H12-722 Sample Questions Answers

The virus detection system cannot directly detect compressed files

The anti-virus engine can detect the file type through the file extension

Gateway antivirus default file maximum decompression layer is 3 layers

The implementation of gateway antivirus is based on proxy scanning and stream scanning

③④

①③④

⑤⑥

②④

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

Warning

Block and push the page

A warning dialog box pops up

All access to the client is prohibited

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

True

False

True

False

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

Ability to quickly adapt to threat changes

display version av-sdb

display utm av version

display av utm version

display utm version

Warning

Block

Declare

Delete attachments

True

False.

Event extraction, intrusion analysis, reverse intrusion and remote management.

Incident extraction, intrusion analysis, intrusion response and on-site management.

Incident recording, intrusion analysis, intrusion response and remote management.

Incident extraction, intrusion analysis, intrusion response and remote management.

Host

A group of users

Single user

A key program and file in the system

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

IPS policy is not submitted for compilation

False Policy IDs are associated with IPS policy domains

The IPS function is not turned on

Bypass function is closed in IPS

True

False

True

False

Keywords contained in the content of the uploaded file

Keywords contained in the downloaded file

File type

File upload direction 335

Use BGP to publish UNR routes to achieve dynamic diversion.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

True

False

TCP proxy means that the firewall is deployed between the client and the server. When the SYI packet sent by the client to the server passes through the firewall, the

The firewall replaces the server and establishes a three-way handshake with the client. Generally used in scenarios where the back and forth paths of packets are inconsistent.

During the TCP proxy process, the firewall will proxy and respond to each SYN message received, and maintain a semi-connection, so when the SYN message is

When the document flow is heavy, the performance requirements of the firewall are often high.

TCP source authentication has the restriction that the return path must be consistent, so the application of TCP proxy is not common. State "QQ: 9233

TCP source authentication is added to the whitelist after the source authentication of the client is passed, and the SYN packet of this source still needs to be verified in the future.