Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Huawei H12-721 - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Huawei H12-721 Premium Access     Download Demo    
Page: 6 / 7
Total 217 questions

A data flow has established a session in the firewall. If the packet filtering policy corresponding to the data is modified, how should the firewall execute?

A.

When the new packet arrives at the firewall, it immediately performs filtering according to the latest policy and refreshes the session table.

B.

immediately performs filtering according to the latest policy, does not refresh the session table

C.

The session is not aged, the new policy is not executed, and the previously established session is matched.

D.

modification will fail, you need to clear the session to modify

When the user's SSL VPN has been successfully authenticated, the user cannot access the Web-link resource. On the Web server, view the information as follows: netstat -anp tcp With the following information, which of the following statements is correct?

A.

intranet server does not open web service

B.

virtual gateway policy configuration error

C.

The connection between the virtual gateway and the intranet server is incorrect.

D.

Virtual gateway and intranet server are unreachable

 

When the firewall works in the dual-system hot backup load balancing environment, if the upstream and downstream routers are working in the routing mode, you need to adjust the OSPF cost based on HRP.

A.

TRUE

B.

FALSE

A user wants to limit the maximum bandwidth of the 192.168.1.0/24 network segment to 500M, and limit all IP addresses in the network segment to maintain a bandwidth of 1M. How should I configure a current limiting policy for this requirement?

A.

Configure per-IP traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

B.

Configure overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 1M.

C.

Configure the overall traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

D.

Configure the overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 500M. Then use the per-IP traffic limiting to ensure that the server bandwidth is 1M.

Networking as shown in the figure: PC1--USG--Router--PC2. If PC1 sends a packet to PC2, what are the three modes for the USG to process fragmented packets?

A.

fragment cache

B.

fragmentation

C.

slice direct forwarding

D.

slice defense

What are the correct descriptions of IPSec and IKE below?

A.

IPSec has two negotiation modes to establish an SA. One is manual (manual) and the other is IKE (isakmp) auto-negotiation.

B.

IKE aggressive mode can choose to find the corresponding authentication key according to the negotiation initiator IP address or ID and finally complete the negotiation.

C.

NAT traversal function deletes the verification process of the UDP port number during the IKE negotiation process, and implements the discovery function of the NAT gateway device in the VPN tunnel. That is, if the NAT gateway device is found, it will be used in the subsequent IPSec data transmission. UDP encapsulation

D.

IKE security mechanisms include DH Diffie-Hellman exchange and key distribution, complete forward security and SHA1 encryption algorithms.

An administrator can view the status of the device components by the following command: The status of the Slot3 board is Abnormal. What are the possible causes of the following faults?

A.

This slot is not supported in this slot of device A.

B.

interface card is damaged

C.

The pin on the backplane or motherboard is damaged. If the incorrect board is installed, the pin is tilted.

D.

ADSL telephone line failure

Which of the following statements about the blacklist is correct?

A.

When logging in to the device through Web or Telnet, if the username and password are incorrectly entered 3 times, the administrator's IP address will be blacklisted.

B.

Blacklists are classified into static blacklists and dynamic blacklists.

C.

. After the device detects the attack attempt of the user with a specific IP address according to the behavior of the packet, the device dynamically uses the dynamic blacklist technology to blacklist the IP address.

D.

When the packet arrives at the firewall, it first performs packet filtering check and then matches the blacklist.

The following scan snoop attacks are:

A.

SIP Flood attack

B.

HTTP Flood attack

C.

IP address scanning attack

D.

ICMP redirect packet attack

The following figure shows the L2TP over IPSec application scenario. The client uses the pre-shared-key command to perform IPSec authentication. How should the IPSec security policy be configured on the LNS?

A.

uses IKE master mode for negotiation

B.

Negotiate in IKE aggressive mode

C.

IPSec security policy

D.

Configuring an IPSec Policy Template