Warning

Block

Declare

Operate by weight

DF, bit is down, and MF bit is also 1 or Fragment Offset is not 0,

155955cc-666171a2-20fac832-0c042c047

DF bit is 023, MF bit is 1 or Fragment Offset is not 0,

DF bit is 0, and Fragment Offset + Length> 65535.

The DF bit is 1, and Fragment Ofset + Length <65535.

Local upgrade

Manual upgrade

Online upgrade

Automatic upgrade

True

155955cc-666171a2-20fac832-0c042c0421

False

400.

404

200

503

You can directly turn on the AV, IRS protection functions, and URL filtering functions in the global environment to achieve the requirements

To the untrust direction, only enable AV and IPS protection functions for the server zone to protect the server

In the direction of untrust to the intranet, only the AV and IPS protection functions are turned on for the server area to protect the server

Go to the untrust direction to open the URL filtering function for the entire campus network, and filter some classified websites

Patching the system can completely solve the virus intrusion problem

Computer viruses are latent, they may be latent for a long time, and only when they encounter certain conditions will they begin to carry out sabotage activities

Computer viruses are contagious. They can spread through floppy disks and CDs, but they will not spread through the Internet.

All computer viruses must be parasitic in files and cannot exist independently

Vulnerability intelligence

Defense in Depth

Offensive and defensive situation

Fight back against hackers

155955cc-666171a2-20fac832-0c042c045

True

False

Using POP3, the client software will download all unread mails to the computer, and the mail server will delete the mails.

Use JIMAP; the client software will download all unread mails to the computer, and the mail server will delete the mails.

With IMAP, users can directly operate on the mail on the server, without downloading all the mails locally to perform various operations.

Using POP3, users can directly operate on the mail on the server without sending all mails to the local to perform various operations.

1->2->3

1->2->4,

1->3->2

1->4->3

File filtering can reduce the risk of malicious code execution and virus infection in the internal network by blocking the transmission of fixed types of files, and it can also prevent

Prevent employees from leaking company confidential documents to the Internet.

Content filtering can prevent the disclosure of confidential information and the transmission of illegal information

The application behavior control function can finely control common HTTP behaviors and FTP behaviors.

Mail filtering refers to the management and control of mail sending and receiving, including preventing the flooding of spam and anonymous emails, and controlling the sending and receiving of illegal emails.

abcde

abcdde

abclde

abc+de

In the learning process, you should start from collecting samples, analyze their characteristics and then perform machine learning.

Machine learning only counts a large number of samples, which is convenient for security administrators to view.

In the detection process, the characteristics of unknown samples need to be extracted and calculated to provide samples for subsequent static comparisons.

Security source data can come from many places, including data streams, messages, threat events, logs, etc.

True

False

The drainage task needs to be configured on the management center, and when an attack is discovered, it will be issued to the cleaning center.

It is necessary to configure the protection object on the management center to guide the abnormal access flow in etpa

Port mirroring needs to be configured on the management center to monitor abnormal traffic.

155955cc-666171a2-20fac832-0c042c0411

The reinjection strategy needs to be configured on the management center to guide the flow after cleaning. Q:

True

False

True

False

IDS can be linked with firewalls and switches to become a powerful "assistant" of firewalls, which can better and more accurately control access between domains.

It is impossible to correctly analyze the malicious code doped in the allowed application data stream.

Unable to detect malicious operations or misoperations from internal killings.

Cannot do in-depth inspection

Scanning attacks include address scanning and port scanning.

It is usually the network detection behavior before the attacker launches the real attack.

155955cc-666171a2-20fac832-0c042c0424

The source address of the scanning attack is real, so it can be defended by adding direct assistance to the blacklist.

When a worm virus breaks out, it is usually accompanied by an address scanning attack, so scanning attacks are offensive.

Planting malware

Vulnerability attack"

We6 Application Click

Brute force

3->1->4->2->5

3->2->4->1->5

3->2->1->4->5

3->1->2->4->5

Ordinary attacks will usually be cleaned locally first.

If there is a large traffic attack on the network, send it to the cloud cleaning center to share the cleaning pressure.

Since the Cloud Cleaning Alliance will direct larger attack flows to the cloud for cleaning, it will cause network congestion.

The closer to the attacked self-labeled cloud cleaning service, the priority will be called.

155955cc-666171a2-20fac832-0c042c0430