Labour Day - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

Hot Vendors
  1. Home
  2. Huawei
  3. Huawei Certified Network Professional HCNP
  4. H12-721
  5. HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Questions and Answers

H12-721 HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Questions and Answers

Questions 4

What type of message is the VRRP hello message?

Options:

A.

unicast message

B.

broadcast message

C.

multicast packet

D.

UDP packet

Buy Now
Questions 5

In a dual-system hot standby network, the NAT configurations of the two USGs are consistent. When the address in the NAT address pool is on the same network segment as the virtual IP address of the VRRP backup group, the next two graphs show the ARP response of the NAT server and VRRP combination application (lack of a picture).

H12-721 Question 5

Options:

A.

Figure 1 binds the NAT address pool to the VRRP backup group on the interface connected to the Internet. Figure 2 Binds the NAT address pool to the VRRP backup group on the interface connected to the Internet.

B.

Figure 1 does not bind the NAT address pool to the VRRP backup group on the interface connected to the Internet. Figure 2 does not bind the NAT address pool to the VRRP backup group on the interface connected to the Internet.

C.

Figure 1 does not bind the NAT address pool to the VRRP backup group on the interface connected to the Internet. Figure 2 Binds the NAT address pool to the VRRP backup group on the interface connected to the Internet.

D.

Figure 1 does not bind the NAT address pool to the VRRP backup group on the interface connected to the Internet. Figure 2 does not bind the NAT address pool to the VRRP backup group on the interface connected to the Internet.

Buy Now
Questions 6

An attack source will spoof the server and send a large number of SYN-ACK packets to the attacking target network or server. If the destination port of the packet is the TCP service port of the attacked server, the TCP protocol stack of the server will be abnormal. What is it?

Options:

A.

SYN Flood

B.

SYN-ACK Flood

C.

ACK-Flood

D.

Connection Flood

Buy Now
Questions 7

Which of the following is the correct description of the SMURF attack?

Options:

A.

The attacker sends an ICMP request with the destination address or the source address as the broadcast address, causing all hosts or designated hosts of the attacked network to answer, eventually causing the network to crash or the host to crash.

B.

The attacker sends the SYN-ACK message to the attacker's IP address.

C.

The attacker can send UDP packets to the network where the attacker is located. The source address of the packet is the address of the attacked host. The destination address is the broadcast address or network address of the subnet where the attacked host resides. The destination port number is 7 or 19.

D.

The attacker uses the network or the host to receive unreachable ICMP packets. The subsequent packets destined for this destination address are considered unreachable, thus disconnecting the destination from the host.

Buy Now
Questions 8

What are the three elements of an abnormal flow cleaning solution?

Options:

A.

cleaning center

B.

Testing Center

C.

Management Center

D.

Collection Center

Buy Now
Questions 9

According to the dual-system hot backup network diagram, what are the correct descriptions in the following dual-system hot backup preemption function?

H12-721 Question 9

Options:

A.

VRRP backup group itself has a preemption function. As shown in the figure, after USG_A fails and recovers, USG_A will use the preemption function to change to the master state again.

B.

The preemption function of the V VGMP management group is similar to that of the VRRP backup group. When the faulty backup group in the management group recovers, the management group priority will be restored.

C.

By default, when the preemption delay is 0, the preemption is never preempted.

D.

After the VRRP backup group is added to the VGMP management group, the original preemption function on the backup group will be invalid.

Buy Now
Questions 10

In the networking environment of dual-system hot backup and ip-link, which of the following configurations is the key configuration for ip-link and dual-system hot backup?

H12-721 Question 10

Options:

A.

hrp mirror ip-link 1

B.

hrp track ip-link 1 master

C.

hrp track ip-link 1 slave

D.

ip-link check enable

Buy Now
Questions 11

The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 12

The Haiwei Secoway VPN client initiates an L2TP connection. The source port of the L2TP packet is 1710 and the port 1710 of the destination port.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 13

Which of the following technologies can enhance the security of mobile users accessing the company's intranet VPN solution?

Options:

A.

SSL

B.

PPPoE

C.

GRE

D.

L2TP

Buy Now
Questions 14

In the firewall DDoS attack defense technology, the Anti-DDoS device adopts seven layers of defense technology, and the description based on session defense is correct?

Options:

A.

Based on the application, the validity of the source address of the packet is authenticated. These applications support the protocol interaction. The cleaning device prevents the attack traffic from the virtual source or tool by sending source detection packets.

B.

Session-based defense against concurrent connections, new connections, or connection-depleted connections that exceed the threshold

C.

mainly relies on fingerprint learning and packet capture analysis to obtain traffic characteristics, and to prevent bots or attack traffic initiated by agents to distinguish normal users from access behavior.

D.

Filters scanned messages and special control messages by detecting sessions

Buy Now
Questions 15

What is the correct statement about the Eth-trunk function?

Options:

A.

Improve the communication bandwidth of the link

B.

Improve data security

C.

traffic load sharing

D.

Improve the reliability of the link

Buy Now
Questions 16

On an Eth-Trunk interface, traffic load balancing can be implemented by configuring different weights on member links.

Options:

A.

TRUE

B.

FLASE

Buy Now
Questions 17

71. Which option is incorrect about the HTTP Flood defense principle?

Options:

A.

HTTP Flood source authentication

B.

URI detection of destination IP

C.

fingerprint learning

D.

load check

Buy Now
Questions 18

Run the display ike sa command to check the IKE SA information. The following statement is correct?

H12-721 Question 18

Options:

A.

phase 1 and phase 2 have been established

B.

negotiates through the IKE V2 protocol

C.

VPN instance name is public

D.

IPSec SA status is Ready

Buy Now
Questions 19

Regarding VRRP messages, what are the following statements correct?

Options:

A.

VRRP uses TCP packets.

B.

VRRP uses UDP packets.

C.

The destination address of the C VRRP packet is 224.0.0.18.

D.

The TTL value of the D VRRP packet is 255.

.

Buy Now
Questions 20

With regard to the Radius agreement, what are the following statements correct?

Options:

A.

uses the UDP protocol to transmit Radius packets.

B.

authentication and authorization port number can be 1812

C.

Encrypt the account when transferring user accounts and passwords using the Radius protocol

D.

authentication and authorization port number can be 1645

Buy Now
Questions 21

The network administrator of a company discards traffic that exceeds the throughput of the device. The USG discards the traffic that exceeds the device throughput. The USG discards the traffic that exceeds the device throughput. The following command can achieve this function?

Options:

A.

utm bypass enable

B.

undo utm bypass enable

C.

ips bypass enable

D.

undo ips bypass enable

Buy Now
Questions 22

If the IPSec policy is configured in the policy template and sub-policy mode, the firewall applies the policy template first and then applies the sub-policy.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 23

The branch firewall of an enterprise is configured with NAT. As shown in the figure, USG_B is the NAT gateway. The USG_B is used to establish an IPSec VPN with the headquarters. Which parts of the USG_B need to be configured?

H12-721 Question 23

Options:

A.

Configure the nat policy. The reference rule is to allow the source and destination of the intranet to be all ACLs.

B.

Configure the IKE peer, use the name authentication, and remote-address is the outbound interface address of the headquarters.

C.

Configure the nat policy. The reference rule is to protect the data flow from the enterprise intranet to the headquarters intranet in the first deny ipsec, and then permit the data flow from the intranet to the internet.

D.

Configure an ipsec policy template and reference ike peer

Buy Now
Questions 24

In the firewall DDoS attack defense technology, the data packet of the session table is not defended. If the data packet of the session has been established, it is directly released.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 25

The console port password can be restored to the factory settings by pressing and holding the USG device Reset button for 1-3 seconds.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 26

An administrator can view the IPSec status information and Debug information as follows. What is the most likely fault?

H12-721 Question 26

Options:

A.

local IKE policy does not match the peer IKE policy.

B.

local ike remote name does not match peer ike name

C.

local ipsec proposal does not match the peer ipsec proposal

D.

The local security acl or the peer security acl does not match.

Buy Now
Questions 27

When using the optical bypass interface, the Bypass link has two working modes, automatic mode and forced mode.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

A user wants to limit the maximum bandwidth of the 192.168.1.0/24 network segment to 500M, and limit all IP addresses in the network segment to maintain a bandwidth of 1M. How should I configure a current limiting policy for this requirement?

Options:

A.

Configure per-IP traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

B.

Configure overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 1M.

C.

Configure the overall traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

D.

Configure the overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 500M. Then use the per-IP traffic limiting to ensure that the server bandwidth is 1M.

Buy Now
Questions 29

When the user's SSL VPN has been successfully authenticated, the user cannot access the Web-link resource. On the Web server, view the information as follows: netstat -anp tcp With the following information, which of the following statements is correct?

H12-721 Question 29

Options:

A.

intranet server does not open web service

B.

virtual gateway policy configuration error

C.

The connection between the virtual gateway and the intranet server is incorrect.

D.

Virtual gateway and intranet server are unreachable

 

Buy Now
Questions 30

In the DDoS attack defense, if the service learning function is used to find that there is no service or traffic of a certain service in normal traffic, you can use the blocking or traffic limiting method to defend against attacks on the Anti-DDoS device. .

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 31

In a dual-system hot standby environment, if the path of the packet back and forth is inconsistent, which of the following conditions may result in packet loss?

Options:

A.

does not enable session fast synchronization

B.

Heartbeat bandwidth is insufficient

C.

turned off the status monitoring function

D.

specifies the wrong heartbeat port

Buy Now
Questions 32

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

Options:

A.

bypass deployment dynamic drainage using strict mode

B.

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

C.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

D.

adopts "basic mode". Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

Buy Now
Exam Code: H12-721
Exam Name: HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)
Last Update: Apr 30, 2024
Questions: 245

PDF + Testing Engine

$56  $159.99
buy now H12-721 pdf + testing engine

Testing Engine

$42  $119.99
buy now H12-721 testing engine

PDF (Q&A)

$35  $99.99
buy now H12-721 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 02 May 2024