Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

Huawei H12-724 - HCIP-Security (Fast track) V1.0

Huawei H12-724 Premium Access     Download Demo    
Page: 5 / 11
Total 367 questions

After the user is successfully authenticated, Agile Controller-Campus Which of the following actions can be performed on the user(Multiple choice)

A.

To use Any Office The connected user performs remote assistance.

B.

Force users to go offline.

C.

Audit users' online and offline records.

D.

Disable the mobile certificate account/Disable and assign roles.

Configure the following commands on the Huawei firewall:

[USG] interface G0/0/1

[USG] ip urpf loose allow-defult-route acl 3000

Which of the following options are correct? (multiple choice)

A.

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

B.

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

C.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

D.

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

In the scenario of SACG linkage in bypass mode, only the traffic initiated by the terminal user will pass through the firewall, and the server will return to the terminal in use.

The traffic does not need to go through the firewall y. For the firewall, it belongs to the scenario of inconsistent traffic back and forth paths, this needs to turn off the session state check function.

A.

True

B.

False

An account can only belong to one user group, that is, a user can only belong to one department.

A.

True

B.

False

The anti-tampering technology of Huawei WAF products is based on the cache module. Suppose that when user A visits website B, website B has page tampering.

Signs: The workflow for the WAF tamper-proof module has the following steps:.

â‘  WAF uses the pages in the cache to return to the client;

â‘¡WAF compares the watermark of the server page content with the page content in the cache

â‘¢Store the content of the page in the cache after learning

â‘£ When the user accesses the Web page, the WAF obtains the page content of the server

⑤WAF starts the learning mode to learn the page content of the user's visit to the website;

For the ordering of these steps, which of the following options is correct?

A.

③④②⑤①

B.

⑤①②④③

C.

②④①⑤③

D.

⑤③④②①

The administrator has defined two key words that need to be recognized on the firewall: the weight of the keyword x is 2, and the weight of the key y is 3: defined

The alarm interval value from the content is 5, and the blocking threshold value is 10. If the device detects that there is a secondary key space x in the webpage created by the user, the two keywords are

Y; Regarding the weight value and monthly household visits to Heshun Street, is the following statement correct?

A.

The weight value is 8, you can visit the web page

B.

The weight value is 10, and the page cannot be accessed

C.

The weight value is 8, the page cannot be accessed

D.

The weight value is 10, you can ask the web page before

Which of the following statement is correct about Policy Center system client function?

A.

NAC Agent support MAC account login.

B.

Web page login for authentication and can perform checks Strategy.

C.

Web Agent login for identity certification and security certification.

D.

NAC Agent cannot be installed on Windows Vista operating system.

Regarding the global configuration of file filtering configuration files for Huawei USG6000 products, which of the following descriptions is correct?

A.

File filtering, content filtering and anti-virus detection cannot be performed when the file is damaged. At this time, the documents can be released or blocked according to business requirements.

B.

When the file extension does not match, if the action is "Allow" or "Alarm", file filtering, content filtering and anti-virus are performed according to the file type

Detection.

C.

When the number of compression layers of a file is greater than the configured "Maximum Decompression Layers", the firewall cannot filter the file.

D.

When the file type cannot be recognized, file filtering, content filtering and anti-virus detection are not performed.

The network-based intrusion detection system is mainly used to monitor the information of the critical path of the network in real time, listen to all packets on the network, collect data, and divide

Analyze the suspicious object, which of the following options are its main features? (multiple choices)

A.

Good concealment, the network-based monitor does not run other applications, does not provide network services, and may not respond to other computers, so

Not vulnerable to attack.

B.

The monitoring speed is fast (the problem can be found in microseconds or seconds, and the host-based DS needs to take an analysis of the audit transcripts in the last few minutes

C.

Need a lot of monitors.

D.

It can detect the source address and destination address, identify whether the address is illegal, and locate the real intruder.

Use BGP protocol to achieve diversion, the configuration command is as follows

[sysname] route-policy 1 permit node 1

[sysname-route-policy] apply community no-advertise

[sysname-route-policy] quit

[sysname]bgp100

155955cc-666171a2-20fac832-0c042c04

29

[sysname-bgp] peer

[sysname-bgp] import-route unr

[sysname- bgpl ipv4-family unicast

[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export

[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community

[sysname-bgp-af-ipv4] quit

[sysname-bgp]quit

Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

A.

Use BGP to publish UNR routes to achieve dynamic diversion.

B.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

C.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

D.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.