QUESTION 101
No patch has been issued for zero-day vulnerabilities. Therefore, no method can effectively defend against zero-day attacks.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 102
Constructing incorrect query statements and obtaining key information from the error message returned by the database are common methods for launching SQL injection attacks.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 103
The Common Vulnerability Scoring System (CVSS) is a widely used open standard for vulnerability scoring It uses a modular scoring system. Which of the following is not included in the CVSS?
A. Temporal
B. Spatial
C. Environmental
D. Base
Correct Answer: B
QUESTION 104
To defend against network attacks, you only need to deploy security devices (such as a firewall and IPS) at the Internet egress. No security device needs to be deployed on the enterprise intranet.
A. TRUF
B. FALSE
Correct Answer: B
QUESTION 105
The netstat command can be run to view the current active TCP connections on a Windows host, based on
which the existence of abnormal connections can be determined.
The command output contains key information such as the source and destination addresses, source and destination port numbers, connection status, and process or application names of TCP connections.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 106
In an 802.1X authentication scenario on a WLAN, the static authorization ACL configuration on the authentication device is as follows:
acl number 2011
rule 5 deny ip destination 10.1.2.0 0.0.0.255
rule 10 permit ip destination 10.1.1.0 0.0.0.255
rule 15 deny ip destination 10.1.3.0 0.0.0.255 rule 20 deny ip
Which of the following network segments can be accessed by authenticated users?
A. 10.1.2.0/24
B. 10.1.3.0/24
C. 10.1.4.0/24
D. 10.1.1.0/24
Correct Answer: D
QUESTION 107
Which of the following access authentication modes requires a terminal to obtain an IP address before authentication?
A. Portal authentication
B. 802.1x authentication
C. MAC address bypass authentication
D. MAC address authentication
Correct Answer: A
QUESTION 108
Enterprises can deploy access control technologies to manage and control online behaviors of employees, but not that of guests.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 109
iMaster NCE-Campus can function as a RADIUS server but cannot function as a RADIUS relay agent.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 110
Which of the following cannot be used as a matching condition in a Portal page push policy configured on iMaster NCE-Campus?
A. Operating system version
B. SSID
C. Browser type
D. User IP address
Correct Answer: A
QUESTION 111
Huawei iMaster NCE-Campus can function as an authentication server to authorize authenticated users. Which of the following is not a parameter that can be authorized by iMaster NCE-Campus?
A. VLAN
B. DSCP
C. IP address
D. ACL
Correct Answer: C
QUESTION 112
An LDAP directory is tree-structured and consists of multiple entries. Each entry has a unique distinguished name (DN). If the DN of a directory server is “CN=Stephen, OU=Enterprise, OU=Huawei, DC=AD, DC=Huawei’s? which of the following statements are true?
A. Stephen indicates a user or user group.
B. The directory server is not an AD server.
C. The domain name of the directory server is Huawei.
D. A DN indicates the location of an object.
Correct Answer: CD
QUESTION 113
During deployment of Portal authentication, an authentication-free rule profile needs to be configured to ensure Portal pages can be opened on authentication terminals. To achieve this purpose, the following traffic needs to be permitted in the authentication-free rule profile: DNS resolution traffic of user terminals, traffic from user terminals for accessing Portal pages, and traffic from user terminals to the RADIUS server.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 114
AD domain authentication is a type of LDAP authentication.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 115
Match the following security events with their types.
Select and Place:
Correct Answer:
QUESTION 116
In the scenario of hot standby based on dynamic routing protocols, you can run the hrp ospf-cost enable command to enable the function of adjusting the OSPF cost value based on the active/ standby status of the firewalls. (Enter only lowercase letters.)
Correct Answer: adjust
QUESTION 117
After the system software of firewalls working in hot standby mode is upgraded, which of the following items need to be verified?
A. Active/Standby status of the firewalls
B. System software version
C. Session table
D. Active/ Standby switchover
Correct Answer: ACD
QUESTION 118
Which of the following is the correct user name format of the firewall virtual system?
A. Virtual system name@Administrator name
B. Administrator name@Virtual system name
C. Virtual system name@@Administrator name
D. Administrator name@@Virtual system name
Correct Answer: D
QUESTION 119
Which of the following resources are manually allocated to virtual systems?
A. VLAN
B. Interface
C. Security zone
D. Bandwidth
Correct Answer: C
QUESTION 120
Which of the following statements are true about the overall guaranteed bandwidth and maximum bandwidth in a bandwidth profile?
A. The overall guaranteed bandwidth is the minimum available bandwidth assigned by a bandwidth profile to its matching traffic.
B. The overall maximum bandwidth is the maximum available bandwidth assigned by a bandwidth profile to its matching traffic.
C. If the traffic exceeds the maximum bandwidth, the firewall discards the excess traffic.
D. If the traffic falls below the guaranteed bandwidth, the firewall forwards it on the outbound interface.
Correct Answer: ABCD
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.