Which of the following statements is correct about the default zones of Huawei firewalls?
ADefault security zones can be deleted.
BThe level of a default security zone can be customized.
CFour default security zones are available.
DDefault security zones cannot be deleted, but their security level can be modified.
Which of the following actions can be taken on matched data flows by a firewall authentication policy? (Choose all that apply.)
ANon-authentication
BServer authentication
CAuthentication exemption
DSMS authentication
Which of the following statements are correct about gratuitous ARP? (Choose all that apply.)
AGratuitous ARP packets belong to ARP response packets.
BGratuitous ARP packets belong to ARP request packets.
CAttackers can use forged gratuitous ARP packets to launch man-in-the-middle attacks.
DGratuitous ARP packets can be sent to check for IP address conflicts.
Security policies check data flows that pass through firewalls. Only the data flows that match the security policies are allowed to pass.
ATRUE
BFALSE
Question 6
Network security concepts and specifications
0
Question 7
Firewall hot standby technologies
Question 8
Firewall user management technologies
Question 9
Network security concepts and specifications
Question 10
Network security concepts and specifications
Question 11
Firewall hot standby technologies
Question 12
Firewall user management technologies
Question 13
PKI certificate system
Question 14
Network basics
Question 15
Fundamentals of encryption technologies
Question 16
Firewall security policy
Question 17
Firewall NAT technologies
Question 18
Fundamentals of encryption technologies
Question 19
Network security concepts and specifications
Question 20
Firewall intrusion prevention technologies
Question 21
Network basics
Question 22
Firewall user management technologies
Question 23
Fundamentals of encryption technologies
Question 24
Fundamentals of encryption technologies
Question 25
Firewall NAT technologies
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following statements are correct about the functions of L2TP? (Choose all that apply.)
AData integrity check
BUser authentication
CData encryption
DAddress allocation
Which of the following statements is correct about the heartbeat link and heartbeat interface of a firewall?
AThe management interface (Meth0/0/0) cannot be used as a heartbeat interface.
BThe heartbeat interfaces of two firewalls can be added to different security zones.
CAn interface configured with the vrrp virtual-mac enable command can be used as a heartbeat interface.
DAn interface whose MTU value is less than 1500 can be used as a heartbeat interface.
In single sign-on mode, the firewall functions as the authentication point to obtain user login information and enable users to connect to the network through the firewall.
ATRUE
BFALSE
DRAG DROP -
Arrange the call setup process of an L2TP tunnel in the correct order according to the following figure.
Which of the following statements is incorrect about IPsec SA?
ADuring IKE-based IPsec SA establishment, the key is generated using the DH algorithm and dynamically updated.
BEstablishing an IPsec SA manually is more secure than establishing it using IKE.
CIPSec SAs can be established in manual mode or IKE mode.
DWhen an SA is established in IKE mode, the SPI is randomly generated.
When the VGMP group priority of the local firewall is higher than that of the peer firewall, the VGMP group status of the local firewall is Master.
ATRUE
BFALSE
User authentication is an identity authentication mechanism. It can verify the identity of a user and obtain the mapping between the user and the IP address. User authentication is the basis for configuring user-specific policies.
ATRUE
BFALSE
When logging in to the web UI through HTTPS, you need to specify a local certificate issued by a CA that the web browser trusts for the HTTPS client on the device. Because the web browser can verify the local certificate, this approach avoids malicious attacks and ensures secure logins of administrators.
ATRUE
BFALSE
Which of the following protocols are file transfer protocols? (Choose all that apply.)
AHTTP
BNFS
CPOP3
DFTP
Which of the following is not a function of public key technologies?
AData privacy
BIdentity authentication
CData integrity
DPublic key security
You can specify 5-tuple matching conditions in a security policy to implement intra-zone and inter-zone access control. Which of the following is not an item in the 5-tuple?
ADestination address
BPort number
CServices
DSource address
Which of the following enterprise internal services can be provided to mobile office users through the port forwarding function of SSL VPN? (Choose all that apply.)
ATelnet
BFTP
CEmail
DTFTP
Which of the following algorithms are hash algorithms? (Choose all that apply.)
ASM3
BMD5
CSHA
DDSA
Which of the following statements are correct about IKEv2 negotiation? (Choose all that apply.)
AThe messages in an IKEv2 Create_Child_SA Exchange are protected by the keys negotiated in an Initial Exchange.
BDuring IKEv2 negotiation, some control information is transmitted through an Informational Exchange.
CThe four messages in an IKEv2 Initial Exchange are encrypted for transmission.
DIn normal cases, IKEv2 requires two exchanges (a total of four messages) to establish a pair of IPsec SAs.
If a firewall detects a virus-infected file that is an application exception, the firewall processes the file according to the response action (permit, alert, or block) of the application exception. Which of the following is the alert action?
APermitting the virus-infected file but not generating a virus log
BBlocking the virus-infected file and displaying a message that indicates a virus has been detected
CBlocking the virus-infected file and generating a virus log
DPermitting the virus-infected file and generating a virus log
Which of the following protocols are transport layer protocols? (Choose all that apply.)
AFTP
BDHCP
CTCP
DUDP
Which of the following statements are correct about single sign-on for Internet access users? (Choose all that apply.)
AUsers need to be authenticated by a firewall and another authentication system.
BUsers can access the NAS device. The NAS device then forwards authentication requests to the RADIUS server for authentication.
CAfter a user is authenticated, the firewall can obtain the mapping between the user and IP address and perform user-based policy management.
DUsers can log in to the AD domain and are authenticated by the AD server.
In IPsec, AH provides data origin authentication, data integrity check, and anti-replay, but does not provide encryption.
ATRUE
BFALSE
Symmetric key encryption features high efficiency, simple algorithm, and low cost. It is suitable for encrypting a large amount of data.
ATRUE
BFALSE
A NAT policy consists of the post-NAT address (address in the address pool or address of the outbound interface), matching condition, and action. Which of the following is not a matching condition of a NAT policy?
