Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Huawei H12-721 - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Huawei H12-721 Premium Access     Download Demo    
Page: 2 / 7
Total 217 questions

Configure the remote packet capture function on the USG to download the device to the device. You can use the FTP server to analyze the packet.

A.

TRUE

B.

FALSE

Which of the following statements is correct about the IKE main mode and the aggressive mode?

A.

All negotiation packets in the first phase of the aggressive mode are encrypted.

B.

All the negotiation packets of the first phase in the main mode are encrypted.

C.

barbarian mode uses DH algorithm

D.

will enter the fast mode regardless of whether the negotiation is successful or not.

What are the following attacks that are special message attacks?

A.

Ping of Death attack

B.

Super large ICMP packet attack

C.

Tracert packet attack

D.

ICMP unreachable packet attack

71. Which option is incorrect about the HTTP Flood defense principle?

A.

HTTP Flood source authentication

B.

URI detection of destination IP

C.

fingerprint learning

D.

load check

What are the correct statements about the following VRRP and VGMP protocol messages?

A.

VGMP Hello packet communication between the A VGMP management group and the VRRP backup group

B.

VGMP management group communicates through VGMP Hello messages.

C.

VGMP management group communicates through VRRP packets

D.

VGMP packet communication between the V VGMP management group and the VRRP backup group

A certain network is as follows: LAN----G0/0/0 USG G0/0/1 ----Server. After the administrator analyzes the Attarcker on the LAN network connected to G0/0/0, if you want to prevent ARP flood attacks, limit the ARP traffic to 100 packets/minute. Which is the correct configuration?

A.

firewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/0 max-rate 100

B.

firewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/0 max-rate 6000

C.

firewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/1 max-rate 100

D.

firewall defend arp-flood enable firewall defend arp-flood interface GigabitEthernet 0/0/1 max-rate 6000

IPSec VPN uses digital certificates for authentication. It has the following steps: 1. verify the certificate signature; 2. find the certificate serial number in the CRL; 3. share the entity certificate between the two devices; 4. verify the validity period of the certificate; . Establish a VPN tunnel. Which of the following is correct?

A.

3 2 1 4 5

B.

1 3 2 4 5

C.

3 1 4 2 5

D.

2 4 3 1 5

Which of the following is a disadvantage of L2TP VPN?

A.

working on layer 2 cannot be routed

B.

must use L2TP Over IPSec to use

C.

has no authentication function

D.

no encryption

SSL VPN authentication is successful. Using the file sharing function, you can view directories and files, but you cannot upload, delete, and rename files. What are the possible reasons?

A.

If the file server type is NFS, the user UID and GID attributes do not allow the user to upload, delete, or rename files.

B.

If the type of the file server is SMB, the currently logged-in user has only read permission for the file share resource, but no write permission.

C.

Only the viewing function is enabled in the SSL file sharing function configuration of the C firewall.

D.

Some TCP connections between the virtual gateways of the D file server are blocked by the firewall

When using the Radius server to authenticate users, (the topology is as shown below), not only must the username and password be stored on the Radius server, but the username and password must also be configured on the firewall.

A.

TRUE

B.

FALSE