A.  

Planting malware

B.  

Vulnerability attack"

C.  

We6 Application Click

D.  

Brute force

A.  

Text

B.  

Regular expressions

C.  

Community word

D.  

Custom keywords

A.  

True

B.  

False

A.  

The DNS Request Flood attack on the cache server can be redirected to verify the legitimacy of the source

B.  

For the DNS Reguest Flood attack of the authorization server, the client can be triggered to send DINS requests in TCP packets: to verify

The legitimacy of the source IP.

C.  

In the process of source authentication, fire prevention will trigger the client to send DINS request via TCP report to verify the legitimacy of the source IP, but in a certain process

It will consume the TCP connection resources of the OINS cache server.

D.  

Redirection should not be implemented on the source IP address of the attacked domain name, and the destination P address of the attacked domain name should be implemented in the wild.

A.  

When deploying NAC Agent, can use scanner to scan and assess the number of installed and non-installed agent.

B.  

When the terminal NAC Agent uninstall, the scanner can send alarm information.

C.  

the scanner by the SNMP protocol to obtain network equipment resources information.

D.  

scanner and Policy Center controller linkage scan tasks.

A.  

Data analysis, data classification, post-processing

B.  

Data processing, data classification, post-processing

C.  

Data processing, attack classification, post-processing

D.  

Data processing, data classification, attack playback

A.  

htttp://www.abcd. com:8080/news/education. aspx

B.  

htttp://www.abcd. com:8080,te

C.  

/news/education. aspx

D.  

/news/education. aspx?name=tom&age=20

A.  

The data boy is huge

B.  

A wide variety of data

C.  

Low value density

D.  

Slow processing speed

A.  

SACG and IP address 2.1.1.1 server linkage is not successful

B.  

SACG linkage success with controller.

C.  

master controller IP address is 1.1.1.2.

D.  

master controller IP address is 2.1.1.1.

A.  

Ordinary attacks will usually be cleaned locally first.

B.  

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

C.  

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

D.  

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430

A.  

Enhanced mode refers to the authentication method using verification code.

B.  

Some bots have a redirection function, or the free proxy used during the attack supports the redirection function, which leads to the failure of the basic mode of defense

Effective, enhanced mode can effectively defend.

C.  

The enhanced mode is superior to the basic mode in terms of user experience.

D.  

Enhanced mode supports all HTTP Flood source authentication fields. "

WWQQ: 922333

A.  

Dual machine hot backup

B.  

Power supply. 1+1 redundant backup

C.  

Hardware Bypass

D.  

Link-group

A.  

Virus

B.  

Buffer overflow ρ

C.  

System vulnerabilities

D.  

Port scan

A.  

It cannot effectively prevent the virus from spreading from the Internet to the intranet.

B.  

The number of applications that NIP6000 can recognize reaches 6000+, which realizes refined application protection, saves export bandwidth, and guarantees key business services

Experience.

C.  

Protect the intranet from external attacks, and inhibit malicious flows, such as spyware, worms, etc. from flooding and spreading to the intranet.

D.  

Ability to quickly adapt to threat changes

A.  

Use BGP to publish UNR routes to achieve dynamic diversion.

B.  

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

C.  

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

D.  

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

A.  

IPS is an intrusion detection system that can block real-time intrusions when found

B.  

IPS unifies IDS and firewall

C.  

IPS must use bypass deployment in the network

D.  

Common IPS deployment modes are in-line deployment,

A.  

The action of signing iD3000 is an alarm

B.  

The action of signing ID3000 is to block

C.  

Unable to determine the action of signature ID3000

D.  

The signature set is not related to the coverage signature

A.  

Configuration plane

B.  

Business plane

C.  

Log plane

D.  

Data forwarding plane

A.  

display version av-sdb

B.  

display utm av version

C.  

display av utm version

D.  

display utm version

A.  

TRUE

B.  

FALSE

A.  

After the file decompression fails, the file will still be filtered. .

B.  

The application identification module can identify the type of application that carries the file.

C.  

Protocol decoding is responsible for analyzing the file data and file transmission direction in the data stream.

D.  

The file type recognition module is responsible for identifying the true type of the file and the file extension based on the file data

A.  

Disclosure of personal information

B.  

Threats to the internal network

C.  

Leaking corporate information

D.  

Increasing the cost of enterprise network operation and maintenance

A.  

The management server of the management center is responsible for the cleaning of abnormal flow, as well as the collection and analysis of business data, and storage, and is responsible for the summary

The stream is reported to the management server for report presentation.

B.  

The data coking device is responsible for the cleaning of abnormal flow, the centralized management and configuration of equipment, and the presentation of business reports.

C.  

The data collector and management server support distributed deployment and centralized deployment. Centralized deployment has good scalability.

D.  

The management center is divided into two parts: management server and teaching data collector.

A.  

Set local blacklist and whitelist: Both blacklist and whitelist can be configured at the same time, or only one of them can be configured.

B.  

In the "Whitelist" text box, enter the P address and mask of the SMTP Server to be added to the whitelist. You can enter multiple IP addresses, one IP address

Address one line. v

C.  

Enter the IP address and mask of the SMITP Server to be added to the blacklist in the "Blacklist" text box, you can enter multiple IP addresses, one IP

Address one line.

D.  

The priority of the blacklist is higher than that of the whitelist.

A.  

It is impossible to detect violations of security policies.

B.  

It can detect all kinds of authorized and unauthorized intrusions.

C.  

Unable to find traces of the system being attacked.

D.  

is an active and static security defense technology.

155955cc-666171a2-20fac832-0c042c0425

A.  

True

155955cc-666171a2-20fac832-0c042c0421

B.  

False

A.  

HTTPS Flood defense modes include basic mode, enhanced mode and 302 redirection.

B.  

HTTPS Flood defense can perform source authentication by limiting the request rate of packets.

C.  

The principle of HTTPS Flood attack is to request URIs involving database operations or other URIs that consume system resources, causing server resource consumption.

Failed to respond to normal requests.

D.  

The principle of HTTPS Flood attack is to initiate a large number of HTTPS connections to the target server, causing the server resources to be exhausted and unable to respond to regular requests.

begging.

A.  

True

B.  

False