QUESTION 81
Communication parties in different security zones exchange packets. Therefore, the direction of a flow is determined by the first packet to initiate the flow.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 82
For ICMP packets, the firewall supports stateful inspection only on Echo Request and Echo Reply messages in a ping process.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 83
The user organizational structure on a firewall is a mapping of an enterprise’s actual organizational structure, and is the basis for user-specific permission control. The user organizational structure includes the authentication domain, user group/user, and security group.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 84
Which of the following are disadvantages of the packet filtering firewall?
A. The connection status list is dynamically managed.
B. An attacker can set the IP address of his/her host to an IP address permitted by a packet filter. In this way, packets from the attacker’s host can easily pass through the packet filter.
C. The software implementation limits the processing speed, making the firewall vulnerable to DoS attacks.
D. Static ACL rules cannot meet dynamic security requirements.
Correct Answer: BD
QUESTION 85
Which of the following statements are incorrect about HWTACACS?
A. It uses UDP.
B. It implements both authentication and authorization.
C. It applies to security control.
D. It supports command authorization.
Correct Answer: AB
QUESTION 86
Which of the following statements are correct about the scenarios to which centralized deployment of authentication servers applies?
A. Each branch has fewer than 2000 users, and the headquarters and branch networks are stable.
B. An enterprise has multiple widely distributed branches, each of which has large number of users.
C. The headquarters centrally formulates policies, and branches do not need to formulate any policies. Additionally, server components are deployed in the enterprise data center.
D. The network between the headquarters and branches may be interrupted as its quality cannot be guaranteed. If this occurs, terminals at the branches cannot connect to the data center at the headquarters.
Correct Answer: AC
QUESTION 87
Which of the following statements is incorrect about packet processing on a stateful inspection firewall?
A. When receiving a packet, the firewall searches for a matching entry in the session table. If no match is found, the firewall processes the packet as the first packet.
B. When the firewall stateful detection mechanism is enabled, only SYN packets in TCP packets can be used to establish sessions.
C. When stateful inspection is enabled, the firewall checks both the first packet and subsequent packets against security policies.
D. When receiving a packet, the firewall searches for a matching entry in the session table. If the match is found, the firewall processes the packet as a non-first packet.
Correct Answer: C
QUESTION 88
A firewall checks data and carries out security policies only when the data flows from one zone to another.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 89
The antivirus system usually compares the characteristics of a file with the antivirus signature database to identify whether a file is infected with a virus.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 90
Which of the following statements is correct about firewall security policies?
A. Traffic in the same security zone is also controlled by the default security policy.
B. If a security policy contains multiple matching conditions, the relationship between them is OR.
C. The system has a default security policy named default, where all matching conditions are any and the default action is permit.
D. When multiple security policy rules are configured, they are sorted in the security policy list based on their configuration sequence by default.
Correct Answer: D
QUESTION 91
Which of the following application layer protocols are supported by NAT ALG?
A. RTSP
B. HTTP
C. FTP
D. SMTP
Correct Answer: AC
QUESTION 92
When the firewall serves as an out-of-path detection device, the administrator needs to configure a Layer 3 interface as the detection interface. Then, the administrator needs to configure the out-of-path detection function on the detection interface so that the firewall detects but does not forward traffic.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 93
Which of the following statements is incorrect about NAT ALG?
A. NAT ALG can translate addresses in IP packet headers and port information in TCP/UDP headers.
B. As a common NAT traversal technology on point-to-point networks, NAT ALG solves the problem of NAT being unaware of application-layer protocols.
C. Both DNS and RSTP support the NAT ALG function.
D. NAT ALG is a proxy for translating IP addresses and port numbers carried in application layer data.
Correct Answer: C
QUESTION 94
You can manually create users, user groups, and security groups on the firewall, or import them from a CSV fille or a server.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 95
How frequently should antivirus signature databases be updated to ensure the effectiveness of an antivirus program/software?
A. Three months
B. Half a month
C. Every month
D. Every day
Correct Answer: D
QUESTION 96
Match the following certificate types with their characteristics.
Select and Place:
Correct Answer:

QUESTION 97
The session information of some special service data flows needs to remain active (without aging out) for a long time. To achieve this, you can configure the        function on the firewall. (Enter only lowercase letters.)
Correct Answer: aging time
QUESTION 98
Users can change configurations of the Local zone, such as by adding interfaces to it.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 99
To prevent eavesdropping, digital envelope can be used to ensure information confidentiality.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 100
In an IPsec VPN, if IKEv1 master mode is used to establish an IKE SA, messages 5 and 6 are used to verify the identity of the peer end.
A. TRUE
B. FALSE
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.