Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Huawei H12-721 - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Huawei H12-721 Premium Access     Download Demo    
Page: 3 / 7
Total 217 questions

On an Eth-Trunk interface, traffic load balancing can be implemented by configuring different weights on member links.

A.

TRUE

B.

FLASE

In the firewall DDoS attack defense technology, the Anti-DDoS device adopts seven layers of defense technology, and the description based on session defense is correct?

A.

Based on the application, the validity of the source address of the packet is authenticated. These applications support the protocol interaction. The cleaning device prevents the attack traffic from the virtual source or tool by sending source detection packets.

B.

Session-based defense against concurrent connections, new connections, or connection-depleted connections that exceed the threshold

C.

mainly relies on fingerprint learning and packet capture analysis to obtain traffic characteristics, and to prevent bots or attack traffic initiated by agents to distinguish normal users from access behavior.

D.

Filters scanned messages and special control messages by detecting sessions

The ACK flood attack is defended by the load check. The principle is that the cleaning device checks the payload of the ACK packet. If the payloads are all consistent (if the payload content is all 1), the packet is discarded.

A.

TRUE

B.

FALSE

When an attack occurs, the result of packet capture on the attacked host (1.1.1.1) is as shown in the figure. What kind of attack is this attack?

A.

Smurf attack

B.

Land attack

C.

WinNuke attack

D.

Ping of Death attack

IP address scanning attack defense not only prevents ICMP packet detection target addresses, but also prevents TCP/UDP scanning detection target addresses.

A.

TRUE

B.

FALSE

When using the optical bypass interface, the Bypass link has two working modes, automatic mode and forced mode.

A.

TRUE

B.

FALSE

The branch firewall of an enterprise is configured with NAT. As shown in the figure, USG_B is the NAT gateway. The USG_B is used to establish an IPSec VPN with the headquarters. Which parts of the USG_B need to be configured?

A.

Configure the nat policy. The reference rule is to allow the source and destination of the intranet to be all ACLs.

B.

Configure the IKE peer, use the name authentication, and remote-address is the outbound interface address of the headquarters.

C.

Configure the nat policy. The reference rule is to protect the data flow from the enterprise intranet to the headquarters intranet in the first deny ipsec, and then permit the data flow from the intranet to the internet.

D.

Configure an ipsec policy template and reference ike peer

The first packet discarding technology of Huawei Anti-DDoS devices can defend against attack packets that continuously change the source IP address or source port number. The following is incorrect about the first packet discarding technology?

A.

UDP protocol does not have a retransmission mechanism, so the first packet drop technique cannot be used.

B.

The first packet is discarded in combination with source authentication to prevent false source attacks.

C.

matches the packet based on the triplet (source IP address, source port, protocol), and judges the first packet by the interval of the packet.

D.

The packet sending interval is lower than the first packet detection rate lower limit, or the packet higher than the first packet detection rate upper limit is considered to be the first packet.

On the USG, you need to delete sslconfig.cfg in the hda1:/ directory. Which of the following commands can complete the operation?

A.

cd hda 1:/remove sslconfig.cfg

B.

cd hda 1:/delete sslconfig.cfg

C.

cd hda 1:/rmdir sslconfig.cfg

D.

cd hda 1:/mkdir sslconfig.cfg

Man-in-the-middle attacks are: the middleman completes the data exchange between the server and the client. In the server's view, all messages are sent or sent to the client. From the client's point of view, all messages are also sent or sent.

A.

Packet 1: Source IP 1.1.1.1 Source MAC C-C-C Destination IP 1.1.1.2 Destination MAC B-B-B

B.

Packet 1: Source IP 1.1.1.3 Source MAC C-C-C Destination IP 1.1.1.2 Destination MAC B-B-B

C.

Packet 2: Source IP 1.1.1.2 Source MAC C-C-C Destination IP 1.1.1.1 Destination MAC A-A-A

D.

Packet 2: Source IP 1.1.1.3 Source MAC C-C-C Destination IP 1.1.1.1 Destination MAC A-A-A