H12-723 Huawei Certified ICT Professional - Constructing Terminal Security System Questions and Answers

DHCP

ARP

CAPWAP

802.11MAC

The business management plane focuses on administrators, authentication servers, and policy servers.

The network equipment plane focuses on user terminals and static resources.

The user plane focuses on authentication points and policy enforcement points.

The business free mobility logic architecture includes a management subsystem, an authentication and authorization subsystem, and a business strategy subsystem.

MAC Certification

Password authentication

Not certified:

SN Certification

right

wrong

192.168.1.0 definitely is Agile Controller-Campus Manager IP address

if 192.126.200.11 Is the server of the post-authentication domain, then IP Address is 192.18.0.1 If your terminal has not passed the authentication, it is possible to access the server.

192.168.100.1 definitely is Agile Controller-Campus Controller IP address.

If in 6 Within minutes of the conversation 192.168.0.19 154->/192.162.0.11: 15080 Not refreshed,IP Address is 192.168.0.119 If the device wants to IP Address is 192.168.200.11 For device communication, the session must be re-established.

PADIUS Used on the client and 802.1X Information such as user names and passwords are passed between switches.

PADIUS Used in 802.1X Switch and AAA Information such as user name and password are passed between servers.

PADIUS Used for Portal Server pushes to users Web page.

PADIUS Used for server to SACG Security policy issued by the device

right

wrong

Visitors can use their mobile phone number to quickly register an account

The administrator can assign different permissions to each visitor

Reception staff cannot create guest accounts

There is a violation of the guest account, and the administrator cannot retrospectively

The terminal host does not install the software in the whitelist, nor the software in the blacklist.

The terminal host installs all the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs part of the software in the whitelist, but does not install the software in the blacklist.

The terminal host installs all the software in the whitelist, and also installs some of the software in the blacklist.

WhoTo determine the ownership of the access device(Company standard,BYOD Wait)

WhoseTo determine the identity of the access person(member I, Visitors, etc.)

How Determine the access method(Wired, wireless, etc.)

WhatTo determine the access device(PC,iOS Wait)

Configure RADIUS authentication and accounting on the RADIUS server.

Configure the Agile Controller-Campus for local data source authentication, receive the packets sent by the device, and perform authentication.

Configure RADIUS authentication and accounting on the device side. W"

Configure RADIUS authentication and authorization on the Agile Controller-Campus.

Discard message

URL Address redirected to Portal Authentication page

Direct travel

Send authentication information to authentication server

When the account number is reserved, only the sword type number cannot be authenticated on the bound terminal device, and it can be authenticated normally on other terminal devices.

The account is locked on all terminal devices and cannot be recognized.

If you want to lock out the account, the administrator can only delete the account from the list.

After the lock time, the account will be automatically unlocked

TRUE

FALSE

Enable Guest VLAN so that users can obtain the installation package in Guest VLAN

Configure Free-rule and web push functions on the switch to push the installation package to users.

Copy the installation packages to each other via U disk.

Installed by the administrator for each user.

Through the entire authentication process, the terminal passes EAP The message exchanges information with the server.

Terminal and 802.1X Switch EAP Message interaction,802.1X Switch and server use Radius Message exchange information

802.1X Authentication does not require security policy checks.

use MD5 The algorithm checks the information.

S5720HI Series Switch:

AR Series router

USG6000 Series firewall

SVN5600 series

can be directly under the global open AV, PS protective function, URL filtering function, then it can be realized

Outbound direction only open AV, IPS protective function for server areas, protected server

inboud direction only open AV, IPS protective function for server areas, protected server

Outbound direction open URL filtering function for the entire campus network, and filtering of part classification website

URL audit function is used to record the user's HTTP Internet behavior as the basis for the audit.

The user can configure the web type to be audited, WEB types to distinguish with file extensions, including html, jsp, aspx, etc.

can audit user HTTP access in the specific content of the Post, as a user Internet censorship

internal users access to the specified type of WEB resource, the firewall will be logged and sent to log server.

ARP Message

DHCP Message P

DHCPv6 Message

ICMP Message

right

wrong

Visitor registration account can be configured to be exempt from approval

Guest login can only be configured as Web Way of webpage

Anonymous account authentication cannot be performed on the guest authentication page

Visitor account approval information can be notified to visitors via SMS

Centralized deployment

Distributed deployment

Hierarchical deployment

Two-machine deployment

AP Certification

Link authentication

User access authentication

data encryption

TRUE

FALSE

online upgrade

there are business flow being processed

local upgrade

install the factory default version

The automatic account lock and manual account lock functions cannot be activated at the same time.

For automatically locked accounts, if the number of incorrect passwords entered by the terminal user during authentication exceeds the limited number of times within a limited time, the account will be automatically locked.

For manually locked accounts, the administrator needs to manually add the account to the locked account list.

Manually lock the account and delete it from the list, the lock of the account will be released.