A great way to start the H3C Certified Network Engineer for Security (H3CNE-Security) preparation is to begin by properly appreciating the role that syllabus and study guide play in the H3C GB0-510 certification exam. This study guide is an instrument to get you on the same page with H3C and understand the nature of the H3C Constructing Small- and Medium-Sized Enterprise Security Networks exam.
Our team of experts has composed this H3C GB0-510 exam preparation guide to provide the overview about H3C Constructing Small- and Medium-Sized Enterprise Security Networks exam, study material, sample questions, practice exam and ways to interpret the exam objectives to help you assess your readiness for the H3CNE-Security exam by identifying prerequisite areas of knowledge. We recommend you to refer the simulation questions and practice test listed in this guide to determine what type of questions will be asked and the level of difficulty that could be tested in the H3C Constructing Small- and Medium-Sized Enterprise Security Networks certification exam.
H3C GB0-510 Exam Overview:
|
Exam Name
|
H3C Constructing Small- and Medium-Sized Enterprise Security Networks |
| Exam Number | GB0-510 H3CNE-Security |
| Exam Price | $165 USD |
| Duration | 60 minutes |
| Number of Questions | 50 |
| Passing Score | 600/1000 |
| Recommended Training | Constructing Small- and Medium-Sized Enterprise Security Networks |
| Exam Registration | PROMETRIC |
| Sample Questions | H3C GB0-510 Sample Questions |
| Practice Exam | H3C Certified Network Engineer for Security (H3CNE-Security) Practice Test |
H3C GB0-510 Exam Topics:
| Section | Weight |
|---|---|
| Overview of network security |
- Fundamental of TCP/IP protocol: OSI model, layered structure of TCP/IP model, TCP three-way handshake, transmission layer protocol, etc. - TCP/IP protocol security: IPv4 potential hazard, common security risks of TCP/IP protocol stack, route interception, MAC spoofing, IP spoofing attack, Smurf attack, IP scanning attack, port scanning attack, TCP Denial of Service (DoS), WEB attack, etc. - Network threats: Active attacks, passive attacks, etc. |
| Basic firewall technology |
- Firewall development and technical evolution: firewall introduction, categorizing, and technical evolution, etc. - Basic firewall functions: routing & switching, NAT, reasons for attack prevention, forms and principles of attacks, device configuration for attack protection, principle and operation patterns of dual hot-standby, log review, etc. - Firewall performance metrics: throughput, latency, new connections, concurrent connections, etc. - Firewall networking approaches: principle of two-layer mode, principle of three-layer mode, firewall management, firewall management configuration, file management, upgrade, license management, basic firewall configuration process, etc. |
| Firewall user management |
- AAA technology principle: AAA introduction, AAA certification approach, RADIUS certification, RADIUS message format, RADIUS attributes, RADIUS configuration, HWTACACS certification, HWTACACS configuration, LDAP certification, LDAP configuration, etc. - Firewall user sorting: users for device management, and users for network access - Firewall user management and application: domain-based user management, ISP domain-based AAA realization, local user configuration, local user group configuration, local certification and permission allocation of users for management, RADIUS certification and permission allocation of users for access, certification and permission allocation of users for network operation |
| Firewall security policy |
- Packet filtering technology: definition of packet filtering, ACL categorizing, matching sequence of ACL rules, packet filtering configuration task, basic ACL configuration, advanced ACL configuration, layer 2 ACL configuration, ACL packet filtering on interfaces, etc. - Security domain: definition of security domain, relation of security domain and interface, precautions for security domain configuration, security domain configuration task, display of security domain, etc. - Firewall forwarding principle: flow and session, creation of session, session entry and long connection, session management configuration, message forwarding process, etc. - Firewall security policy: definition of firewall security policy, development of security policy, advantages and rules of security policy, filter conditions and matching sequence of rules, security policy process, security policy configuration tasks, configuration address object group, security policy configuration, etc. |
| Network address conversion technology |
- NAT overview: NAT technical background, public and private addresses, NAT technology principle, NAT terminology, NAT categories, advantages and disadvantages of NAT technology, etc. - Dynamic NAT: principle and realization of dynamic NAT (NO-PAT mode), dynamic NAT (NO-PAT mode) configuration, principle and realization of dynamic NAT (PAT mode), dynamic NAT (PAT mode) configuration, principle and realization of dynamic NAT (Easy IP mode), dynamic NAT (Easy IP mode) configuration, etc. - Internal server: principle of internal server, realization of internal server, internal server configuration, etc. - Static NAT: principle of static NAT, realization of static NAT, static NAT configuration, etc. - NAT ALG function: principle of NAT ALG, realization of NAT ALG. |
| Principle and configuration of VPN |
- VPN overview: it includes key conceptual terms of VPN, VPN classification, key VPN technology overview, etc. - GRE VPN: GRE packaging format, GRE VPN operation principle, method of GRE passing through NAT, GRE VPN configuration under command line, GRE VPN configuration under WEB, etc. - L2TP VPN: concepts and terms of L2TP, L2TP topology, L2TP protocol packaging, L2TP protocol operation and multiple instances, L2TP configuration under command line, L2TP configuration under WEB, etc. - IPSec VPN: concepts and terms of IPSec VPN, IPSec VPN structure, AH protocol, ESP protocol, relation of IKE and IPSec, methods of IPSec VPN passing through NAT, IPSec VPN configuration under command line, IPSec VPN configuration under WEB, IPSec troubleshooting - SSL VPN: evolution of SSL protocol, SSL work model and structure, recording layer in SSL protocol, SSL handshake protocol, functions and realization of SSL VPN, SSL VPN configuration, etc. |
| DPI technology |
- DPI technology background: security threats, definition of DPI, DPI feature library, DPI business, basic DPI operation principles, etc. - DPI technology principle: IPS technology, IPS features, IPS actions, anti-virus technology, features and actions of virus, URL filter, filter rules, rule matching approaches, file filter technology, data filter features, etc. - DPI technology configuration: basic DPI configuration, License application, feature library upgrade, IPS configuration, anti-virus configuration, URL filter configuration, etc. |
| Application control technology |
- Application control technology overview: application recognition challenges - Application filter: precise application recognition, refined application authorization, ACG gateway application recognition and review principle, application review configuration, etc. - Bandwidth management: concept of bandwidth management, global work load control, bandwidth utilization, matching principle of bandwidth management, bandwidth management configuration, etc. - Log report: application work load analysis, log type, log content output, website visit log, application review log, log analysis and management platform, in-depth data exploration, etc. - Users and verification: user identity discovery, anonymous users, local users, verified on WeChat, verification policy, etc. |
H3CNE-Security Exam Description:
H3C Certified Network Engineer for Security (H3CNE-Security) certification mainly focuses on the planning, design, configuration and maintenance of the security on small and medium sized networks. The H3CNE-Security certification proves that you have a general knowledge of security technologies and applications of small and medium sized networks, and are capable of providing assistance in designing security infrastructure for SMEs and deploying and maintaining corresponding solutions.