Huawei H12-723 Huawei Certified ICT Professional - Constructing Terminal Security System Exam Practice Test

right

wrong

WIDS Is a wireless intrusion prevention system

WIPS Wireless intrusion detection system

WIDS Is a wireless intrusion countermeasure system

WIPS Is a wireless intrusion prevention system

SACG and IP Address is 2.1.1.1 The server linkage is unsuccessful.

SACG The linkage with the controller is successful.

main controller IP address is 1.1.1.2.

main controller IP address is 2.1.1.1.

Checking strategies are mainly used to check some static settings of the terminal, such as whether the screen saver is set, whether the antivirus software is installed; whether there is illegal Outreach etc. z00

Monitoring strategies are mainly used for real-time monitoring of events that occur in the system, such as whether anti-virus software is installed and whether PPPOE dial-up access is used Network, etc.-Once an incident is detected, some control can be taken.

The security check strategy only includes two types of end-host check-type strategies and end-user behavior check-type strategies.

Terminal host security management is mainly implemented by inspection strategies, and end user behavior management is mainly implemented by monitoring strategies.

right

wrong

WLAN Is to adopt 80211 Technical WiFi

WLAN There are two basic architectures: FAT AP with AC+FIT AP

AC+FATAP The architecture is suitable for medium and large use scenarios

AC+FITAP Autonomous network architecture

S5720HI Series Switch:

AR Series router

USG6000 Series firewall

SVN5600 series

TRUE

FALSE

The business management plane focuses on administrators, authentication servers, and policy servers.

The network equipment plane focuses on user terminals and static resources.

The user plane focuses on authentication points and policy enforcement points.

The business free mobility logic architecture includes a management subsystem, an authentication and authorization subsystem, and a business strategy subsystem.

Server layer

Network device layer

Access control layer

User access layer

bandwidth

Forwarding priority

Authority

Strategy

technology

Process

organization

plan

MAC authentication does not require users to install any client software.

The user name format used by MAC authentication is only one of MAC address user name format.

MAC authentication actually uses 802 1X authentication method.

MAC bypass authentication solves the situation of both 802.1x client authentication and MAC authentication in the same network environment.

When configuring the policy template, you can inherit the parent template and modify the parent template policy

Only the strategy in the strategy template can be used, and the administrator cannot customize the strategy.

You can assign a policy template to a certain network segment.

If different policy templates are applied to departments and accounts, the policy template assigned to the highest priority will take effect. The priority relationship of the number is: account>department

Intranet users access the data center/Internet.

When traveling users access intranet resources, traveling users pass VPN Access to the intranet.

Work as a team.

Realize mutual communication between devices.

Download and backdoor characteristics

Information Collection feature

own hidden feature

system attacks characteristics

router

switch

Firewall

IPS

URL audit function is used to record the user's HTTP Internet behavior as the basis for the audit.

The user can configure the web type to be audited, WEB types to distinguish with file extensions, including html, jsp, aspx, etc.

can audit user HTTP access in the specific content of the Post, as a user Internet censorship

internal users access to the specified type of WEB resource, the firewall will be logged and sent to log server.

The use of anonymous accounts for authentication is based on the premise of trusting the other party, and the authentication agency does not need the other party to provide identity information to provide services to the other party.

Agile Controller-Campus Need to be manually created"~anonymous"account number.

By default, the access control and policy of anonymous accounts cannot be performed. 1 Operations such as invoking patch templates and software distribution.

Administrators cannot delete anonymous accounts"~anonymous*.

SACG The equipment requires Layer 3 intercommunication with the terminal.

SACG It is usually connected to the core switch equipment and uses policy routing to divert traffic.

SACG Support hanging on non-Huawei devices.

SACG Equipment requirements and Agile Controller-Campus Interoperability on the second floor.

worms using application software loophole to spread wantonly, consume network bandwidth and destroy important data.

hackers, malicious employee use loophole to attack or invade enterprise servers, business secrets were tampered, damaged and theft .

As long as the system software update in time for system loophole problems can be effectively solved.

The Internet has made application software loophole to spread rapidly, making loophole easier to become targets of attack.

router

switch

Firewall

IPS

right

wrong

TRUE

FALSE

Open https://SM server IP:8943 in the browser, enter the account admin and the default password Changeme123, if the login is successful, it will be explained. The SIM components are normal.

After logging in to SC, select Resources>Users>User Management to create a common account. Open https://SM server IP:8447 in the browser newauth, if you can successfully log in using the account created in the previous step, the SM component is normal.

Open https://SC Server IP:8443 in the browser and enter the account admin and the default password Changeme123. If the login is successful, it will be explained. The SC component is normal.

After logging in to SM, select Ziyuan>User>User Management, and Xinlu has a common part number. Open https://SC server IP:8447 newauth in the browser. If you can successfully log in with the account created in the previous step, it means that the SC component is Wang Chang.

If most end users work in one area and a few end users work in branch offices, centralized deployment is recommended.

If most end users are concentrated on--Offices in several regions, and a small number of end users work in branches. Distributed deployment is recommended.

If end users are scattered in different geographical locations, a distributed deployment solution is recommended.

If end users are scattered in different regions, a centralized deployment solution is recommended.

Announcements can be issued by the security department

The terminal must have a proxy client installed to receive announcements.

If the system issues an announcement and the proxy client is not online, the announcement information will not be received after going online.

Announcements can be issued by account.

Portal gateway initiates Radius Challenge request message, including user name and password information

The ACL issued by the server to the access gateway is carried in the Portal protocol message

Issue policies while performing identity authentication

The Portal server needs to pass the security check result to the access gateway device

Portal The certification process is only used in Web Certification

Server for a terminal Portal Certification will only give one Portal Device sends authentication message

Switch received Portal Online message, will give Radius Server send Radius Certification request

Portal The authentication message will not carry the result of the security check

Multiple Agile Controller The same terminal IP Address added Portal"Access terminal IP Address list",Some of them Agile Controller The server and the terminal cannot communicate normally.

Portal The template is configured with an incorrect password.

Agile Controller-Campus There are too many authorization rules on the "It takes a lot of time to find 835

Insufficient curtains of the terminal equipment result in a relatively large delay.