1️ ⃣ Understanding HTTP Flood Attacks:

An HTTP flood attack is a type of DDoS attack where an attacker sends a large number of HTTP requests to a target server, overloading its resources.

Attackers often use botnets or spoofed IP addresses to send forged HTTP requests, making it difficult to differentiate between legitimate and malicious traffic.

2️ ⃣ What is Happening in the Figure?

The Anti-DDoS device detects an abnormally high number of HTTP requests from certain IPs.

It challenges suspicious clients by requiring them to complete an authentication step (such as entering a verification code).

Legitimate users can pass the authentication and get whitelisted, while bots and attackers fail to respond and are blocked.

3️ ⃣ Why is "Enhanced Mode" the Correct Answer?

Enhanced Mode is an advanced source IP detection technology that uses verification codes or JavaScript challenges to distinguish real users from bots.

Key features of Enhanced Mode:

Verification challenge (e.g., CAPTCHA, JavaScript check).

Whitelisting of verified users to prevent further verification delays.

Blocks attack sources that fail to respond to verification.

In the figure, the system prompts suspicious users to enter a verification code before allowing further access.

Attackers typically do not respond , while legitimate users complete the challenge and continue browsing normally .

HCIP-Security References:

Huawei HCIP-Security Guide → HTTP Flood Attack Protection

Huawei Anti-DDoS Solution Guide → Source IP Detection Methods

Huawei WAF Documentation → Enhanced Mode for Web Attack Mitigation

Comprehensive and Detailed Explanation:

Web rewriting in web proxy modifies web page content for security and access control .

Issues with web rewriting include:

A is true → Server addresses can be hidden.

B is true → Images may be misaligned due to rewriting.

C is true → Fonts may be incomplete.

D is false → Web rewriting does not require Internet Explorer controls.

HCIP-Security References:

Huawei HCIP-Security Guide → Web Proxy and Web Rewriting

Comprehensive and Detailed Explanation:

Regular expressions (regex) are used in data filtering to detect patterns in traffic.

* b.d Explanation:

b → The word must start with 'b'.

. * → Matches any number of characters (wildcard).

d → The word must end with 'd'.

Testing the given words:

A. abroad ( ✔ matches) → Starts with "b" but does not end with "d".

B. beside ( ✔ matches) → Starts with "b" but does not end with "d".

C. boring ( ✔ allowed) → Does not start with "b" and end with "d" (safe to post).

D. bad ( ❌ blocked) → Starts with "b" and ends with "d" (matches the regex).

Why is C correct?

"boring" does not match the regex pattern, so it is not blocked.

HCIP-Security References:

Huawei HCIP-Security Guide → Regular Expressions in Data Filtering

Comprehensive and Detailed Explanation:

Authentication-free rules allow unauthenticated users to access essential services before login.

The following traffic must be allowed before authentication:

DNS traffic → Users need to resolve domain names for the Portal page.

Portal page access → The captive portal must be reachable.

RADIUS server communication → Users must authenticate via RADIUS.

Why is this statement true?

Without these authentication-free rules, users would be unable to reach the Portal login page.

HCIP-Security References:

Huawei HCIP-Security Guide → Portal Authentication-Free Rules

Understanding 802.1X Authentication in Wired Networks:

802.1X is a port-based network access control (PNAC) protocol that requires a Layer 2 connection between the supplicant (PC), the authenticator (switch), and the authentication server (e.g., RADIUS server).

In wired networks, 802.1X authentication occurs at the Ethernet switch (Layer 2 device) , which enforces authentication before allowing network access.

Why Must the Network Be Layer 2?

802.1X authentication operates at Layer 2 (Data Link Layer) before any IP-based communication (Layer 3) occurs.

If the authentication device and user terminal were on different Layer 3 networks, the authentication packets (EAPOL - Extensible Authentication Protocol Over LAN) would not be forwarded.

In the figure, the authentication control point is at the aggregation switch , which means the PC and switch must be in the same Layer 2 domain.

Components of 802.1X Authentication in the Figure:

Supplicant (PC) → The device requesting network access.

Authenticator (Aggregation Switch) → The switch controlling access to the network based on authentication results.

Authentication Server (iMaster NCE-Campus & AD Server) → Verifies user credentials and grants or denies access.

Layer 2 Connectivity Requirement → The PC must be in the same Layer 2 network as the Authenticator to communicate via EAPOL.

Why "TRUE" is the Correct Answer:

802.1X authentication is performed before IP addresses are assigned, meaning it can only operate in a Layer 2 network.

EAPOL (Extensible Authentication Protocol Over LAN) messages are not routable and must stay within a single Layer 2 broadcast domain.

In enterprise networks, VLAN-based 802.1X authentication is often used , where authenticated users are assigned to a specific VLAN.

HCIP-Security References:

Huawei HCIP-Security Guide → 802.1X Authentication in Enterprise Networks

Huawei iMaster NCE-Campus Documentation → Authentication Control and NAC Deployment

IEEE 802.1X Standard Documentation → Layer 2 Network Authentication

Comprehensive and Detailed Explanation:

VLAN authorization in Portal authentication requires additional configuration.

To assign VLANs dynamically:

RADIUS must return VLAN attributes after authentication.

The WAC (Wireless Access Controller) must be configured to support dynamic VLAN assignment.

Why is this statement false?

VLAN authorization requires RADIUS attributes and WAC configuration—it is not automatic.

HCIP-Security References:

Huawei HCIP-Security Guide → WLAN & Portal Authentication

Comprehensive and Detailed Explanation:

Deploying multiple egress links ensures:

Redundancy → If one link fails, another remains active.

Load balancing → Traffic can be distributed across multiple links.

High availability → Reduces downtime.

Why is this statement true?

Enterprise networks benefit from multiple egress links .

HCIP-Security References:

Huawei HCIP-Security Guide → Network Redundancy and High Availability