HCIP-Security-CSSN V3.

0 mock exam

1. (Single-choice) Which of the following options describe the spam filtering black and white list
is wrong?
A.Configure local blacklist / whitelist: You can configure both blacklist and whitelist, or you can
configure only one of them.
B.In the "Whitelist" text box, type the IP address and mask of the SMTP server to whitelist. You
can enter multiple IP addresses and one IP address.
C.Enter the IP address and mask of the SMTP server to be added to the blacklist in the
"Blacklist" text box. You can enter multiple IP addresses and one IP address.
D.Black list priority is higher than white list.

2.(Ture or False) RBL Filtering Filtering based on the source IP address of the SMTP connection
does not allow filtering of mail content.

3.(Single-choice) SMTP Simple Mail Transfer Protocol is based on TCP service application layer
protocol, the port number is:
A.110
B.90
C.95
D.25

4.(Single-choice)Which of the following options about the regular expression is wrong?

A.Regular expression is to use regular expressions that need to identify the keywords.
B.Unlike text, a regular expression can represent multiple keywords.
C.Regular expressions can match the minimum length of the keyword is 3 bytes.
D."+" in a regular expression means that zero or more matches the preceding character or
expression.

5.(Ture or False) The Web server communicates with the client via HTML and sends pictures and
other information to the client browser.

6.(Multi-choice)Which of the following threats is a web application layer security risk?

A.Worm
B.Cross-site request forgery
C.Cross-site scripting attacks
D.SQL injection
E.DDoS attacks

7.(Single-choice) In the WAF Deep Security process, both the request header and the return
header are checked twice. However, the contents have some differences, the following steps to
sort the correct one?
A.Check HTTP return packet header> Check HTTP return packet content> Check HTTP request
header> Check HTTP request packet content
第 1 页, 共 4 页
 HCIP-Security-CSSN V3.0 mock exam

B.Check the HTTP request packet content> Check the HTTP request header> Check the HTTP
return packet content> Check the HTTP return header
C.Check HTTP Return packet Contents> Check HTTP Return Headers> Check HTTP Request
packet Contents> Check HTTP Request Header
D.Check the HTTP request header> Check the HTTP request packet content> Check the HTTP
return header> Check HTTP return packet content

8.(Multi-choice) In WAF products, blacklist feature detection can defend which of the following
attacks?
A.SQL injection
B.DDoS attack
C.CSRF attack
D.Buffer overflow attacks
E.CC attack

9.(Single-choice)In the overall security deployment, which of the following is correct about IPS
deployment and WAF deployment?
A.Both the IPS device and the WAF device can defend against HTTP vulnerabilities, so choose
one of them to deploy on the network.
B.If you have a business-critical server in your business, it is recommended that you deploy the
WAF product in a transparent proxy mode between servers.
C.IPS products are generally deployed in the straight-line deployment mode in front of the
server, providing real-time server protection.
D.WAF products can be in before, during and after the three stages of defense, and IPS
products generally only defensive in advance.

10.(Ture or False) Malicious webpage means the malicious code embedded in the content of the
webpage. When a user visits a malicious webpage, the malicious code is implanted into the
user's computer, which may lead to the disclosure of the private information on the user's
computer and the serious problem of the botnet.

11.(Ture or False) The basic types of cross-site scripting is divided into reflective and storage
type

12.(Single-choice) When the firewall processes the URL filtering, the firewall extracts the URL
information in the packet and performs the query matching process. Which of the following
steps to get this information?
A.Application identification
B.Pattern matching
C.Traffic restructuring
D.Protocol decoding

13. (Single-choice) Which of the following threats cannot be detected by the IPS?
第 2 页, 共 4 页
 HCIP-Security-CSSN V3.0 mock exam

A.Virus
B.Worm
C.Spam
D.DoS

14. (Ture or False) The IPS function on the USG6000 supports two actions: block and alert.

15. (Single-choice) Which of the following attack types is a DDoS classified as?
A.Single-packet attack
B.Flood attack
C.Malformed-packet attack
D.Scanning and sniffing attack

16.(Single-choice) In flood attacks, a large number of valid packets are sent to the target host in
flood mode. As a result, the network bandwidth or device resources are exhausted. Which of the
following options cannot be flood attack packets?
A.TCP packets
B.UDP packets
C.ICMP packets
D.FTP packets

17.(Single-choice) Which of the following attacks is a malformed packet attack based on TCP?
A.Teardrop attack
B.Ping of death attack
C.IP spoofing attack
D.Land attack

18.(Multi-choice) Which of the following data information is commonly collected by the big
data security platform through stream or terminal probes?
A.Firewall log
B.sandbox
C.user host
D.server log

19.(Ture or False) The main purpose of machine learning is to draw useful rules from the data.
The correct machine learning should follow the process below:
1. Provide training data sets
2. Train the appropriate classifier using these datasets and their eigenvectors (do not worry,
there are countless open source tools in this step)
3. Representing human experience as a feature Converting a dataset into a feature vector
4. To evaluate the classification effect, such as accuracy, recall, etc., and cross-validation of the
classification (Cross-validation).

第 3 页, 共 4 页
 HCIP-Security-CSSN V3.0 mock exam

20.(Single-choice) Sandbox testing process includes the following steps:

1.Virtual implementation
2. Threat Analysis
3 credit system static comparison
4.Heuristic detection
Which of the following is the correct sort for the above process?
A.1-2-4-3
B.4-3-1-2
C.2-1-3-4
D.3-4-1-2

Answers:1. D     2.T      3. D     4.D     5. F     6. BCD     7.D     8.ACD      9.B    10.T      11.T     12.
D        13. C      14. T       15.B        16.D        17.D       18.BC        19. F        20. D

第 4 页, 共 4 页