QUESTION 21
Which of the following attacks are single-packet attacks?
A. Smurf attack
B. IP spoofing attack
C. IP sweep attack
D. ICMP redirect attack
Correct Answer: ABCD
QUESTION 22
Which of the following can implement authentication, authorization, and accounting?
A. Local authentication
B. HWTACACS authentication
C. AD authentication
D. RADIUS authentication
Correct Answer: BD
QUESTION 23
Match the following terms with their characteristics.
Select and Place:

Correct Answer:

QUESTION 24
A firewall supports a maximum of three nested layers in a security group: parent security group, security group, and child security group.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 25
During automatic configuration synchronization upon the firewall restart, which of the following configurations are synchronized between the active and standby firewalls?
A. OSPF
B. BGP
C. NAT policy
D. Security policy
Correct Answer: CD
QUESTION 26
Which of the following backup modes are used in the hot standby system?
A. Automatic Backup
B. Manual batch backup
C. Quick session backup
D. Automatic configuration synchronization between the active and standby firewalls after the firewalls restart
Correct Answer: ABC
QUESTION 27
Which of the following statements are correct about the status of the firewall VGMP group?
A. Active
B. Load-balance
C. Standby
D. Initialize
Correct Answer: ABC
QUESTION 28
Which of the following statements are correct about SSL VPN access users?
A. Visitors can log in to the authentication page provided by the SSL VPN module to trigger the authentication process.
B. SSL VPN provides services such as web proxy and network extension.
C. SSL VPN works between the transport layer and application layer.
D. HTTPS is an application of SSL VPN.
Correct Answer: ABCD
QUESTION 29
Which of the following statements are correct about the working principles of the hot standby System?
A. If the active/standby switchover is caused by a device failure, the switchover is completed within five heartbeat intervals.
B. Automatic backup (hrp auto-sync) is enabled by default, indicating that subsequent configurations and status entries are backed up to the standby firewall.
C. By default, the firewall uses the virtual MAC address of the VRRP interface to encapsulate packets when forwarding Layer 3 services.
D. The active firewall periodically sends VRRP advertisement packets whose source MAC address is the virtual MAC address.
Correct Answer: C
QUESTION 30
You can specify 5-tuple matching conditions in a security policy to implement intra-zone and inter-zone access control. Which of the following is not an item in the 5-tuple?
A. Source address
B. Port number
C. Services
D. Destination address
Correct Answer: C
QUESTION 31
Which of the following statements is incorrect about Portal authentication?
A. The built-in Portal authentication triggering modes include session authentication and user-initiated authentication.
B. In Portal authentication, users can be authenticated only on the firewall authentication page.
C. In session authentication, users do not initiate identity authentication. Instead, they access the HTTP service first and are authenticated during the access. Service access is allowed only after authentication.
D. In user-initiated authentication, users proactively initiate authentication and can access network resources only after authentication.
Correct Answer: B
QUESTION 32
When external users access internal servers, bidirectional NAT translates both the source and destination Ip addresses of packets to avoid setting gateways on internal servers, simplifying configuration.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 33
If G0/0/1 is added to the Trust zone, G0/0/1 itself and the network connected to G0/0/1 both belong to the Trust zone.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 34
Which of the following is not the matching mode of the firewall security protection whitelist rules?
A. Suffix matching
B. Fuzzy matching
C. Keyword matching
D. Prefix matching
Correct Answer: B
QUESTION 35
In the firewall forwarding process, the server mapping entries generated by ASPF/NAT ALG have a higher priority than security policies. Packets that match the ASPF/NAT ALG server mapping entries still need to be checked by security policies.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 36
Which of the following are characteristics of LDAP?
A. Provides a unified access point for external systems.
B. Supports distributed data storage.
C. Organizes data by directory.
D. The query is optimized to read data quickly.
Correct Answer: ABCD
QUESTION 37
User-defined signatures and predefined signatures do not have priorities. When traffic matches both user-defined and predefined signatures, the strictest signature takes effect.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 38
The firewall performs virus detection using the intelligent awareness engine. Sort the following steps into the correct order based on the working mechanism of the intelligent awareness engine.
Select and Place:
Correct Answer:
QUESTION 39
DDoS attacks use a large number of controlled hosts to send many network data packets to the attacked target in order to deplete its bandwidth, consume the network data processing capability of the server and network devices, and interrupt services. Which of the following are common DDoS attacks?
A. C&C attack
B. SYN flood
C. MITM attack
D. UDP flood
Correct Answer: BD
QUESTION 40
Which of the following are the characteristics of viruses and malware?
A. Tampering
B. Unauthorized access
C. Unauthorized registration
D. Damage
Correct Answer: ABCD
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.