Vendor
: H3C
Exam Code : GB0-363
Version: Free Demo
IT Certification Guaranteed, The Easy Way!
Cheat-Test.us - The Worldwide Renowned IT Certification Material Provider! The safer, easier way to help you pass any IT Certification exams.
We provide high quality IT Certification exams practice questions and answers (Q&A). Especially Cisco, Microsoft, HP, IBM, Oracle, CompTIA, Adobe, Apple, Citrix, EMC, Isaca, Avaya, SAP and so on. And help you pass an IT Certification exams at the first try.
Cheat-Test product Features: •
Verified Answers Researched by Industry Experts
•
Questions updated on regular basis
•
Like actual certification exams our product is in multiple-choice questions (MCQs).
•
Our questions and answers are backed by our GUARANTEE.
7x24 online customer service: support@cheat-test.us
Click Here to get more Free Cheat-Test Certification exams!
http://www.Cheat-Test.us
1. Which of the following descriptions of the packet snooping are true? A. For the time delay and location span existing in the data transmission, especially the Internet data transmission, it is almost impossible to prevent the data from being snooped. B. In the shared Ethernet environment, all users can obtain the packets transmitted by other users. C. If several parts of the network are based on the public network platform such as WAN, the network will be confronted with the severe threat of packet snooping. D. The main technical means of handling the packet snooping is the authentication technology Answer: ABC 2. Which of the following descriptions of the common security technology in dial-up line are true? A. The dialup line usually adopts PPP protocol which needs the user name/password authentication. And if the user name/password is stolen, attackers can disguise to be this user for login. B. In the case of password stealing, the CallBack technology can be adopted and then the communication to the set opposite end is enabled. C. When designing, you should consider which authentication measures should be adopted by users. Some authentication measures such as PAP authentication is not reliable. D. All the above items are false Answer: ABC
3. Which of the following descriptions of the denial-of-service attack is true? A. For the case that the attacker sends a great quantity of useless packet which may occupy the bandwidth and impact the normal operation, the access control technology can be adopted to handle this. B. For SYN Flooding(Great quantities of TCP connection request packets are sent out), the authentication to the request party should be performed C. If a network provides the service to the outside which can be accessed via Internet, the encryption/authentication ways must be adopted to defend the denial-of-service attack. D. All the above items are false Answer: A 4. Which of the following descriptions of the IP address spoofing are true? A. IP address spoofing means that the attacker sends the specific packet to interfere with the normal data transmission or counterfeits some acceptable route packet to steal the message by disguising to be users of the interior network or the authorized users of the exterior network by changing its IP address. B. If the attacker disguises to be the user of the interior network, the application layer technology should be adopted since the network layer cannot defend the interior attack. C. Even if the attacker disguises to be the exterior authorized user, the response message packet responded by the router can only be sent to the exterior authorized users, and the attacker receives nothing, so this kind of attack is of no harm. D. In the case that the attacker disguises to be the exterior authorized user, the application layer authentication technology can be adopted for defense Answer: AD 5. For the attack caused by the operation system leak, the attackers must be quite knowledgeable of the specific operation system. And in addition, the operation system manufacturer has promoted the relevant patch program timely. So this attack type is few in actual application, and when we construct a network, this attack type needs not to be considered. A. True
B. False Answer: B 6. Which of the following technologies can prevent the network application layer from being invaded? A. Network separation B. Traffic detection C. Encryption technology D. Application program selection Answer: ACD 7. Which of the following descriptions of the VPN construction in the public network is true? A. The transmitted data must be encrypted for the low security of the public network. B. Based on the security consideration, all the transmitted data should be encrypted by the most powerful encryption algorithm. C. The cross-public-network authentication technology is very crucial to the network security, so the authentication algorithm as powerful as possible should be adopted for all users. D. The latest key management technology should be adopted Answer: A 8. Which of the following descriptions of the security of the network core layer are true? A. In the case that no service is provided outside, it is not possible for the core layer to be attacked by the exterior users and the main threat is from the interior network. B. For the interior network isolation, except the direct physical isolation or VLAN segmentation, the access control function of the application program can also be adopted. And the adoption of the layer 3 Access list is of more efficiency. C. In the case that the exterior users are permitted to visit the interior network, the security must be focused. Except the measures of firewall, encryption and authentication, it is recommended to set up DMZ whose function is to separate the part of the interior network that may be accessed by the exterior users from the other parts. D. In the case that the interior users visit the exterior network, the security problem mainly refers to the illegal website access and working time waste. Answer: AC 9. Which of the following descriptions of the advantages of the CallBack technology are true? A. It can save the charge (when the charge rates in the two directions are different) B. It can change the bill charger C. It can combine the charge bill D. Most importantly, the main function of the CallBack technology is to communicate only with the predefined users Answer: ABCD 10. Which of the following descriptions of AAA (Authentication, Authorization and Accounting) are true? A. Authentication: Users (including Login users and PPP access users) must be authenticated before being permitted to access the network resource. When authenticating, the user database maintained by the router or by the RADIUS server can be selected B. Authorization: Describe the authority information of user rights by defining a series of attributes and this information is stored in the database maintained by the RADIUS server. C. Accounting: Its function is to trace and audit users’ access to the network resource
D. All the above descriptions are false Answer: ABC 11. As one of the most important network security technologies, the packet filtering is applied in the following attributes of the IP packet: A. The source, destination address and protocol field of the IP packet B. The source port and destination port of TCP or UDP C. Length of the IP packet D. ICMP code or ICMP type field Answer: ABD 12. Which of the following items describe the functions of NAT (Network address translation) ? A. It can map the source address+port of the packet sent out by the interior users to be the address+port of an interface. B. Combining with dial-control-center, it enables users in the LAN to be online easily through a router. C. It may provide the services of WEB, FTP, SMTP and TELNET to the outside. The server put in the interior network not only guarantees the security but also facilitate the server maintenance. D. It may hide the physical address of the interior network and enable the exterior network to get only its logical address. Answer: ABC 13. Which of the following descriptions of IPSEC/IKE are true? A. IPSec prevents the data packet from being trapped and being replaced in the network. It also means that the data packet is marked with number and the destination may deny the old or the repetitive data packet. B. IPsec has two working modes of tunnel and transport. Under the tunnel mode, the whole IP data packet of the user is encrypted, while under the transport mode only the data transport layer such as TCP, UDP and ICMP are encrypted. C. IPsec has two working modes of tunnel and transport. Under the transport mode, the whole IP data packet of the user is encrypted, while under the tunnel mode only the data in the transport layer such as TCP, UDP and ICMP are encrypted. D. IKE, as the Internet key exchange served for IPSEC, guarantees the key reliability through replacing the key periodically. Answer: AB 14. For the networking of the separation of telephone, data and video, which of the following items describes its disadvantages? A. It needs a big cost B. It is inconvenient for management and maintenance. C. It is inconvenient for the network capacity expansion and the structure change. D. All the above items are false Answer: ABC 15. Taking the IP as the transport protocol and adopting the current network technology, the threein-one (data,voice and video) network integrates the voice and video in the IP network. If the new service (like the voice mail box) needs to be added, you only need to add some new servers. A. True B. False Answer: A
16. QoS provides different quality services to meet different requirements. Which of the following items are the functions provided by QoS? A. Provide the special bandwidth to users B. Reduce the loss rate of the packet C. Prevent and manage the network congestion D. Set the priority of the packet Answer: ABCD 17. Which of the following descriptions of the INT-SERV service model are true? A. The signaling RSVP sends the Qos request to the router application program. B. It can guarantee the bandwidth and delay limit to satisfy the requirement of the application program. C. It can provide the controlled-load service: It provides the Controlled-Load service to guarantee the quasi-non-overload service provided to the packet even in the case of network overload. That is, the low delay and high passing rate of the application program packet is guaranteed in the case of the network congestion. D. Under this model, the network allocates a status for every traffic and the classification, traffic policing, queue and dispatching of the packet are performed on the basis of this state to fulfill the commitment to the application program. Answer: ABC 18. Which of the following descriptions of DIF-SERV service model are true? A. It needs not the signaling for notifying the router before the application program sends out the packet. And to the Differentiated service, the network need not allocate the state for every flow. B. It may designate the QoS of the packet in different ways, for example, designating the precedence, the source address and destination address of the packet. C. It is generally used to provide end-to-end Qos for some important application. D. It is realized by the CAR or queue technology. Answer: ABCD 19. When configuring DIFF-SERV, the border router differentiates the packets by the source address and the destination address of the packet and then sets the IP precedences to different packets. The other routers differentiate the packet only by the IP precedence. A. True B. False Answer: A 20. When providing IP QoS, DIFF-SERV and INT-SERV can be adopted in a combined way. INTSERV can be adopted in IP backbone network, while DIFF or INT-SERV can be adopted in IP border network. A. True B. False Answer: B 21. Which of the parameters shall be confirmed by SLS in SLA aiming to QOS? A. Detailed performance parameters such as the expected bandwidth, discarding rate and time delay. B. The topology logical scope of the provided service C. The traffic configuration file of the needed service D. The measures to handle the information flow beyond the restriction of the flow configuration file
Answer: ABCD 22. Which of the following descriptions of CQ queue strategy are true? A. CQ can allocate different bandwidth to different service data. B. CQ allocates the bandwidth to different service packets in proportion. The bandwidth of the existing packet can be expanded automatically if some types of packets do not exist. C. The defect of CQ is that it needs to be configured and the processing speed is slow. D. All the above descriptions are false. Answer: ABC 23. Which of the following items are the features of WFQ? A. WFQ can reduce the delay jitter. B. WFQ can reduce the delay of the interactive application with small packets C. When the traffic amount is reduced, the bandwidth of the existing traffic can be expanded automatically. D. Although WFQ is of a strong function, its processing speed is slower than FIFO, PQ and CQ. Answer: ABC 24. Which of the following descriptions of CAR are true? A. It is used to restrict the flow of a certain packet, for example, it restricts the bandwidth proportion occupied by the FTP packet to be less than 50%. B. As a bandwidth management mechanism, it adopts the token bucket technology to allocate and measure the bandwidth, C. CAR can be used either in egress or ingress of the network and the service flow can be differentiated according to the packet classification resulA. D. Not colliding with the queue technology, the CAR technology can only be adopted in the network edge access layer to ensure that the core is not affected by the excessive high priority service. Answer: ABCD 25. Which of the following descriptions of the network QoS design is true? A. Although the queue technologies can solve the QoS problem of the network, the full provision of the network resource is the best solution. B. The QoS guarantees the service differentiation. For example, IP telephone is the real-time service, and E-mail is non-real-time service, and both of the two are reliable. C. This QoS design guarantees that the enterprise intranet network works most efficiently: the realtime service may have smaller time delay and the critical service may get better support in the adverse network condition. D. All the above descriptions are false Answer: C 26. As QoS can be described by a series of measurable parameters, which of the following parameters can be used to describe QoS? A. Service availability B. Delay, variable delay C. Throughout D. Packet loss rate Answer: ABCD 27. Among the three service models of BestEffort, Intserv and Diffserv, only Intserv and Diffserv can provide QoS guarantee for multiple services. In actual network construction, it is recommended that
Intserv is used in the border network and Diffserv is used in the core layer. A. True B. False Answer: B 28. Which of the following items are included in the Network design? A. WAN design B. LAN design C. Routing design D. Subnet planning Answer: ABCD 29. Which is the bandwidth of one channel of voice data flow pressed by the G.729 in the IP-bore network? A. 2Kbps B. 12kbps C. 48Kbps D. 728Kbps Answer: B 30. Which is the bandwidth of one channel of H.323 video data flow in the IP-bore network? A. 2Kbps B. 12kbps C. 48Kbps D. 768Kbps Answer: D