QUESTION 141
Which of the following behaviors can be identified as intrusions by the IDS?
A. Implanting Backdoor Programs
B. Scan the network
C. Unauthorized elevation of privilege
D. Spreading virus files
Correct Answer: ABCD
QUESTION 142
Which of the following statements is correct about a stateful inspection firewall?
A. A stateful inspection firewall cannot match UDP packets against the session table.
B. A stateful inspection firewall matches each data packet that enters the firewall against access rules.
C. A stateful inspection firewall only matches the first data packet against access rules.
D. The stateful inspection firewall does not check the correlation between the packets before and after the same connection.
Correct Answer: C
QUESTION 143
Which of the following statements are correct about RADTUS?
A. It applies to accounting.
B. It encrypts only the password field in an authentication packet.
C. It supports command authorization.
D. It uses TCP.
Correct Answer: AB
QUESTION 144
Which of the following statements are correct about cryptography?
A. Digital envelop technology uses hash algorithms to ensure the integrity of transmitted data.
B. Cryptography applications include digital envelopes, digital signatures, and digital certificates.
C. Digital signature technology uses symmetric and asymmetric encryption to ensure the confidentiality of transmitted data.
D. Digital certificate technology notarizes the public key through a third-party authority (CA) to ensure non-repudiation in data transmission.
Correct Answer: BD
QUESTION 145
Which of the following problems cannot be solved using PKI?
A. Data may be eavesdropped and tampered with during transmission, and information security cannot be ensured.
B. The transaction parties cannot verify the identities of each other.
C. The network is congested due to heavy traffic. As a result, the server cannot provide services properly.
D. No paper receipt is used in transaction, making arbitration difficult.
Correct Answer: C
QUESTION 146
Which of the following VPN technologies do not provide the encryption function?
A. GRE
B. L2TP
C. MPLS VPN
D. IPsec
Correct Answer: ABC
QUESTION 147
Which of the following statements is incorrect about certificate application?
A. A PKI entity can use SCEP to send a certificate enrollment request to a CA to apply for a local certificate.
B. When a PKI entity’s certificate expires or certificate key is disclosed, the PKI entity must replace the certificate. In this case, the PKI entity can apply for a new certificate or use SCEP or CMPv2 to implement automatic certificate update.
C. Generally, a PKI entity generates a pair of public and private keys. The public key and its identity information are sent to a CA to generate a local certificate.
D. A PKI entity can apply for the local certificate only in online mode, ensuring high security.
Correct Answer: D
QUESTION 148
Which of the following statements is incorrect about AH in IPsec VPN?
A. It supports data integrity check.
B. It supports anti-replay.
C. It supports data origin authentication.
D. It supports packet encryption.
Correct Answer: D
QUESTION 149
Which of the following algorithms are asymmetric encryption algorithms
A. AES
B. DH
C. IDEA
D. RSA
Correct Answer: BD
QUESTION 150
Which of the following statements are correct about IPsec encryption and authentication?
A. IPsec encryption cannot verify the authenticity or integrity of information after decryption.
B. The symmetric key used for encryption and decryption can only be manually configured.
C. IPsec uses symmetric encryption algorithms to encrypt and decrypt data.
D. The encryption mechanism ensures data confidentiality and prevents data from being intercepted during transmission. The authentication mechanism ensures data authenticity and reliability and prevents data from being forged or tampered with during transmission .
Correct Answer: CD
QUESTION 151
GRE is a Layer 3 VPN encapsulation technology but cannot encapsulate multicast data.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 152
The DH algorithm is an asymmetric encryption and decryption algorithm typically used to negotiate a symmetric encryption key.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 153
Which of the following statements is incorrect about L2TP over IPsec?
A. L2TP over IPsec packets are encapsulated using IPsec and then transmitted using L2TP.
B. An L2TP over IPsec tunnel only transmits traffic from users to intranet servers and does not affect Internet access of users.
C. L2TP over IPsec applies to scenarios where branch networks access VPNs through LAC dial-up for secure access.
D. L2TP is used for dial-up and obtaining private IP addresses on a headquarters network. However, L2TP lacks sufficient security. In this case, IPsec can ensure communication security.
Correct Answer: A
QUESTION 154
The prerequisite for securely transmitting data by IPsec is that SAs are established between IPsec peers.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 155
Which of the following statements is incorrect about HWTACACS and RADIUS?
A. RADIUS supports command authorization.
B. RADIUS encrypts only the password field in an authentication packet.
C. HWTACACS separates authentication and authorization.
D. HWTACACS uses TCP to provide reliable transmission.
Correct Answer: B
QUESTION 156
What is the protocol number of ESP?
A. 53
B. 50
C. 54
D. 51
Correct Answer: D
QUESTION 157
The          protocol is used to transmit errors and control information between network devices. It plays an important role in collecting network information as well as diagnosing and rectifying network faults. (Enter the acronym in uppercase letters.)
Correct Answer: ICMP
QUESTION 158
Arrange the following headers in the correct order in which they are encapsulated into a data packet in tunnel mode according to the following figure.
Select and Place:
Correct Answer:
QUESTION 159
In an ARP man-in-the-middle (MITM) attack, an attacker sends forged ARP packets to make other authorized terminals and devices generate incorrect ARP entries. As a result, services are blocked, or user data is intercepted or tampered with. Which of the following layers of the TCP/IP protocol stack does the ARP MITM attack target?
A. Physical layer
B. Data Link Layer/Network Layer
C. Transport layer
D. Application layer
Correct Answer: B
QUESTION 160
Which of the following are application-layer protocols?
A. HTTP
B. Telnet
C. ARP
D. DNS
Correct Answer: ABD
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.