Summer Sale Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

H12-721 PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

H12-721 PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)
  • Last Update: Apr 17, 2024
  • Questions and Answers: 245
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

H12-721 Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

H12-721 Practice Exam Questions with Answers HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Certification

Question # 6

Accessing the headquarters server through the IPSec VPN from the branch computer. The IPSec tunnel can be established normally, but the service is unreachable. What are the possible reasons?

A.

packet is fragmented, and fragmented packets are discarded on the link.

B.

There is load sharing or dual-machine link, which may be inconsistent with the back and forth path.

C.

route oscillating

D.

DPD detection parameters are inconsistent at both ends

Full Access
Question # 7

The IP address of the USG firewall GE0/0/0 is 192.168.0.1/24, and the firewall functions as the FTP server. The IP address of the PC host is 192.168.0.2/24. The GE0/0/0 interface of the firewall and the PC host are connected through the network cable. Connected, as shown below: PC (192.168.0.2/24)--GE0/0/0 USG. Which of the following commands can be used to complete the backup of the system configuration file vrpcfg.cfg?

A.

Complete the following command on the firewall: [USG] ftp server enable info:Start FTP server [USG-aaa] local-user ftpuser password simple Ftppass# [USG-aaa] local-user ftpuser service-type ftp [USG-aaa] Local-user ftpuser ftp-directory hda1

B.

Complete the following command on the firewall: ftp 192.168.0.2 Trying 192.168.0.2 ...Press CTRL+K to abort Connected to 192.168.0.2 220 FTP Server ready User(192.168.0.2):(none) ftpuser 331 Password Required for ftpuser Password: 230 User logged in ftp>get vrpcfg.cfg

C.

Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>get VRPcfg.cfg

D.

Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>put VRPcfg.cfg

Full Access
Question # 8

Load balancing implements the function of distributing user traffic accessing the same IP address to different servers. What are the main technologies used?

A.

virtual service technology

B.

server health test

C.

dual hot standby technology

D.

stream-based forwarding

Full Access
Question # 9

Which of the following is incorrect about IKE V1 and IKE V2?

A.

IKE V2 establishes a pair of IPSec SAs. Normally, an IKE SA and a pair of IPSec SAs can be completed by exchanging 4 messages twice.

B.

IKE V2 does not have the concept of master mode and barb mode

C.

To establish a pair of IPSec SAs, only 6 messages need to be exchanged in the IKE V1 master mode.

D.

When the IPSec SA established by D IKE V2 is greater than one pair, each pair of SAs needs only one additional exchange, that is, two messages can be completed.

Full Access
Question # 10

Avoid DHCP server spoofing attacks. DHCP snooping is usually enabled. What is the correct statement?

A.

connected user's firewall interface is configured in trusted mode

B.

The firewall interface connected to the DHCP server is configured as untrusted mode.

C.

DHCP relay packets received on the interface in the untrusted mode are discarded.

D.

The DHCP relay packet received in the D trusted mode and passed the DHCP snooping check.

Full Access
Question # 11

Which of the following statements is true about L2TP over IPSec VPN?

A.

IPSec packet triggers an L2TP tunnel.

B.

L2TP packet triggers IPSec SA

C.

L2TP tunnel is established first

D.

IPSec tunnel is established first

Full Access
Question # 12

The administrator can create vfw1 and vfw2 on the root firewall to provide secure multi-instance services for enterprise A and enterprise B, and configure secure forwarding policies between security zones of vfw1 and vfw2.

A.

TRUE

B.

FALSE

Full Access
Question # 13

Huawei's abnormal traffic cleaning solution must deploy an independent testing center.

A.

TRUE

B.

FALSE

Full Access
Question # 14

In IPSec VPN, which one is incorrect about the difference between the barbaric mode and the main mode?

A.

main mode does not support NAT traversal in pre-shared key mode, but aggressive mode support

B.

main mode negotiation message is 6, and barb mode is 3

C.

In the NAT traversal scenario, the peer ID cannot use the IP address.

D.

main mode encrypts the exchange of identity information, while barbaric mode does not encrypt identity information

Full Access
Question # 15

The Tracert packet attack is an ICMP timeout packet returned by the attacker when the TTL is ____, and the ICMP port unreachable packet returned when the destination address is reached to find the path through which the packet arrives at the destination. Spying on the structure of the network

A.

0

B.

1

C.

2

D.

varies according to actual conditions

Full Access
Question # 16

Is the correct statement about TCP proxy and TCP reverse source probing?

A.

TCP proxy and TCP reverse source probe can prevent SYN Flood

B.

The principle of the TCP proxy is that the device acts as a proxy for the TCP connection between the two ends. When one end initiates the connection, it must first complete the TCP 3 handshake with the device.

C.

Use TCP proxy mode for attack defense, you must enable the state detection mechanism.

D.

TCP reverse source detection detects the source IP by sending a Reset packet.

Full Access
Question # 17

In the IDC room, a USG firewall can be used to divide into several virtual firewalls, and then the root firewall administrator generates a virtual firewall administrator to manage each virtual firewall.

A.

TRUE

B.

FALSE

Full Access
Question # 18

According to the capture of the victim host, what kind of attack is this attack?

A.

ARP Flood attack

B.

HTTP Flood attack

C.

ARP spoofing attack

D.

SYN Flood attack

Full Access
Question # 19

L2TP is a tunneling protocol set up for transparent transmission of PPP packets between users and enterprise servers. Which of the following features are included?

A.

L2TP protocol uses the TCP protocol

B.

supports private address allocation and does not occupy public IP addresses.

C.

and PPP configurations support authentication and work with Radius to support flexible local and remote AAA After combining with IPSec,

D.

supports encryption of packets.

Full Access
Question # 20

USG dual-machine hot standby must meet certain conditions and can be used below. What are the following statements correct?

A.

major and backup equipment must have the same product model

B.

The software version of the active and standby devices must be the same.

C.

The interface IP of the active and standby devices must be the same.

D.

The primary device must be configured, and the standby device does not require any configuration.

Full Access
Question # 21

The following scan snoop attacks are:

A.

SIP Flood attack

B.

HTTP Flood attack

C.

IP address scanning attack

D.

ICMP redirect packet attack

Full Access
Question # 22

The hot standby and IPSec functions are combined. Which of the following statements is correct?

A.

USG supports IPSec hot standby in active/standby mode.

B.

IPSec hot standby is not supported in load balancing mode.

C.

must configure session fast backup

D.

must be configured to preempt

Full Access
Question # 23

SSL VPN authentication is successful. Using the file sharing function, you can view directories and files, but you cannot upload, delete, and rename files. What are the possible reasons?

A.

If the file server type is NFS, the user UID and GID attributes do not allow the user to upload, delete, or rename files.

B.

If the type of the file server is SMB, the currently logged-in user has only read permission for the file share resource, but no write permission.

C.

Only the viewing function is enabled in the SSL file sharing function configuration of the C firewall.

D.

Some TCP connections between the virtual gateways of the D file server are blocked by the firewall

Full Access
Question # 24

An intranet has made a network, the old equipment is offline, the new network equipment is brought online, and after the service test, it is found that most of the original service traffic cannot work normally. What is the quickest way to restore the business?

A.

layering method

B.

segmentation method

C.

replacement method

D.

block method

Full Access
Question # 25

Which part of the attack packet is matched by the blacklist to achieve attack prevention?

A.

source address

B.

destination address

C.

source port

D.

destination port

Full Access
Question # 26

When using manual IPSec negotiation, NAT traversal is also required if there is a NAT device on the network.

A.

TRUE

B.

FALSEx

Full Access
Question # 27

Which of the following is not a message sent during ip-link detection?

A.

ARP packet

B.

IGMP message

C.

ICMP message

D.

Hello message

Full Access
Question # 28

When configuring the USG hot standby, (assuming the backup group number is 1), the configuration command of the virtual address is correct?

A.

vrrp vrid 1 vitual-ip ip address master

B.

vrrp vitual-ip ip address vrid 1 master

C.

vrrp vitual-ip ip address master vrid 1

D.

vrrp master vitual-ip address vrid 1

Full Access
Question # 29

Virtual firewall technology can achieve overlapping IP addresses.

A.

TRUE

B.

FALSE

Full Access
Question # 30

In the firewall DDoS attack defense technology, the data packet of the session table is not defended. If the data packet of the session has been established, it is directly released.

A.

TRUE

B.

FALSE

Full Access
Question # 31

What are the HRP backup methods supported by the USG?

A.

automatic backup

B.

manual batch backup

C.

fast backup

D.

real-time backup

Full Access