H12-721 Practice Exam Questions with Answers HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Certification

packet is fragmented, and fragmented packets are discarded on the link.

There is load sharing or dual-machine link, which may be inconsistent with the back and forth path.

route oscillating

DPD detection parameters are inconsistent at both ends

Complete the following command on the firewall: [USG] ftp server enable info:Start FTP server [USG-aaa] local-user ftpuser password simple Ftppass# [USG-aaa] local-user ftpuser service-type ftp [USG-aaa] Local-user ftpuser ftp-directory hda1

Complete the following command on the firewall: ftp 192.168.0.2 Trying 192.168.0.2 ...Press CTRL+K to abort Connected to 192.168.0.2 220 FTP Server ready User(192.168.0.2):(none) ftpuser 331 Password Required for ftpuser Password: 230 User logged in ftp>get vrpcfg.cfg

Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>get VRPcfg.cfg

Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>put VRPcfg.cfg

virtual service technology

server health test

dual hot standby technology

stream-based forwarding

IKE V2 establishes a pair of IPSec SAs. Normally, an IKE SA and a pair of IPSec SAs can be completed by exchanging 4 messages twice.

IKE V2 does not have the concept of master mode and barb mode

To establish a pair of IPSec SAs, only 6 messages need to be exchanged in the IKE V1 master mode.

When the IPSec SA established by D IKE V2 is greater than one pair, each pair of SAs needs only one additional exchange, that is, two messages can be completed.

connected user's firewall interface is configured in trusted mode

The firewall interface connected to the DHCP server is configured as untrusted mode.

DHCP relay packets received on the interface in the untrusted mode are discarded.

The DHCP relay packet received in the D trusted mode and passed the DHCP snooping check.

IPSec packet triggers an L2TP tunnel.

L2TP packet triggers IPSec SA

L2TP tunnel is established first

IPSec tunnel is established first

TRUE

FALSE

TRUE

FALSE

main mode does not support NAT traversal in pre-shared key mode, but aggressive mode support

main mode negotiation message is 6, and barb mode is 3

In the NAT traversal scenario, the peer ID cannot use the IP address.

main mode encrypts the exchange of identity information, while barbaric mode does not encrypt identity information

0

1

2

varies according to actual conditions

TCP proxy and TCP reverse source probe can prevent SYN Flood

The principle of the TCP proxy is that the device acts as a proxy for the TCP connection between the two ends. When one end initiates the connection, it must first complete the TCP 3 handshake with the device.

Use TCP proxy mode for attack defense, you must enable the state detection mechanism.

TCP reverse source detection detects the source IP by sending a Reset packet.

TRUE

FALSE

ARP Flood attack

HTTP Flood attack

ARP spoofing attack

SYN Flood attack

L2TP protocol uses the TCP protocol

supports private address allocation and does not occupy public IP addresses.

and PPP configurations support authentication and work with Radius to support flexible local and remote AAA After combining with IPSec,

supports encryption of packets.

major and backup equipment must have the same product model

The software version of the active and standby devices must be the same.

The interface IP of the active and standby devices must be the same.

The primary device must be configured, and the standby device does not require any configuration.

SIP Flood attack

HTTP Flood attack

IP address scanning attack

ICMP redirect packet attack

USG supports IPSec hot standby in active/standby mode.

IPSec hot standby is not supported in load balancing mode.

must configure session fast backup

must be configured to preempt

If the file server type is NFS, the user UID and GID attributes do not allow the user to upload, delete, or rename files.

If the type of the file server is SMB, the currently logged-in user has only read permission for the file share resource, but no write permission.

Only the viewing function is enabled in the SSL file sharing function configuration of the C firewall.

Some TCP connections between the virtual gateways of the D file server are blocked by the firewall

layering method

segmentation method

replacement method

block method

source address

destination address

source port

destination port

TRUE

FALSEx

ARP packet

IGMP message

ICMP message

Hello message

vrrp vrid 1 vitual-ip ip address master

vrrp vitual-ip ip address vrid 1 master

vrrp vitual-ip ip address master vrid 1

vrrp master vitual-ip address vrid 1

TRUE

FALSE

TRUE

FALSE

automatic backup

manual batch backup

fast backup

real-time backup