HCSCA Exam Papers PDF

Summary

These documents are past exam papers covering various topics within computer networks and information security. The papers are in an exam format with multiple choice questions. The documents cover concepts and threats related to practical security considerations.

Full Transcript

Page(page) ------------------>Q Q

HCSCA101 Basic Concepts of Information Security

10(page) ------------------>Q 24

24. What is the nature of information security in "Implementation of security monitoring
and management of information and information systems to prevent the illegal use of
information and information systems"?

A. Confidentiality

B. Controllability

C. Non-repudiation

D. Integrity

HCSCA102 Information Security Standards and Specifications
39(page) ------------------>Q 42

42. Which of the following options is the correct sequence of the four phases of the
Information Security Management System (ISMS)?

A. Plan->Check->Do->Action

B. Check->Plan->Do->Action

C. Plan->Do->Check->Action

D. Plan->Check->Action->Do

43(page) ------------------>Q 62

62. Terminal detection is an important part of the future development of information
security. Which of the following methods belong to the category of terminal detection?
(Multiple Choice)

A. Install host antivirus software

B. Monitor and remember the external device

C. Prevent users from accessing public network search engines

D. Monitor the host registry modification record
 54(page) ------------------>Q 30

30. Which of the following protection levels are included in the TCSEC standard? (Multiple
Choice)

A. Verify protection level

B. Forced protection level

C. Independent protection level

D. Passive protection level

55(page) ------------------>Q 61

61 The European TCSEC Code is divided into two modules, Function and Evaluation, which
aremainly used in the military, government and commercial fields

A. True

B. False

HCSCA103 Basic Network Concepts
75(page) ------------------>Q 26

26. Which of the following options is not the part of the quintet?

Source IP

Source MAC

Destination IP

Destination Port
103,104(page) ------------------>Q 103

103. Which description about disconnect the TCP connection 4 times-handshake is wrong?

A. initiative to shut down the sender first FIN active closed, while the other received this

FIN perform passive shut down

B. when passive close receipt the first FIN. it will send back an ACK, and randomly

generated to confirm the serial number

C. passive closing party end need to send a file to the application, the application will close

it connection and lead to send a FIN

D. in passive close the sender after the FIN. initiative to close must send back a

confirmation, and will confirm the serial number is set to receive serial number 1

Old 80(page) ------------------>Q 93

93. Which of the following is true about the description of the TCP/IP protocol stack packet

encapsulation? (Multiple choice)

A. The data packet is first transmitted to the data link layer. After parsing, the data link

layer information is stripped, and the network layer information is known according

to the parsing information, such as IP.

B. After the transport layer (TCP) receives the data packet, the transport layer information
is stripped after parsing, and the upper layer processing protocol, such as UDP, is known
according to the parsing information

C. After receiving the data packet, the network layer is stripped after parsing, and the upper

layer processing protocol is known according to the parsing information, such as HTTP

D. After the application layer receives the data packet, the application layer

information is stripped after parsing, and the user data displayed at the end is

exactly the same as the data sent by the sender host.
 Old 98(page) ------------------>Q 167

167. Which of the following 3re the versions of the SNMP protocol? (Multiple choice)

A. SNMPvl

B. SNMPv2b

C. SNMPv2c

D. SNMPv3

HCSCA104 Common Network Devices
135(page) ------------------>Q 51

51. Which of the following are correct about configuring the firewall security zone?
(Multiple Choice)

A. The firewall has four security zones by default, and the four security zonepriorities do

not support modification.

B. Firewall can have 12 security zones at most.

C. The firewall can create two security zones of the same priority

D. When data flows between different security zones, the device security check is

triggered and the corresponding security policy is implemented

HCSCA105 Common Information Security Threats
180(page) ------------------>Q 8

8. Which of the following types of attacks does the DDoS attack belong to?

A. Snooping scanning attack

B. Malformed packet attack

C. Special message attack

D. Traffic attack

186,187(page) ------------------>Q 95

95. Which of the following are malicious programs? (Multiple choice)

A. Trojan horse
 B. Vulnerabilities

C. worm

D. Virus

HCSCA107 Operating System Overview
246(page) ------------------>Q 38

38. Which of the following is not part of the LINUX operating system?

A. CentOS

B. RedHat

C. Ubuntu

D. MAC OS

HCSCA108 Common Server Types and Threats

260(page) ------------------>Q 45

45. Classify servers based on the shape, what types of the following can be divided into?

(Multiple choice)

A. Blade server

B. Tower server

C. Rack server

D. X86 server

282(page) ------------------>Q 112

112. The vulnerability that has not been discovered is the 0 day vulnerability

A. True

B. False

284,285(page) ------------------>Q 28

28. Regarding the description of the vulnerability scanning, which of the following iswrong?

A. Vulnerability scanning is a technology based on network remote monitoring oftarget
 network or host security performance vulnerability, which can be used for simulated

attack experiments and security audits.

B. Vulnerability scanning is used to detect whether there is a vulnerability in the target host

system. Generally, the target host is scanned for specific vulnerabilities.

C. Vulnerability scanning is a passive preventive measure that can effectively avoid

hacker attacks.

D. Vulnerability scanning can be done based on the results of ping scan results and portscan

HCSCA109 Host Firewalls and Antivirus Software
300(page) ------------------>Q 47

47. According to the protection object, the firewall is divided. Windows Firewall belongs to

A. Software firewall

B. Hardware firewall

C. Stand-alone firewall

D. Network firewall

301(page) ------------------>Q 10

10. Which of the following options can be used in the advanced settings of windows

firewall? (Multiple Choices)

A. Restore defaults

B. Change notification rules

C. Set connection security rules

D. Set out inbound rules

302(page) ------------------>Q 34

34. Regarding the description of Windows Firewall, which of the following options are
correct?(Multiple Choice)
A. Windows Firewall can only allow or prohibit preset programs or functions and programs

installed on the system, and cannot customize the release rules according to the protocol

or port number.

B. Windows Firewall not only allows or prohibits preset programs or functions and

programs installed on the system, but also can customize the release rules according to

the protocol or port number.

C. If you are unable to access the Internet during the process of setting up the Windows

Firewall, you can use the Restore Defaults feature to quickly restore the firewall to its

initial state.

D. Windows Firewall can also change notification rules when it is off.

316(page) ------------------>Q 63

63 Use ip tables to write a rule that does not allow the network segment of 172.16.0.0/16
to access the devise. Which of the following rules is correct?

A. Iptables -t filter -A INPUT -s 172.16.0.0/16 -p all -j DROP

B. Iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j DROP

C. Iptables -t filter -P INPUT -s 172.1G.0.0/1G -p all -j ACCEPT

D. iptables -t filter -P INPUT -d 172.16.0.0/16 -p all -j ACCEPT

317(page) ------------------>Q 60

60. Which of the following are the basic functions of anti-virus software? (Multiple Choice)

A. Defend virus

B. Find virus

C. Clear virus

D. Copy virus

323(page) ------------------>Q 78

78. The repair of anti-virus software only needs to be able to repair some system files that
were accidentally deleted when killing the virus to prevent the system from crashing
 A. True

B. False

HCSCA110 Introduction to Firewalls
352(page) ------------------>Q 59

59. The administrator wants to know the current session table. Which of the following

commands is correct?

A. Clear firewall session table

B. Reset firewall session table

C. Display firewall session table

D. Display session table

365 (page) ------------------>Q 25

25. When configuring security policy, a security policy can reference an address set or
configure multiple destination IP addresses.

A. True

B. False

374(page) ------------------>Q 114

114. ASPF (Application Specific Packet Filter) is a kind of packet filtering based on the

application layer, it checks the application layer protocol information and monitor the
connection state of the application layer protocol. ASPF by Server Map table achieves a
special security mechanism. Which statement about ASPF and Server map table are
correct? (Multiple choice)

A. ASPF monitors the packets in the process of communication
B. ASPF dynamically create and delete filtering rules
C. ASPF through server map table realize dynamic to allow multi-channel protocol data
to pass
D. Quintuple server-map entries achieve a similar functionality with session table

379(page) ------------------>Q 65

65. In the USG series firewall, you can use the function to provide well-known

application services for non-known ports.
 A. Port mapping

B. MAC and IP address binding

C. Packet filtering

D. Long connection

382(page) ------------------>Q 23

23. Some applications, such as Oracle database application, there is no data transfer for a
long time, so that firewall session connection is interrupted, thus resulting in service
interruption, which of the following technology can solve this problem?

A. Configure a long business connection

B. Configure default session aging time

C. Optimization of packet filtering rules

D. Turn fragment cache

HCSCA111 Network Address Translation
?(page) ------------------>Q 68

68. The configuration commands for the NAT address pool are as follows: nat address-
group 1
section 0 202.202.168.10 202.202.168.20 mode no-pat Of which, the meaning of no-pat
parameters is:
A. Do not do address translation
B. Perform port multiplexing
C. Do not convert the source port
D. Do not convert the destination port

391(page) ------------------>Q 39
39. In some scenarios, it is necessary to convert the source IP address and the destination IP
address. Which of the following techniques is used in the scenario?
Two-way NAT
Source NAT
NAT-Server
NAT ALG
HCSCA112 Dual-System Hot Standby
?(page) ------------------>Q 86

86. About the description of firewall active-standby, which of the following is correct?
(Multiple Choice)

A. When a plurality of regions on the firewall needs to provide dual-machine backup

function, you need to configure multiple VRRP backup groups on the firewall.

B. It requires the state of all the VRRP backup groups in the same VGMP

management group on the same firewall should be consistent.

C. The firewall active-standby requires the information such as the session table. MAC

table, routing table and so on synchronous backup between primary devices and slave

devices.

D. VGMP is to ensure all VRRP backup groups' consistency of switching

424(page) ------------------>Q 81

81. Regarding the relationship and role of VRRP/VGMP/HRP, which ofthe following

statements are correct? (Multiple choice)

VRRP is responsible for sending free ARP to direct traffic to the new primary device during

active/standby switchover

VGMP is responsible for monitoring equipment failures and controlling fast switching of

equipment.

HRP is responsible for data backup during hot standby operation

VGMP group in the active state may include the VRRP group in the standby state.

433 (page) ------------------>Q 3,74,84

3. HRP (Huawei Redundancy Protocol) Protocol to back up the connection state of data
include: (Multiple Choice)

A. TCP/UDP sessions table
B. Server Map table

C. the dynamic blacklist

D. the routing table

74. Which of the following description about the VGMP protocol is wrong?

A. VGMP add multiple VRRP backup groups on the same firewall to a management group,

uniformly manage all the VRRP group by management group.

B. VGMP ensure that all VRRP backup groups state are the same through a unified control

of the switching of each VRRP backup group state

C. State of VGMP group is active, which will periodically send HELLO packets to the

opposite end. Stdandby end only monitors the HELLO packets, which will not respond

D. By default, when three HELLO packet cycle of Standby end does not receiveHELLO

packets which are sent from the opposite end, the opposite end will be considered a

failure, which will switch itself to the Active state

84. When Firewall does dual-system hot backup networking, in order to achieve the overall

status of the backup group switching, which of the following protocol technology need to
be used?

VRRP

VGMP

HRP

OSPF

438(page) ------------------>Q 44

44. Check the firewall HRP status information as follows:

HRP_S [USG_ B] display hrp state 16:90: 13 2010/11/29 The firewall's config state is : SLAVE
 Current state of virtual routers configured as slave GigabitEthernet0/0/0 vird 1 : slave

GigabitEthernet0/0/1 vied 2 : slave Which of the following description is correct?

A. The firewall VGMP group status is Master

B. The firewall G0/0/0 and 0/1 GO / interface of VRRP group status is Slave

C. The firewall of HRP heartbeats interface is G0/0/0 and G0/0/1

D. The firewall must be in a state of preemption

HCSCA113 Firewall User Management
?(page) ------------------>Q 15

15. Typical remote authentication modes are: (Multiple Choice)

A. RADIUS

B. Local

C. HWTACACS

D. LDP

468(page) ------------------>Q 56

56. Which of the following does not belong to the user authentication method in the

USG firewall?

Free certification

Password authentication

Single sign-on

Fingerprint authentication

80. In the current network it has deployed other authentication system, device registration
function by enabling a single point, reducing the user to re-enter the password. What are
correct about single sign-on statements? (Multiple choice)
A. Device can identify the user through the authentication of the identity authentication

system, user access, the device will not pis authentication pages,to avoid further

asked to enter a username / password

B. AD domain single sign-on is only one deployment model

C. Although not require to enter a user password, but the authentication server needsto

interact with the user password and devices used to ensure that certification through

discussion

D. AD domain single sign-on login can be minored data stream synchronized manner to

the firewall

507(page) ------------------>Q 113 *reask unknown*

113. Regarding the problem that the two-way binding user of the authentication-free
method cannot access the network resources, which of the following options are possible
reasons? (Multiple choice)

A. The authentication-free user and the authenticated user are in the same security zone

B. The authentication-free user does not use the PC with the specified IP/MAC

address.

C. The authentication action in the authentication policy is se- to "No credit / free

authentication"

D. Online users have reached a large value

481(page) ------------------>Q 40

40. Which of the following protocols can guarantee the confidentiality of data
transmission?

(Multiple Choice)

A. Telnet

B. SSH

C. FTP

D. HTTPS

478(page) ------------------>Q 129
 129 If the administrator uses the default authentication domain to authenticate a user, you
only need to enter a user name when the user logs, if administrators use the newly created
authentication domain to authenticate the user, the user will need to enter login
"username @Certified domain name"

A. True

B. False

486,487(page) ------------------>Q 19

19. Except built-in Portal authentication, firewall also supports custom Portal
authentication, when using a custom Portal authentication, no need to deploy a separate
external Portal sever.

A. True

B. False

489-491(page) ------------------>Q 22,27,80

HCSCA114 Overview of Intrusion Prevention
517(page) ------------------>Q 67

67. To implement the " anti-virus function " in the security policy, you must perform a
License activation

A. True

B. False

528(page) ------------------>Q 49

49. IPS (Intrusion Prevention System) is a defense system that can block in real time when

intrusion is discovered

True

False

Q 48,53

48. Which of the following are the ways in which a PKI entity applies for a local certificate
from CA? (Multiple Choice)

A. Online application

B. Local application

C. Network application

D. Offline application

53. Which of the following descriptions is wrong about the root CA certificate?

The issuer is CA

The certificate subject name is CA.

Public key information is the public key of the CA

Signature is generated by CA public key encryption
HCSCA115 Encryption and Decryption Mechanisms
599(page) ------------------>Q 98

98. When the IPSec VPN tunnel mode is deployed, the AH protocol is used for packet

encapsulation. In the new IP packet header field, which of the following parameters does
not require data integrity check?

A. Source IP address

B. Destination IP address

C. TTL

D. Identification

600(page) ------------------>Q 7

7. Regarding the AH and ESP security protocols, which of the following options is

correct? (Multiple Choice)

A. AH can provide encryption and verification functions

B. ESP can provide encryption and verification functions

C. The agreement number of AH is 51.

D. The agreement number of ESP is 51.

602(page) ------------------>Q 17 *‫*مش مباشر‬

17. In the Client-Initiated VPN configuration, generally it is recommended to plan the
address pool and the headquarters or need to of the network address for the different
network or need to open proxy forwarding on the gateway device

A. True

B. False

603(page) ------------------>Q 105

105. Which of the following statements about Client-Initiated VPN is correct? (Multiple
choice)

A. A tunnel is established between each access user and the LNS.

B. Only one L2TP session and PPP connection are carried in each tunnel.

C. Each tunnel carries multiple L2TP sessions and PPP connections.

D. Each tunnel carries multiple L2TP sessions and one PPP connection.
606(page) ------------------>Q 73,77,99

73. Which of the following is the GRE protocol number?

A. 46

B. 47

C. 89

D. 50

77. Based on the GRE encapsulation and de-encapsulation, which description is error?

A. Encapsulation Process: The original data packets transmit the data packetsthrough

looking up routing to the Tunnel interface to trigger GRE encapsulation.

B. Encapsulation Process: After GRE module packaging, the data packet will enter the IP

module for further processing

C. De-encapsulation Process: After the destination receives GRE packets, transmitting the

data packets through looking up the routing to the Tunnel interfaces to trigger GRE

encapsulation.

D. De-encapsulation Process: After GRE module de-encapsulation, the data packetswill

enter the IP module for further processing.

99. When configuring a GRE tunnel interface, the destination address generally refers to
which of the following parameters?

Local tunnel interface IP address

Local end network export IP address

Peer external network export IP address

IP address of the peer tunnel interface

607(page) ------------------>Q 9

9. Regarding SSL VPN technology, which of the following options is wrong?

A. SSL VPN technology can be perfectly applied to NAT traversal scenarios

B. SSL VPN technology encryption only takes effect on the application layer

C. SSL VPN requires a dial-up client

D. SSL VPN technology extends the network scope of the enterprise
 614(page) ------------------>Q 76

76. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitteddata

True

False

27. Which of the following statement about the L2TP VPN of Client-initialized is wrong?

A. After the remote user access to internet, can initiate L2TP tunneling request to the
remote LNS directly through the client software

B. LNS device receives user L2TPconnection request, can verify based on user name and

password.

C. LNS assign a private IP address for remote users

D. remote users do not need to install VPN client software

22. Which of the following is true about the description of SSL VPN?

A. Can be used without a client

B. May encrypt to IP layer

C. There is a NAT traversal problem

D. No authentication required

HCSCA119 Data Monitoring and Analysis
685(page) ------------------>Q 66

66. Which of the following is not included in the design principles of the questionnaire?

A. Integrity

B. Openness

C. Specificity

D. Consistency
 693(page) ------------------>Q 1

1. Which of the following is the correct description of windows log event type? (Multiple
Choice)

A. A warning event is a successful operation event of an application, driver, or service.

B. Error events usually refer to the loss of function and data. For example, if a service

cannot be loaded as a system boot, an error event will be generated.

C. When the disk space is insufficient, it will be recorded as an "information event"

D. Failure audit event refers to a failed audit security login attempt, such as a failure when
the user views accesses the network drive is logged as a failed audit event.

693(page) ------------------>Q 72

72. Which of the following descriptions is correct about port mirroring? (Multiple Choice)

A. The mirrored port copies the packet to the observing port.

B. The observing port sends the "eceived packet to the monitoring device.

C. The mirrored port sends the received packet to the monitoring device.

D. The observing port copies the packet to the mirrored port.

HCSCA120 Digital Forensics
636(page) ------------------>Q 35

35. Which of the following is the correct description of the investigation andevidence

collection?

A. Evidence is not necessarily required during the investigation

B. Evidence obtained by eavesdropping is also valid

C. In the process of all investigation and evidence collection, there are law enforcement

agencies involved.

D. Document evidence is required in computer crime

754(page) ------------------>Q124
 124. Electronic evidence preservation is directly related to the legal effect of evidence, in
line with the preservation of legal procedures, and its authenticity and reliability are
guaranteed. Which of the following is not an evidence preservation technology?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message tag tracking technology

HCSCA121 Cyber Security Emergency Response
784(page) ------------------>Q 149
149. For the occurrence of network security incidents, the remote emergency response is
generally adopted first. If the problem cannot be solved for the customer through remote
access, after the customer confirms, it is transferred to the local emergency response
process.
A. True
B. False

793(page) ------------------>Q 71
71. Which of the following is an action to be t3ken during the summary phase of thecyber
security emergency response? (Multiple Choice)
A. Establish a defense system and specify control measures
B. Evaluate the implementation of the contingency plan and propose a follow-up
improvement plan
C. Determine the effectiveness nf the isnhtinn measures
D. Evaluation of members of the emergency response organization

Pddr model(page) ------------------>Q 37
37. Which of the following is not part of the method used in the Detection section of the
Pddr model?
A. Real-time monitoring
B. Testing
C. Alarm
D. Shut down the service