QUESTION 141
Which of the following content security filtering technologies can be deployed on the firewall to prevent internal employees from making inappropriate comments on the Internet?
A. Mail filtering
B. File blocking
C. Application behavior
D. Data filtering
Correct Answer: D
QUESTION 142
Which of the following statements are true about the comparison between URL filtering and DNs filtering?
A. The impact of URL filtering on device performance is less than that of DNS filtering.
B. The control scope of URL filtering is smaller than that of DNs filtering.
C. Compared with URL filtering, DNs filtering performs access control earlier.
D. The control granularity of URL filtering is finer than that of DNs filtering.
Correct Answer: BCD
QUESTION 143
Which of the following statements is true about the file blocking process?
A. If all parameters in the file match all file blocking rules, the module performs the corresponding action.
B. After file blocking detection, a compressed file is sent to the file decompression module for decompression. The original file is then obtained. File blocking will no longer be performed if the decompression fails.
C. The file blocking action can be alert or block.
D. The file blocking module matches the application type, file type, and transfer direction of the file identified by the previous module with the table for querying file blocking rules configured by the administrator in top-down order.
Correct Answer: B
QUESTION 144
Which of the following aspects can be used to harden the security of the Linux operating system?
A. System security
B. Log security
C. Service startup management
D. Account security
Correct Answer: B
QUESTION 145
Multiple filtering conditions are configured in the IPS signature filter. If multiple values are configured in filtering conditions of the same type, the relationship between the values is AND.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 146
A zero-day vulnerability refers to a security vulnerability that does not have a corresponding patch. The person who provides details about the vulnerability or exploits the vulnerability to launch attacks is usually the discoverer of the vulnerability.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 147
An IPS signature filter is a set of signatures that meet specified filtering conditions. Which of the following is not a filtering condition of a signature filter?
A. OS
B. Signature ID
C. Category
D. Protocol
Correct Answer: B
QUESTION 148
Which of the following categories can IPs signature objects be classified into?
A. Requester
B. client
C. Responder
D. Server
Correct Answer: BD
QUESTION 149
Huawei iMaster NCE-Campus is a web-based centralized management and control system in the CloudCampus Solution. It supports user access management and can function as multiple types of authentication servers. Which of the following servers can iMaster NCE-Campus not be used as?
A. Portal server
B. RADIUS server
C. HWTACACS server
D. AD server
Correct Answer: D
QUESTION 150
Authorization rules configured on iMaster NCE-Campus support multiple authentication modes, including user access authentication, MAC address authentication, and device administrator authentication.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 151
Which of the following statements are true about the EAP termination mode in 802.1X authentication ?
A. EAP packets are encapsulated into RADIUS packets.
B. The EAP-Message attribute is used to encapsulate EAP packets.
C. An access device exchanges RADIUS packets with the authentication server.
D. Requirements on access devices are high.
Correct Answer: ACD
QUESTION 152
Assume that iMaster NCE-Campus acts as a Portal server and a RADIUS server: Which of the following parameters are mandatory when a third-party admission device is added to iMaster NCE-Campus?
A. URL key
B. Device name
C. Portal key
D. IP address
Correct Answer: BCD
QUESTION 153
Firewalls are deployed at Layer 3 and work in hot standby mode. They are connected to routers in the upstream direction and to Layer 2 switches in the downstream direction. In this scenario, firewalls can monitor directly connected service interfaces using HRP (configured using the hrp track interface command) or by adding interfaces to a link-group (configured using the link-group command).
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 154
High availability can be ensured for the heartbeat link between two firewalls using multiple heartbeat interfaces or an Eth-Trunk. Compared with using multiple heartbeat interfaces, using an Eth-Trunk improves the link’s communication bandwidth and implements load balancing.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 155
Link-group bundles multiple physical interfaces to improve link reliability. If one interface fails, traffic is forwarded through other interfaces.
A. TRUE
B. FALSE
Correct Answer: B
QUESTION 156
As shown in the figure, the firewalls work in load sharing mode, and their upstream and downstream devices are both switches. Which of the following statements is true about the VGMP group status of the two firewalls in this scenario?
A. Firewall A: master; firewall B: backup
B. Firewall A: master; firewall B: master
C. Firewall A: active; firewall B: standby
D. Firewall A: active; firewall B: active
Correct Answer: D
QUESTION 157
Which of the following statements is false about virtual system usage restrictions?
A. The management interface cannot be allocated to a virtual system.
B. The system software can be upgraded only in the public system.
C. Virtual system administrators can log in to the device using the console port.
D. If an IP address has been configured for an interface, the IP address will be deleted when the interface is assigned to a virtual system.
Correct Answer: C
QUESTION 158
When a virtual system communicates with the public system, both forward and return packets need to match sessions. Therefore, when the service traffic is heavy, the session resources of the entire device are insufficient.
A. TRUE
B. FALSE
Correct Answer: A
QUESTION 159
Which of the following is a quota-based resource allocated to a virtual system?
A. VLAN
B. Interface
C. Policy
D. Security zone
Correct Answer: D
QUESTION 160
Which of the following statements is false about quota control policies?
A. A quota control policy can limit the maximum bandwidth.
B. A quota control policy consists of detection and control.
C. A quota control policy can detect online traffic in real time.
D. A quota control policy can limit only the online traffic quota of users.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.