Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Huawei H12-721 - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Huawei H12-721 Premium Access     Download Demo    
Page: 5 / 7
Total 217 questions

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

A.

bypass deployment dynamic drainage using strict mode

B.

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

C.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

D.

adopts "basic mode". Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

Which attack method is CC attack?

A.

denial of service attack

B.

scan snooping attack

C.

malformed packet attack

D.

System-based vulnerability attacks

Virtual firewall technology can achieve overlapping IP addresses.

A.

TRUE

B.

FALSE

In the application scenario of IPSec traversal by NAT, the active initiator of the firewall must configure NAT traversal, and the firewall at the other end can be configured without NAT traversal.

A.

TRUE

B.

FALSE

Which of the following is correct about the configuration of the firewall interface bound to the VPN instance?

A.

ip binding vpn-instance vpn-id

B.

ip binding vpn-instance vpn-instance-name

C.

ip binding vpn-id

D.

ip binding vpn-id vpn-instance-name

What are the three elements of an abnormal flow cleaning solution?

A.

cleaning center

B.

Testing Center

C.

Management Center

D.

Collection Center

In the application scenario of the virtual firewall technology, the more common service is to provide rental services to the outside. If the virtual firewall VFW1 is leased to enterprise A and the virtual firewall VFW2 is leased to enterprise B, what is the following statement incorrect?

A.

The A system provides independent system resources for the virtual firewalls VFW1 and VFW2, and does not affect each other.

B.

is transparent to users, and the business between enterprise A and enterprise B is completely isolated, just like using firewalls separately.

C.

Enterprise A and Enterprise B can overlap addresses and use VLANs to separate different VLANs.

D.

Enterprise A and Enterprise B cannot manage their own virtual firewalls independently and must be managed by the administrator of the lessor.

Based on the following information analysis on the firewall, which of the following options are correct?

A.

The first packet of this data flow enters from the Trust zone interface and is sent from the Untrust zone interface.

B.

This data stream has been NAT translated

C.

uses NPAT conversion technology

D.

firewall has virtual firewall function enabled

DDoS is an abnormal packet that an attacker sends a small amount of non-traffic traffic to the attack target (usually a server, such as DNS or WEB) through the network, so that the attacked server resolves the packet when the system crashes or the system is busy.

A.

TRUE

B.

FALSE

Which of the following security services can a secure multi-instance provide for a virtual firewall?

A.

address binding

B.

blacklist

C.

ASPF

D.

VPN routing