Which of the following statements about intrusion detection/defense devices are correct? (Multiple Choice)

• A.NIP6000 can identify applications up to 6000+, implement fine-grained application protection, save export bandwidth, and ensure the business experience of key services.
• B.Can't effectively resist the spread of viruses from the Internet to the Intranet.
• C.Can quickly adapt changes in threats.
• D.Protect the intranet from external attacks and suppress malicious traffic, such as spyware, worms, etc., flooding and spreading to the intranet.

Comment: *

Name: *

Email: *

Verification: *

Which of the following description are correct about the principles of HTTP Flood and HTTPS flood attack defense? (Multiple Choice)

• A.The principle of HTTPS flood attack is to initiate a large number of HTTPS connections to the target server, resulting in exhaustion of server resources and failure to respond to normal requests.
• B.HTTPS flood defense can perform source authentication by limiting the packet request rate.
• C.The principle of HTTPS Flood attack is to use the URI that involves database operations or other URIs that consume system resources, causing server resources to become exhausted and unable to respond to normal requests.
• D.HTTPS flood defense mode includes basic mode, enhanced mode, and 302 redirects.

Comment: *

Name: *

Email: *

Verification: *

In the penetration stage of an APT attack, which of the following attack behaviors will the attacker generally have?

• A.Long-term latency and collection of key data.
• B.Through phishing emails, attachments with 0day vulnerabilities are carried, causing the user's terminal to become a springboard for attacks.
• C.The attacker sends a C&C attack or other remote commands to the infected host to spread the attack horizontally on the intranet.
• D.Leak the acquired key data information to a third party of interest

Comment: *

Name: *

Email: *

Verification: *

The IPS process has the following steps:
1. Reorganize application data
2. Match signature
3. Message processing
4. Protocol identification
Which of the following is the correct ordering for the processing?

• A.2-4-1-3
• B.4-1-2-3
• C.1-3-2-4
• D.1-4-2-3

Comment: *

Name: *

Email: *

Verification: *

When using the misuse check technology, if the normal user behavior is successfully matched with the intrusion feature knowledge base, it will be falsely reported.

• A.False
• B.True

Comment: *

Name: *

Email: *

Verification: *