HCIP-Security H12-722 Release Date

Page: 2 / 6

Question 8

Abnormal detection is to establish the normal behavior characteristic profile of the system subject through the analysis of the audit data of the system: check if the audit data in the system

If there is a big discrepancy with the normal behavior characteristics of the established subject, it is considered an intrusion. Nasu must be used as the system subject? (multiple choice)

Options:

Host

A group of users

Single user

A key program and file in the system

Question 9

Which of the following is not an abnormal situation of the file type recognition result?

Options:

The file extension does not match.

Unrecognized file type

File corruption

The file is compressed

Question 10

Regarding the 3 abnormal situations of the file type recognition result, which of the following option descriptions is wrong?

Options:

File extension mismatch means that the file type is inconsistent with the file extension.

Unrecognized file type means that the file type cannot be recognized and there is no file extension.

File damage means that the file type cannot be identified because the file is damaged.

Unrecognized file type means that the file type cannot be recognized, and the file extension cannot be recognized.

Question 11

Analysis is the core function of intrusion detection. The analysis and processing process of intrusion detection can be divided into three phases; build an analyzer to perform analysis on actual field data.

Which of the analysis, feedback and refinement is the function included in the first two stages?