Beruflich Dokumente
Kultur Dokumente
0 mock exam
1.(Single-choice) After a BFD session is established, the two systems periodically send BFD
control packets to each other. If a system does not receive any packet from the peer within the
detection time, the BFD session is considered Down. Which is the BFD detection mode?
A.Synchronous mode
B.Detection mode
C.Asynchronous mode
D.Query mode
2.(Multi-choice)Which of the following are the backup items in the HRP function?
A.ServerMap table entry
B.routing table
C.dynamic blacklist
D.Session table entry
3.(Single-choice) When link health check is performed on IP-Link, by default, several consecutive
failure to receive a response packet indicates that there is a link fault?
A.One time
B.Two times
C.Three times
D.Four times
4.(Multi-choice) When the USG firewall performs hot-standby switching, which of the following
deployment modes does the service port send gratuitous ARP packets?
A.Routing mode + switch
B.Routing mode + router
C.Switching Mode + Switch
D.Switching Mode + router
5.(Ture or False) The default VGMP HELLO packet transmission interval is 1 second. When no
HELLO packet is sent from the peer within the range of three HELLO packets, the peer considers
the peer to be faulty and switches itself to the master state .
6.(Multi-choice) Which of the following is not a packet sent during IP-Link probing?
A.ARP Packet
B.IGMP Packet
C.ICMP Packet
D.Hello Packet
7.(Multi-choice) By default, which sessions will not be backed up by a USG6000 firewall In the
Dual-System hot backup mode?
A.IPSec tunnels and sequence numbers
B.Sessions to the firewall itself
第 1 页, 共 4 页
HCIP-Security-CISN V3.0 mock exam
8.(Multi-choice) Which of the following VPN protocols do not provide the encryption function?
A.ESP
B.AH
C.L2TP
D.GRE
9.(Ture or False) IPSec tunnels can use GRE over IPSec to transmit multicast packets.
10.(Single-choice) SA is uniquely identified by a triple, which of the following does not belong
to a triple?
A.Security parameter index
B.Security Protocol Number
C.Sequence Number
D.Destination IP address
12.(Single-choice) When an IPSec VPN uses a digital certificate for identity authentication, which
of the following options is not used to check whether a digital certificate is valid?
A.Certificate signature
B.CRL certificate SN
C.Public key of the certificate
D.Validity period of the certificate
13.(Multi-choice) About the services supported by SSL VPN, which of the following statements
are correct?
A.The web proxy service implements page access without clients. An HTTP session is established
between the remote user and virtual gateway of the firewall. Then the virtual gateway of the
firewall establishes an HTTPS session with the web server.
B.The file sharing service provides the shared resources of different system servers as web pages
for users to access.
C.Port forwarding forwards the UDP packets with the specified destination IP address and port
to ensure that the client can access the specified resources on the intranet.
D.The remote client of the network extension service automatically installs the vNIC to obtain
the virtual IP address. In this way, the remote client can use various services and access any
intranet resource.
14.(Single-choice) Which of the following is the wrong way to use different authentication
methods for SSL VPN virtual gateways?
A.Local authentication means that the user name and password of the SSL VPN user are saved
第 2 页, 共 4 页
HCIP-Security-CISN V3.0 mock exam
15.(Single-choice) Which following options for the SSL security protocol components and role
description is correct?
A.The SSL Recording Protocol is responsible for blocking, compressing, calculating the upper
layers of data and adding MACs.
B.The SSL Handshake Protocol is responsible for notifying the receivers that subsequent
messages will be protected and transmitted using the newly negotiated encryption algorithm
list and key.
C.SSL Password Change Protocol is responsible for allowing one party to report alarm
information to the other party. The message contains the severity and description of the alarm.
D.SSL Warning Protocol The client and server establish a session through the handshake
protocol.
16.(Ture or False)Parent and child policies cannot reference the same traffic profile.
17.(Multi-choice) Which of the following options can serve as the matching conditions of rules
in traffic policies?
A.Source security zone or inbound interface
B.Socket
C.URL category
D.DSCP priority
A.Bandwidth multiplexing
B.Dynamic equal distribution
C.Traffic profiles in shared mode
D.Traffic profiles in exclusive mode
Answers:1.C 2.ACD 3.C 4.AB 5.T 6.BD 7.BD 8.BCD 9.T 10.C 11.F 12.C 13.BD 14.C 15.A
16.T 17.ACD 18.B 19. ABCD 20.AB
第 4 页, 共 4 页