NEW QUESTION 1

As shown in the figure, nat server global202.106.1.1 inside10.10.1.1 is configured on the firewall. Which of the following is the correct configuration for interzone rules? ( )[Multiple choice]*

• A. rule name
• B. source-zone untrus
• C. destination-zone trus
• D. destination-address 202.106.1.132, action permit
• E. rule name d, source- zone untrus
• F. destination- zone trus
• G. destination- address10.l0.1.1 32, action permit
• H. rule name b, source- zone untrust, destination- zone trust, source- address10.10.1.1 32, action permit
• I. rule name b, source-zone untrust, destination-zone trust, source-address202.106.l.1 32, action permit

Answer: B

NEW QUESTION 2

aboutL2TP VPNstatement, which of the following is false?

• A. It is suitable for employees on business to dial up to access the intranet
• B. Data will not be encrypted
• C. WithIPsec VPNIn conjunction with
• D. belonging to the third floorVPNTechnology

Answer: D

NEW QUESTION 3

EuropeTCSECThe guidelines are divided into two modules, functional and evaluation, and are mainly used in the military, government and commercial fields

• A. True
• B. False

Answer: A

NEW QUESTION 4

RFC (Request For Comment) 1918 reserves 3 IP addresses for private use, namely 10.0.0.0-10.255.255.255, _________, 192.168.0.0-192.168.255.255[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 5

Applying for special funds for emergency response and purchasing emergency response software and hardware equipment belong to the work content of which stage of the network's complete emergency response?

• A. preparation stage
• B. Inhibition stage
• C. response phase
• D. recovery phase

Answer: A

NEW QUESTION 6

Firewall usagehrp standby config enableAfter the command to enable the configuration function of the standby device, all the information that can be backed up can be configured directly on the standby device, and the configuration on the standby device can be synchronized to the active device.

• A. True
• B. False

Answer: A

NEW QUESTION 7

In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking. Which of the following options are correct for the description of tracking technology? (multiple choice)

• A. Packet logging technology through the tracedIPInsert trace data into packets to mark packets on each router they pass through
• B. Link testing technology determines the information of the attack source by testing the network link between routers
• C. Packet marking technology extracts attack source information by logging packets on routers and then using data drilling techniques
• D. Shallow mail behavior analysis can achieveIPAnalysis of addresses, sent time, sending frequency, number of recipients, shallow email headers, and more.

Answer: ABD

NEW QUESTION 8

About the packet iniptablesDescription of the transfer process, which of the following options is incorrect?

• A. When a packet enters the network card, it first goes to matchPREROUTINGchain
• B. If the destination address of the data packet is the local machine, the system will send the data packet toINPUTchain.
• C. If the destination address of the data packet is not the local machine, the system sends the data packet toOUTPUTchain
• D. If the destination address of the data packet is not the local machine, the system sends the data packet toFORWARDchain.

Answer: C

NEW QUESTION 9

Regarding NAT technology. Which of the following descriptions is false?

• A. In Huawei firewalls, source NAT technology refers to the translation of the source address in the IP header of the connection that initiates the connection.
• B. In the Huawei firewall, Easy IP directly uses the public network address of the interface as the translated address, and does not need to configure a NAT address pool.
• C. In Huawei firewalls, the NAT No-PAT technology needs to be implemented by configuring a NAT address pool.
• D. In Huawei firewalls, the only NAT technology with port translation is NAPT.

Answer: D

NEW QUESTION 10

aboutVPN, which of the following statements is false?

• A. Virtual private network is cheaper than private line
• B. VPNTechnology necessarily involves encryption
• C. VPNTechnology is a technology that multiplexes logical channels on actual physical lines
• D. VPNThe emergence of technology allows traveling employees to remotely access internal corporate servers

Answer: B

NEW QUESTION 11

firewallGE1/0/1andGE1/0/2mouth belongs toDMZarea, if you want to implementGE1/0/1The connected area is accessibleGE1/0/2Connected area, which of the following is correct?

• A. needs to be configuredLocalarriveDMZsecurity policy
• B. No configuration required
• C. Interzone security policy needs to be configured
• D. needs to be configuredDMZarrivelocalsecurity policy

Answer: B

NEW QUESTION 12

When IPSec VPN uses tunnel mode to encapsulate packets, which of the following is not within the encryption scope of the ESP security protocol? ( )[Multiple choice]*

• A. ESP Header
• B. TCP Header
• C. Raw IP Header
• D. ESP Tail

Answer: A

NEW QUESTION 13

_______ Authentication is to configure user information (including local user's user name, password and various attributes) on the network access server. The advantage is that it is fast.[fill in the blank]*

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 14

Which of the following options is notIPSec SAlogo?

• A. SPI
• B. Destination address
• C. source address
• D. Security Protocol

Answer: C

NEW QUESTION 15

Which of the following is an "information sabotage incident" in the classification of network security incidents?

• A. Software and hardware failure
• B. Information counterfeiting
• C. Internet Scanning for plagiarism
• D. Listen to Trojan attack

Answer: B

NEW QUESTION 16

The repair of anti-virus software only needs to repair some system files that were accidentally deleted when scanning and killing viruses to prevent the system from crashing

• A. True
• B. False

Answer: A

NEW QUESTION 17

SNMPWhat versions of the protocol are there? (multiple choice)

• A. SNMPv1
• B. SNMPv2b
• C. SNMPv2c
• D. SNMPv3

Answer: ACD

NEW QUESTION 18

The most common three-level standard for equal protection includes three aspects: physical security, data security and network security.

• A. is correct
• B. False

Answer: B

NEW QUESTION 19

aboutwindowsDescription of the firewall advanced settings, which of the following options is wrong? (multiple choice)

• A. When setting the stacking rules, only the local port can be restricted, and the remote port cannot be restricted
• B. When setting the stacking rules, you can restrict both the local port and the remote port.
• C. When setting the stacking rule, only the local port can be restricted, and the remote port cannot be restricted
• D. When setting the stacking rules, you can restrict both the local port and the remote port.

Answer: BD

NEW QUESTION 20
......