (usually a server, such as DNS or WEB) through the network, so that the attacked server resolves the packet when the system crashes or the system is busy.

A.

TRUE

B.

FALSE

On the web configuration page, choose System --> High Reliability --> Hot Standby and click Check for HRP Configuration Consistency. Button. The following window pops up. Which of the following configurations can solve the problem (assuming the heartbeat is added to the DMZ area)?

A.

firewall packet-filter default permit interzone trust local

B.

firewall packet-filter default permit interzone trust dmz

C.

firewall packet-filter default permit interzone untrust dmz

D.

firewall packet-filter default permit interzone local

A user dials to the LNS of the company through L2TP over IPSec using the VPN client, and the final dialup fails. However, the debug ike all and debug l2tp all did not see any information on the LNS. The two stages of establishing ike failed. What are the reasons for the failure?

A.

Interest traffic ACL configuration error

B.

The firewall (LNS) is connected to the public network. The IPSec policy is not applied to the interface.

C.

IPSec data stream does not reach the firewall

D.

L2TP is not enabled on D LNS

In the firewall DDoS attack defense technology, the Anti-DDoS device adopts seven layers of defense technology, and the description based on session defense is correct?

A.

Based on the application, the validity of the source address of the packet is authenticated. These applications support the protocol interaction. The cleaning device prevents the attack traffic from the virtual source or tool by sending source detection packets.

B.

Session-based defense against concurrent connections, new connections, or connection-depleted connections that exceed the threshold

C.

mainly relies on fingerprint learning and packet capture analysis to obtain traffic characteristics, and to prevent bots or attack traffic initiated by agents to distinguish normal users from access behavior.

D.

Filters scanned messages and special control messages by detecting sessions

In the USG firewall, which two commands can be used to view the running status and memory/CPU usage of the device components (main control board, board, fan, power supply, etc.)?

A.

display device

B.

display environment

C.

display version

D.

dir

When an attack occurs, the result of packet capture on the attacked host (1.1.1.1) is as shown in the figure. What kind of attack is this attack?

A.

Smurf attack

B.

Land attack

C.

WinNuke attack

D.

Ping of Death attack

After the link-group is configured on the device, use the display link-group 1 command to obtain the following information. What information can I get?

A.

GigabitEthernet 0/0/2 interface has failed.

B.

GigabitEthernet 0/0/1 has failed.

C.

GigabitEthernet 0/0/2 is forcibly converted to fault state because other interfaces in the group are faulty.

D.

GigabitEthernet 0/0/1 is forcibly converted to fault state because other interfaces in the group are faulty.

The figure shows the data flow direction of the Bypass interface in the Bypass working mode and the non-Bypass working mode. What are the following statements about the working flow of the electrical Bypass interface?

A.

When the interface is in the non-bypass state, the traffic flows from the GE0 interface to the USG through Router_a. After the USG processes, the traffic flows from the GE1 interface to Router_B.

B.

When the interface is working in the Bypass state, the traffic is forwarded from the GE0 interface to the USG. The USG does not pass any processing and flows directly from the GE1 interface to Router_B.

C.

When the firewall is configured to implement the security priority, the uplink and downlink services are not interrupted when the interface works in the bypass state. Therefore, the device can be kept in the Bypass state.

D.

The electrical bypass interface can only work in Layer 2 mode and has circuit bypass function.

On an Eth-Trunk interface, traffic load balancing can be implemented by configuring different weights on member links.

A.

TRUE

B.

FLASE

Which of the following is incorrect about IKE V1 and IKE V2?

A.

IKE V2 establishes a pair of IPSec SAs. Normally, an IKE SA and a pair of IPSec SAs can be completed by exchanging 4 messages twice.

B.

IKE V2 does not have the concept of master mode and barb mode

C.

To establish a pair of IPSec SAs, only 6 messages need to be exchanged in the IKE V1 master mode.

D.

When the IPSec SA established by D IKE V2 is greater than one pair, each pair of SAs needs only one additional exchange, that is, two messages can be completed.