An administrator can view the status of the device components by the following command: The status of the Slot3 board is Abnormal. What are the possible causes of the following faults?
Man-in-the-middle attacks are: the middleman completes the data exchange between the server and the client. In the server's view, all messages are sent or sent to the client. From the client's point of view, all messages are also sent or sent.
Is the correct statement about TCP proxy and TCP reverse source probing?
When attacked, the screenshot of the message captured by a victim host is as follows. According to the analysis, what is the attack?
Both AH and ESP protocols of IPSec support NAT traversal
Configure the remote packet capture function on the USG to download the device to the device. You can use the FTP server to analyze the packet.
Which is incorrect about IPSec NAT Traversal?
The console port password can be restored to the factory settings by pressing and holding the USG device Reset button for 1-3 seconds.
In the IDC room, a USG firewall can be used to divide into several virtual firewalls, and then the root firewall administrator generates a virtual firewall administrator to manage each virtual firewall.
Defense against the cache server The main method of DNS request flood is to use the DNS source authentication technology:
Avoid DHCP server spoofing attacks. DHCP snooping is usually enabled. What is the correct statement?
In the application scenario of IPSec traversal by NAT, the active initiator of the firewall must configure NAT traversal, and the firewall at the other end can be configured without NAT traversal.
The attacker sends a large number of invite messages to the SIP server, causing the SIP server to refuse service. Which layer of the OSI model is this attack based on?
Static fingerprint filtering function, different processing methods for different messages, the following statement is correct?
The dual-system hot standby networking environment is as shown in the following figure: VRRP group 1 and 2 are added to the VGMP management group, USG_A is the master device, and USG_B is the standby device. When the USG_A has a fault Status, such as power failure, the USG_B status is switched from Slave to Master. After the USG_A is faulty, its status is switched back to Master and the USG_B status is still Master. What is the reason for this now?
On the following virtual firewall network, the USG unified security gateway provides leased services to the enterprise. The VPN instance vfw1 is leased to enterprise A. The networking diagram is as follows. The PC C of the enterprise A external network user needs to access the intranet DMZ area server B through NAT. To achieve this requirement, what are the following key configurations?
In the TCP/IP protocol, the TCP protocol provides a reliable connection service, which is implemented using a 3-way handshake. First handshake: When establishing a connection, the client sends a SYN packet (SYN=J) to the server and enters the SYN_SENT state, waiting for the server to confirm; the second handshake: the server receives the SYN packet and must send an ACK packet (ACK=1) To confirm the SYN packet of the client, and also send a SYN packet (SYN=K), that is, the SYN-ACK packet, the server enters the SYN_RCVD state; the third handshake: the client receives the SYN-ACK packet of the server. Send the acknowledgement packet ACK (SYN=2 ACK=3) to the server. After the packet is sent, the client and server enter the ESTABUSHED state and complete the handshake. Regarding the three parameters in the 3-way handshake process, which one is correct?
Which of the following objects can the current limiting policy limit?
The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.
The topology of the BFD-bound static route is as follows: The administrator has configured the following on firewall A: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A- Bfd session-aa] discriminator local 10 [USG9000_A-bfd session-aa] discriminator remote 20 Which of the following configurations can be added to the firewall to implement BFD-bound static routes?
What actions will be performed when the firewall hot standby sends the active/standby switchover?
Which of the following is correct about the configuration of the firewall interface bound to the VPN instance?
In the client-initial mode, the L2TP dialup fails. From the debug information below, it can be seen that the most likely cause is the dialup failure.
In the abnormal traffic cleaning solution of Huawei, in the scenario of bypass deployment, dynamic routing and drainage does not require manual intervention. If an abnormality is detected, the management center generates an automatic drainage task. The traffic is sent to the cleaning device.
As shown in the figure, the firewall is dual-system hot standby. In this networking environment, all service interfaces of the firewall work in routing mode, and OSPF is configured on the upper and lower routers. Assume that the convergence time of OSPF is 30s after the fault is rectified. What is the best configuration for HRP preemption management?
Load balancing implements the function of distributing user traffic accessing the same IP address to different servers. What are the main technologies used?
Accessing the headquarters server through the IPSec VPN from the branch computer. The IPSec tunnel can be established normally, but the service is unreachable. What are the possible reasons?
Regarding VRRP messages, what are the following statements correct?
On the USG, you need to delete sslconfig.cfg in the hda1:/ directory. Which of the following commands can complete the operation?
The preemption function of the VGMP management group is enabled by default, and the delay time is 60s.
In the application scenario of the virtual firewall technology, the more common service is to provide rental services to the outside. If the virtual firewall VFW1 is leased to enterprise A and the virtual firewall VFW2 is leased to enterprise B, what is the following statement incorrect?
Networking as shown in the figure: PC1--USG--Router--PC2. If PC1 sends a packet to PC2, what are the three modes for the USG to process fragmented packets?