- Home
- Huawei
- HCIP-Security-CISN(Huawei Certified ICT Professional - Constructing Infrastructure of Security Network)
- Huawei.H12-721.v2020-08-21.q77
- Question 72
Valid H12-721 Dumps shared by ExamDiscuss.com for Helping Passing H12-721 Exam! ExamDiscuss.com now offer the newest H12-721 exam dumps, the ExamDiscuss.com H12-721 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com H12-721 dumps with Test Engine here:
Access H12-721 Dumps Premium Version
(180 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 72/77
The malformed packet attack technology uses some legitimate packets to perform reconnaissance or data detection on the network. These packets are legal application types, but they are rarely used in normal networks.
Correct Answer: B
Explanation
Note: 4 types of network attacks: First, traffic-type attacks: commonly used Flood mode, send a large number of seemingly legitimate TCP, UDP, ICMP packets to the target host, and even some attackers also use source address forgery technology to Bypassing the monitoring of the detection system, thereby draining bandwidth or server resources. The second is scanning snooping attacks: using ping (including ICMP and TCP) scans to identify surviving systems on the network to identify potential targets and identify target weaknesses. The third is a malformed packet attack: by sending a defective packet to the target system, the target system generates an error when processing such an IP packet, or causes a system crash, which affects the normal operation of the target system. The main methods are ping of Death and Teardrop. The fourth is special packet attack: using some legitimate packets to reconnaissance or data detection on the network. These packets are legal application types, but they are rarely used in normal networks.
Note: 4 types of network attacks: First, traffic-type attacks: commonly used Flood mode, send a large number of seemingly legitimate TCP, UDP, ICMP packets to the target host, and even some attackers also use source address forgery technology to Bypassing the monitoring of the detection system, thereby draining bandwidth or server resources. The second is scanning snooping attacks: using ping (including ICMP and TCP) scans to identify surviving systems on the network to identify potential targets and identify target weaknesses. The third is a malformed packet attack: by sending a defective packet to the target system, the target system generates an error when processing such an IP packet, or causes a system crash, which affects the normal operation of the target system. The main methods are ping of Death and Teardrop. The fourth is special packet attack: using some legitimate packets to reconnaissance or data detection on the network. These packets are legal application types, but they are rarely used in normal networks.
- Question List (77q)
- Question 1: The topology diagram of the BFD-bound static route is as fol...
- Question 2: Virtual firewall technology can achieve overlapping IP addre...
- Question 3: A user wants to limit the maximum bandwidth of the 192.168.1...
- Question 4: Connecting the internal network interface address from the f...
- Question 5: As shown in the figure, the firewall is dual-system hot stan...
- Question 6: In the first phase of IKE V1, the pre-shared key master mode...
- Question 7: What are the three elements of an abnormal flow cleaning sol...
- Question 8: As shown below, the domain abc address pool is the address p...
- Question 9: The following scan snoop attacks are:...
- Question 10: In the application scenario of IPSec traversal by NAT, the a...
- Question 11: Which of the following statements about the blacklist is cor...
- Question 12: The default interval for sending VGMP hello packets is 1 sec...
- Question 13: About load balancing, the following configuration is availab...
- Question 14: 112. The ESP only verifies the IP payload and can perform NA...
- Question 15: What are the drainage schemes that can be used in the scenar...
- Question 16: In the active/standby mode of the USG dual-system hot backup...
- Question 17: Which of the following statements is true about L2TP over IP...
- Question 18: In a dual-system hot standby network, the NAT configurations...
- Question 19: What is the correct statement about the Eth-trunk function?...
- Question 20: Virtual firewall virtualizes multiple logical firewalls on a...
- Question 21: The management control information and service information o...
- Question 22: The ip-link sends a probe packet to the specified IP address...
- Question 23: What are the following VPN protocols that do not provide enc...
- Question 24: The hot standby and IPSec functions are combined. Which of t...
- Question 25: The branch firewall of an enterprise is configured with NAT....
- Question 26: The firewall device defends against the SYN Flood attack by ...
- Question 27: What are the following attacks that are special message atta...
- Question 28: To ensure the normal forwarding of large traffic, a network ...
- Question 29: Both AH and ESP protocols of IPSec support NAT traversal...
- Question 30: 87. The SSL VPN scenario under dual-system hot standby is sh...
- Question 31: The figure shows the data flow direction of the Bypass inter...
- Question 32: What is the correct description of IKE?...
- Question 33: Which of the following is the correct description of the SMU...
- Question 34: Accessing the headquarters server through the IPSec VPN from...
- Question 35: What are the following attacks that are malformed?...
- Question 36: USG A and USG B are configured with a static BFD session. Th...
- Question 37: The SSL VPN authentication login is unsuccessful and the mes...
- Question 38: The interaction process of the firewall linkage NIP intrusio...
- Question 39: The dual-system hot standby networking environment is as sho...
- Question 40: Two USG firewalls establish an IPSec VPN through the Site to...
- Question 41: In IPSec VPN, which one is incorrect about the difference be...
- Question 42: After the link-group is configured on the device, use the di...
- Question 43: Avoid DHCP server spoofing attacks. DHCP snooping is usually...
- Question 44: Based on the following information analysis on the firewall,...
- Question 45: The constraints of the policy in the traffic limiting policy...
- Question 46: In the application scenario of the virtual firewall technolo...
- Question 47: SSL VPN authentication is successful. Using the file sharing...
- Question 48: When the ip-link link health check is performed, if it is un...
- Question 49: The first packet discarding technology of Huawei Anti-DDoS d...
- Question 50: The server health check mechanism is enabled on the USG fire...
- Question 51: What are the correct statements about the IP address scannin...
- Question 52: Which of the following encryption methods does IPSec VPN use...
- Question 53: Which of the following attacks is a SYN Flood attack?...
- Question 54: The following figure shows the L2TP over IPSec application s...
- Question 55: When an IPSec VPN is set up on both ends of the firewall, th...
- Question 56: The SSL VPN authentication is successful, but the Web-link r...
- Question 57: The enterprise network is as shown in the figure. On the USG...
- Question 58: In the dual-system hot backup, when the slave does not recei...
- Question 59: 134. Which of the following is the connection status data to...
- Question 60: In the IPSec VPN, the digital certificate is used for identi...
- Question 61: In the case of IPSec VPN NAT traversal, you must use IKE's a...
- Question 62: In dual-system hot backup, the backup channel must be the pr...
- Question 63: Two USG firewalls failed to establish an IPSec VPN tunnel th...
- Question 64: Regarding the virtual gateway type exclusive and shared type...
- Question 65: The principle of HTTPS Flood source authentication defense i...
- Question 66: Load balancing implements the function of distributing user ...
- Question 67: Which of the following statements is true for virtual servic...
- Question 68: The following figure shows the data packet of the pre-shared...
- Question 69: SSL works at the application layer and encrypts specific app...
- Question 70: An administrator can view the IPSec status information and d...
- Question 71: On the USG, you need to delete sslconfig.cfg in the hda1:/ d...
- Question 72: The malformed packet attack technology uses some legitimate ...
- Question 73: In the IDC room, a USG firewall can be used to divide into s...
- Question 74: After the NAT server is configured (no-reverse parameter is ...
- Question 75: A data flow has established a session in the firewall. If th...
- Question 76: When an attack occurs, the result of packet capture on the a...
- Question 77: What are the correct descriptions of IPSec and IKE below?...
