Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

The user needs of a university are as follows:

1. The environment is large, and the total number of two-way traffic can reach 800M. Huawei USG6000 series firewall is deployed at its network node.

2. The intranet is divided into student area, server area, etc., users are most concerned about the security of the server area to avoid attacks from various threats.

3. At the same time, some pornographic websites in the student area are prohibited.

The external network has been configured as an untrust zone and the internal network has been configured as a trust zone on the firewall. How to configure the firewall to meet the above requirements?

155955cc-666171a2-20fac832-0c042c0415

A.

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

B.

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

C.

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

D.

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

The traditional campus network is based on IP As the core network, if there are mobile office users, which of the following options is not the problem that mobile office users face when deploying access authentication?

A.

The user distribution range is large, and the access control requirements are high.

B.

The deployment of the access control strategy is significant.

C.

Access rights are difficult to control.

D.

User experience technology

Regarding the description of file reputation technology in anti-virus engines, which of the following options is correct?

A.

Local reputation MD5 cache only has static cache, which needs to be updated regularly

B.

File reputation database can only be upgraded by manual upgrade

C.

File reputation is to perform virus detection by calculating the full text MD5 of the file to be tested and matching it with the local reputation MD5 cache

D.

File reputation database update and upgrade can only be achieved through linkage with sandbox

What are the typical technologies of anti-virus engines (multiple choice)

A.

First package detection technology

B.

Heuristic detection technology

C.

Decryption technology

D.

File reputation detection technology 5

Regarding the mail content filtering configuration of Huawei USG6000 products, which of the following statements is wrong?.

A.

Mail filtering will only take effect when the mail filtering configuration file is invoked when the security policy is allowed.

B.

When a POP3 message is detected, if it is judged to be an illegal email, the firewall's response action only supports sending alarm information, and will not block the email o

C.

When an IMAP message is detected, if it is judged to be an illegal email; the firewall's response action only supports sending alarm messages and will not block the email.

D.

The attachment size limit is for a single attachment, not for the total size of all attachments.

In the Agile Controller-Campus solution, which device is usually used as the hardware SACG?

A.

router

B.

switch

C.

Firewall

D.

IPS

Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system

If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

A.

Host

B.

A group of users

C.

Single user

D.

A key program and file in the system

Which of the following options belongs to MC prioritized pail Authentication application scenarios?

A.

User use portal Page for authentication

B.

Users follow WeChat for authentication.

C.

User use IAC Client authentication

D.

User use Pota At the first certification,RAOIUS Used by the server cache terminal MAC Address, if the terminal goes offline and then goes online again within the validity period of the cache,RAIUS The server directly searches the cache for the terminal's MAC The address is discussed.

Content filtering is a security mechanism for filtering the content of files or applications through Huawei USCG00 products. Focus on the flow through deep recognition

Contains content, the device can block or alert traffic containing specific keywords.

A.

True

B.

False

IPS is an intelligent intrusion detection and defense product. It can not only detect the occurrence of intrusions, but also can respond in real time through certain response methods.

Stop the occurrence and development of intrusions, and protect the information system from substantial attacks in real time. According to the description of PS, the following items are wrong?

A.

IPS is an intrusion detection system that can block real-time intrusions when found

B.

IPS unifies IDS and firewall

C.

IPS must use bypass deployment in the network

D.

Common IPS deployment modes are in-line deployment,