The same security exchange of visits between the host and the server of the region, don't need to use NAT to address translation error
The following description about firewall between the domain security policy, the right is
Between the domain security policy according to the order, arranged in limited match before
On the client side by DHCP application address, and the process of DHCP serve assign IP addresses, the following message was send unicast way?
DHCP offer
DHCP ack
About different types of firewall of the following statements is wrong?
Of detecting state firewall need to configure the message to go and back to the two directions of security policy
The following IP value of precedence, generation of critical business flow is?
5
LDP session is used to label mapping between LSR, news release etc about the description in the process of the establishment, the LDP session is correct?
By exchanging between two LSR hello message to trigger the LDP session establishment
Initlalization Message parameters used in the process of building LDP session consultation
KeepAlive Message is used to monitor the LDP session the integrity of the TCP connection
A router configuration vrid VRRP virtual machine is 3, virtual IP address is 100.1.1.10 virtual MAC address is?
00-00-5 e - 00-01-03
When the virtual machine to respond to an arp request, is the real MAC address of the router used wrong
About network address port translation (NAPT) with only a network address (NO - PAT), the right is
NO - PAT support network layer protocol address translation
What is the most concerned about the three properties of information security/
Confidentiality integrity availability
All of the interface, to achieve equipment open BFD and OSPF linkage command?
BFD - all interface enable
PE device configuration is as follows, the description of the configuration commands, right?
Access to the PE two VPN client, using the BGP protocol exchange routing with PE
In MPLS VPN network, the packets in public is forwarded, will be two layers of MPLS label on the packaging, the following options about two layers of label description error
The is?
MPLS VPN outer label become private label, the inner tag become public
The outer label for the PE equipment in VPN packets sent to the correct response will be
In MPLS networks, in view of the label will have different operations, including pop action means?
On top of the MPLS label stack to remove the tag
The following about the relationship of time delay and jitter, description is correct?
Jitter size directly connected with the size of the delay of the
Congestion avoidance mechanism of discarded strategy does not include the
FIFO WFQ
Under the Trust region view of USG series firewall, configure the add int after 0/0/1 g, is no longer belongs to the local area error
Those who belong to the multi-channel agreement below?
FTP h. 323
VRRP can with those mechanisms to monitor the connectedness of the uplink?
IP interface track BFD NQA - the link
MPLS is called multi-protocol label switching, on the MPLS label description, right?
Tag label stack according to last in, first out, starting from the stack processing tag
Label wrapped in the link layer and network layer between
The length of the fixed on the label is 4 bytes
The concept of MPLS forwarding equivalence class of FEC, the following description is wrong?
Grouping of the same FEC in MPLS networks have different processing
A forwarding equivalence class FEC will only have a unique label tag
Description about the testing of the firewall, right?
Ghana side type state firewall need only the first packet of the link access rules are matched, the link of the subsequent messages directly in the state table matching
What are the common queue skills?
FIFO PQ WFQ CBQ
Middlemen and base or IP/MAC Spooing attacks can cause harm, such as information leakage and more sleep in the Intranet, in order to prevent man-in-the-middle attack or
IP/MAC Spoofing attack, can adopt the configuration of the way?
On the switch configuration DHCP Snooping domain DAI or IPSG linkage
LDP neighbor found to have different implementation mechanism and regulation, the following description of LDP neighbor discovery is wrong?
The LDP discovery mechanisms need to be made clear the LDP peer
Attackers were sent through ICMP response request, and will request packet radio address, the destination address is set to suffer network to realize attack purposes,
This kind of behavior belongs to attack?
Smurf attack
Description of Transit node forwarding MPLS forwarding process is correct?
See NHLFE table, be able to get out of the interface, startled, labels and tags operation type
BFD mechanism using TCP connection is established, the aim port number is 3784 error
For the description of the firewall security area, the following is true?
Firewall different interface can belong to the same safety area
NAT technology can implement the data by data encryption security transmission error
, in the following options about agile description of terminal security management features of the controller, right?
A key repair maintenance costs lower terminal management
Allow only standard software installation, desktop office standardization
Control terminal leaked way, through the access control to ensure that the access terminal installed client and meet safety requirements
Prohibit non-standard software installation, reduce infection risk
Which of the following for the configuration SDN controller command listener address?
Openflow listening - IP 1.1.1.1
In MPLS VPN network, the packets in public is forwarded, will be two layers of MPLS label on the packaging, of the following options for packet processing
Description is correct?
Packets on the penultimate jump equipment ejected outer label forwarding to the side PE equipment after
The side PE equipment on the basis of the inner label to correct sends the packet to the response of VPN
Using NAT technology, can only to the network layer information in the data packet (IP address) conversion error
SDN architecture consists of two interfaces: north and south to error
The following options, those are Agle Controller function components?
Accompanying business arrangement of access control security help
In order to avoid the TCP global synchronization phenomenon, can use the congestion avoidance mechanisms have?
RED WRED
What advantage does NFV have?
Reduce the equipment cost
Reduce the cycle of the network operation business innovation
A single platform for different applications, the tenant to provide service
In USG series firewall security level is Untrue area? 5
For Ipv4 packet, we can simple flow classification according to the message of what information?
DSCP information IP Precedence
The following description of VRRP is wrong?
When using the VRRP protocol, configure the virtual router router is needed in the number and the virtual IP address, direct use master router real MAC,
So in this virtual network joined a virtual machine
About the LDP Session to establish a process description, right?
Hello message sent between two LSR, hello message transport address to carry and transport address the big party as the party actively, initiate a TCP connection
If the passive side can accept parameters, the sending itialzation message message, at the same time send keepalive messages to the active side
Find ways to support network elements in eSight, what kind of deal?
The SNMP protocol ICMP protocol
In Diff - Serve domain core routers usually only need simple flow classification right
Wrong in the process of building LDP session, active parties will send a message to negotiate parameters, if the parameters are not acceptable to passive, will send
The Error notification message
IFTF definition of multi-protocol label switching (MPLS) is a kind of layer 3 switching technology, provides links to the IP layer service, MPLS network by
What form?
Label switching router and label edge router
DHCP binding table can contain the following information?
MAC address IP address meet time
The following about the way to the establishment, BFD session description is wrong?
BFD session only by dynamically build
Proxy firewall to work in the transport layer of the TCP/IP protocol stack, its essence is the proxy agent business errors between internal network and external network user
MPLS is based on two different planes to realize data forwarding, forward on the mechanism of the description, right?
When the IF a message into the MPLS domain, the first view is the FIB table
System automatically to use the upper application assigned an ID of the Tunnel, also known as the Tunnel ID
Single package against refers to an attacker control bots, send a large number of attack packets to the target network, lead to attack the network link congestion, run out of system resources
Error
NAT address pool configuration commands are as follows, including the meaning of the parameters of NO - PAT is
No conversion source port
Can according to the information packet link layer complex flow classification?
The source MAC address destination MAC address
The advantages of PQ + WFQ have?
Can be obtained to ensure low latency business timely scheduling
Implement according to the weight allocation of bandwidth
USG series custom firewall security area level of security can set those values?
40 80
Huawei's default firewall provide safety area is: the local trust untrust
The vlan network in the form of network can be divided into multiple broadcast domain, reduced the radio traffic, and avoid the broadcast storm, enhance the information security
Error
What information for the label, can according to the message for simple flow classification?
MPLS exp information
Below about aspf and servermap, right is
Aspf inspection application layer protocol for the application layer protocol information and monitor the link status
Configure NAT server is generated by the static server map
Instruction: check the DHCP message dis DHCP relay staitstics
Dis DHCP server staitstics
It is recommended to use which of the following ways control enterprise internal employees and visitors access networks?
Set different ssid control for internal employees and visitors access
The DMZ in usg series firewall security level is 50
Which several common vxlan support the configuration of the way?
Through virtualization software configuration by SDN control configuration
The reason is that the DHCP will face many security threats?
nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull