Black Friday Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

Note! H12-711_V3.0 has been withdrawn. The new exam code is H12-711_V4.0

Practice Free H12-711_V3.0 HCIA-Security V3.0 Exam Questions Answers With Explanation

We at Crack4sure are committed to giving students who are preparing for the Huawei H12-711_V3.0 Exam the most current and reliable questions . To help people study, we've made some of our HCIA-Security V3.0 exam materials available for free to everyone. You can take the Free H12-711_V3.0 Practice Test as many times as you want. The answers to the practice questions are given, and each answer is explained.

Get Full 492 Questions Search Other Huawei Exam
Question # 6

SIPprotocol usageSDPmessage to establish a session,SDPThe message contains a remote address or a multicast address

A.

True

B.

False

Question # 7

Common scanning attacks include: port scanning tools, vulnerability scanning tools, application scanning tools and database scanning tools, etc.

A.

True

B.

False

Question # 8

Which of the following areHRP(Huawei Redundancy Protocol) protocol can back up state information? (multiple choice)

A.

session table

B.

ServerMapentry

C.

Dynamic blacklist

D.

routing table

Question # 9

aboutVGMPIn a description of group management, which of the following is false?

A.

VRRPbackup group master/All standby status changes need to be notified to theVGMPmanagement group

B.

The interface types and numbers of the heartbeat ports of the two firewalls can be different, as long as the Layer 2 interoperability can be guaranteed.

C.

Active and standby firewallsVGMPtimed starthellomessage

D.

The active and standby devices learn about the status of each other through the exchange of heartbeat messages, and back up related commands and status information.

Question # 10

Data analysis technology is to find and match keywords or key phrases in the acquired data stream or information stream, and analyze the correlation of time. Which of the following is not an evidence analysis technique?

A.

Cryptography, data decryption technology

B.

Digital Abstract Analysis Technology of Documents

C.

Techniques for discovering connections between different pieces of evidence

D.

Spam Tracking Technology

Question # 11

Which of the following does not belong toP2DRin the modelDetectionThe method used in the link?

A.

real time monitoring

B.

detect

C.

Call the police

D.

shut down service

Question # 12

existVRRP(Virtual Router Redundancy Protocol) group, the primary firewall regularly sends notification messages to the backup firewall, and the backup firewall is only responsible for monitoring notification messages and will not respond

A.

True

B.

False

Question # 13

Multiple different ( ) cannot be added to the same interface on the firewall at the same time (fill in the blank)

Question # 14

Digital envelope technology means that the sender uses the receiver's public key to encrypt the data, and then sends the ciphertext to the receiver ( )[Multiple choice]*

A.

TRUE

B.

FALSE

Question # 15

Which of the following angles should be considered in the information security stage to consider the security of information?

A.

Management

B.

Security system

C.

business

D.

Technology

Question # 16

Questionnaire design principles do not include which of the following?

A.

integrity

B.

openness

C.

specificity

D.

consistency

Question # 17

aboutSSL VPNdescription, which of the following is correct?

A.

Can be used without a client

B.

yesIPlayer to encrypt

C.

existNATcrossing problem

D.

No authentication required

Question # 18

the following aboutVGMPWhich protocol description is wrong?

A.

VGMPmultiple on the same firewallVRRPAll backup groups are added to one management group, and all backup groups are managed by the management group.VRRPbackup group

B.

VGMPthrough the unified control ofVRRPSwitching the status of the backup group to ensure that allVRRPBackup group status is consistent

C.

Status isActiveofVGMPThe group device will periodically sendhellomessage,stdandbyThe end is only responsible for monitoringhellomessage, will not respond

D.

By default whenstandbyend threehelloThe message period does not receive the message sent by the peerhellomessage, it will think that the peer end is faulty, so it will switch itself toActivestate.

Question # 19

aboutVPN, which of the following statements is false?

A.

Virtual private network is cheaper than private line

B.

VPNTechnology necessarily involves encryption

C.

VPNTechnology is a technology that multiplexes logical channels on actual physical lines

D.

VPNThe emergence of technology allows traveling employees to remotely access internal corporate servers

Question # 20

The matching principle of the security policy is: first search for the manually configured interzone security policy, and if no match is found, the data packet will be discarded directly.

A.

True

B.

False

Question # 21

aboutAHandESPSecurity protocol, which of the following options is true? (multiple choice)

A.

AHCan provide encryption and authentication functions

B.

ESPCan provide encryption and authentication functions

C.

AH The protocol number is51

D.

ESPThe protocol number is51

Question # 22

The repair of anti-virus software only needs to repair some system files that were accidentally deleted when scanning and killing viruses to prevent the system from crashing

A.

True

B.

False

Question # 23

About firewall gateways forHTTPWhich of the following statements is false about the protocol's antivirus response?

A.

When the gateway device blocksHTTPAfter connecting, push to the clientwebpage and generate log

B.

Response methods include announcement and blocking

C.

In alarm mode, the device only generates logs, which is not correct.HTTPThe files transmitted by the protocol are processed and sent out

D.

Blocking means that the device is disconnected from theHTTPserver connection and block file transfer

Question # 24

Which of the following is not a key technology of antivirus software?

A.

Shelling technology

B.

self protection

C.

format the disk

D.

Update virus database in real time

Question # 25

On the surface, threats such as viruses, loopholes, and Trojan horses are the causes of information security incidents, but at the root, information security incidents are also closely related to people and the information system itself.

A.

True

B.

False

Question # 26

againstIPspoofing attack (IP Spoofing), which of the following is an error?

A.

IPSpoofing attacks are based onIPaddress trust relationship to initiate

B.

IPAfter a successful spoofing attack, the attacker can use forged arbitraryIPThe address impersonates a legitimate host to access key information

C.

The attacker needs to put the sourceIPlandaddress masquerading as a trusted host and sendSYNmarkNote the data segment request connection

D.

based onIPThe hosts in the trust relationship of the addresses can log in directly without entering password authentication.

Question # 27

aboutPKIOrdering of work processes, which of the following is correct?

H12-711_V3.0 question answer

A.

1-2-6-5-7-4-3-8

B.

1-2-7-6-5-4-3-8

C.

6-5-4-1-2-7-3-8

D.

6-5-4-3-1-2-7-8

Question # 28

DDosWhich of the following attack types is an attack?

A.

snooping scan attack

B.

Malformed Packet Attack

C.

special packet attack

D.

traffic attack

Question # 29

Which of the following options are key elements of information security precautions? (multiple choice)

A.

asset Management

B.

Security operation and management

C.

Security Products and Technologies

D.

personnel

Question # 30

deployIPSec VPNIn tunnel mode, useAHprotocol for packet encapsulation. NewIPIn the header field of the packet, which of the following parameters does not need to be checked for data integrity?

A.

sourceIPaddress

B.

PurposeIPaddress

C.

TTL

D.

Identification

Question # 31

TCSECWhich of the following protection levels are included in the standard? (multiple choice)

A.

Verify protection level

B.

Mandatory protection level

C.

autonomous protection level

D.

Passive protection level

Question # 32

The method of collecting information by port scanning using scanning tools belongs to the means of ( ) analysis. (fill in the blank)

Question # 33

Execute the command on the firewall and display the above information. Which of the following descriptions is correct? (multiple choice)

H12-711_V3.0 question answer

A.

this firewallVGMPgroup status isActive

B.

this firewallG1/0/1virtual interfaceIPaddress is202.38.10.2

C.

this firewallVRIDfor1ofVRRPThe priority of the backup group is100

D.

When the main deviceUSG_AWill not switch in the event of a failure

Question # 34

The direction of the traffic can be seen in the ___ of the firewall.[fill in the blank]*

Question # 35

According to the management specification, regularly check the network security system and equipment, upgrade the patch, and organize the network security emergency response drill. The above actions belong toMPDRRWhat are the elements of the network security model?

A.

Protection link

B.

Detection link

C.

response link

D.

Management link

Question # 36

Which of the following options areIPSec VPNSupported encapsulation modes? (multiple choice)

A.

AHmodel

B.

tunnel mode

C.

transfer mode

D.

ESPmodel

Question # 37

Applying for special funds for emergency response and purchasing emergency response software and hardware equipment belong to the work content of which stage of the network's complete emergency response?

A.

preparation stage

B.

Inhibition stage

C.

response phase

D.

recovery phase

Question # 38

Which of the following is network address port translation (NAPT) and only translate network addresses (No-PAT) difference?

A.

go throughNo-PATAfter conversion, for external network users, all packets come from the sameIPaddress

B.

No-PATOnly supports protocol port translation at the transport layer

C.

NAPTOnly supports protocol address translation at the network layer

D.

No-PATSupports protocol address translation at the network layer

Question # 39

Regarding the NAT policy processing flow, which of the following options are correct? ( )*

A.

Server-map is processed before the security policy is matched

B.

Source NAT policy is processed after security policy match

C.

Source NAT policy queries are processed after the session is created

D.

Server-map is processed after state detection

Question # 40

Which of the following statements about the patch is incorrect?

A.

A patch is a small program made by the original author of the software for a discovered vulnerability

B.

Not patching does not affect the operation of the system, so whether patching is irrelevant or not.

C.

Patches are generally updated continuously.

D.

Computer users should download and install the latest patches in a timely manner to protect their systems

Question # 41

Personal information leakage is the destruction of the ______ characteristics of information.[fill in the blank]*

Question # 42

When configuring security policies, you can control traffic based on the user's______.[fill in the blank]*

Question # 43

Equipment sabotage attacks are generally not easy to cause information leakage, but usually cause interruption of network communication services.

A.

True

B.

False

Question # 44

Which of the following options belong to international organizations related to the standardization of information security? (multiple choice)

A.

International Organization for Standardization(ISO)International Organization for Standardization

B.

International Electrotechnical Commission(IEC) International Electrotechnical Commission

C.

International Telecommunication Union(ITU)ITU

D.

Wi-Fi Alliance Wi-Fialliance organization

Question # 45

Please match the whole worm attack process and attack description.[fill in the blank]*

H12-711_V3.0 question answer

Question # 46

at HuaweiUSGOn the series firewalls, the default security policy does not support modification.

A.

True

B.

False

Question # 47

The reason why NAPT can realize one-to-many address translation is that the ______ is also translated when the address is translated, so multiple private addresses can share the same public address.[fill in the blank]*

Question # 48

Which of the following is true about firewall security policies?

A.

By default, the security policy can control unicast packets and broadcast packets

B.

By default, the security policy can control multicast

C.

By default, the security policy only controls unicast packets.

D.

By default, the security policy can control unicast packets, broadcast packets, and multicast packets.

Question # 49

The interface on the firewall cannot forward traffic until it is added ( ). (fill in the blank)

Question # 50

Which of the following options is not a passive means of obtaining information? ( )[Multiple choice]*

A.

port scan

B.

port mirroring

C.

capture packets

D.

collect log education

Question # 51

The initial priority of the USG9500VGMP group is related to which of the following factors ( )? *

A.

interface bandwidth

B.

VRRP priority

C.

Number of daughter cards on the interface board

D.

The number of CPUs on the D service board

Question # 52

During the process of establishing IPSec VPN between peers FW_A and FW_B, two types of security associations need to be established in two stages. In the first stage, _____ is established to verify the identity of the peers.[fill in the blank]*

Question # 53

An engineer needs to back up the firewall configuration. Now he wants to use a command to view all the current configurations of the firewall. May I ask the command he uses is ____[fill in the blank]*

Question # 54

Which of the following security measures does the monitor correspond to?

A.

Intrusion Detection System

B.

Encrypted VPN

C.

Access control system

D.

Firewall

Question # 55

Which of the following does not belong to the block encryption algorithm in the symmetric encryption algorithm?

A.

RC5

B.

RC4

C.

RC6

D.

RC2

Question # 56

The CA certificate is the certificate of the CA itself. If there is no multi-level CA in the PKI system, the original certificate of the CA is a self-signed certificate; if there are multiple levels of CA, it will form a CA hierarchy. The top CA is the root CA, which has A CA' self-signed certificate.

A.

True

B.

False

Question # 57
A.

1

B.

2

C.

3

D.

4

Question # 58

Which of the following SSLVPN functions can and can only access all TCP resources?

A.

Network expansion

B.

Port Forwarding

C.

web proxy

D.

file sharing

Question # 59

In USG6000E, the initial priority of VGMP is ( ) (fill in the blank)

Question # 60

Information security prevention technologies include: data encryption, identity authentication, intrusion prevention and anti-virus, etc.

A.

True

B.

False

Question # 61

When IPSec VPN uses tunnel mode to encapsulate packets, which of the following is not within the encryption scope of the ESP security protocol? ( )[Multiple choice]*

A.

ESP Header

B.

TCP Header

C.

Raw IP Header

D.

ESP Tail

Question # 62

If we do not want to generate a reverse Server Mapi entry when configuring NAT Server, we need to add a parameter when configuring NATServerE. This parameter is ( ) (fill in the blank)

Question # 63

The company administrator uses the ping command to test the connectivity of the network. If he needs to specify the source address of the ehco-request message, what are the additional parameters he needs?

A.

-i

B.

-a

C.

-C

D.

-f

Question # 64

In the authentication policy of the firewall, _____ allows the user to not need to enter the user name and password, but can obtain the corresponding relationship between the user and the IP, so as to carry out policy management based on the user[fill in the blank]*

Question # 65

To configure a NAT policy in command line mode, you need to use the .command ( ) in the system view to enter the NAT policy configuration view. (all lowercase) (fill in the blank)

Question # 66

Please order the following steps in the PKI life cycle correctly, 1. Issued, 2. storage, 3. Update, 4. verify[fill in the blank]*

Question # 67

The firewall imports users locally, and supports importing user information from _____ format files and database dbm files to the local device.[fill in the blank]*

Question # 68

Which of the following descriptions about dual-system hot backup is wrong? ( )[Multiple choice]*

A.

By default the preemption delay is 60s

B.

Whether it is a Layer 2 or Layer 3 interface, whether it is a service interface or a heartbeat interface, it needs to be added to a security zone

C.

By default, the active preemption function is enabled

D.

Dual-system hot backup function requires license support

Question # 69

Which of the following options isL2TPThe port number used by the packet?

A.

17

B.

500

C.

1701

D.

4500

Question # 70

Firewall usagehrp standby config enableAfter the standby device configuration function is enabled by the command, all information that can be backed up can be configured directly on the standby device, and the configuration on the standby device can be synchronized to the active device.

A.

True

B.

False

Question # 71

Which of the following information is encrypted during the use of digital envelopes? (multiple choice)

A.

Symmetric key

B.

User data

C.

Receiver's public key

D.

Receiver's private key

Question # 72

The administrator wishes to clear the current session table. Which of the following commands is correct? ( )[Multiple choice]*

A.

display session table

B.

display firewall session table

C.

reset firewall session table

D.

clear firewall session table

Question # 73

Gratuitous ARP can be used to detect whether the ______ address conflicts, and it can also refresh the switch MAC address table.[fill in the blank]*