[Nov 23, 2021] Valid H12-721 Test Answers & H12-721 Exam PDF [Q64-Q81]

[Nov 23, 2021] Valid H12-721 Test Answers & H12-721 Exam PDF

Valid HCNP-Security H12-721 Dumps Ensure Your Passing

Huawei H12-721 Exam Syllabus Topics:

Topic	Details
Topic 1	Network Security Device Unified Operation And Maintenance Firewall Intelligent Routing
Topic 2	Ipsec VPN Technology And Application SSL VPN Technology And Application Firewall High Availability
Topic 3	Network Security Device Management, Device Log Analysis Principles Of SLB Technology
Topic 4	Firewall Intelligent Routing Firewall Intelligent Routing Eth-Trunk Technology Link-Group Technology
Topic 5	HCIP-Security-CISN Exam Covers Network Security Device Management, Firewall Intelligent Routing
Topic 6	Principle Of Firewall Bandwidth Management Principles Of Intelligent Routing Network Security Device Management
Topic 7	Firewall Intelligent Routing VPN Technology And Application Intelligent Routing Application Analysis
Topic 8	Firewall Bandwidth Management Troubleshooting Firewall Bandwidth Management Deployment Firewall Virtual System
Topic 9	Firewall Virtual System Troubleshooting Firewall Virtual System Deployment Principle Of Firewall Virtual System
Topic 10	Firewall High Availability, VPN Technology And Application, Firewall Bandwidth Management And Virtual Firewall Technology

 

NEW QUESTION 64
In IPsec VPN with NAT traversal, you must use IKE aggressive mode.

• A. FALSE
• B. TRUE

Answer: A

 

NEW QUESTION 65
Which of the following commands are not commonly used when troubleshooting IPSec faults?

• A. display ipsec statistics
• B. display ipsec session
• C. display ike sa
• D. display ipsec sa

Answer: B

 

NEW QUESTION 66
Because the policy in the traffic limiting policy does not restrict the deny rule, you do not need to use the deny rule.

• A. FALSE
• B. TRUE

Answer: A

 

NEW QUESTION 67
Which of the following description about SMURF attacks is correct?

• A. Attacker sends SYN packets with source and destination addresses for the IP address where the attacker is. A SYN-ACK message is sent to their own address, so is the presence of an attacker hosts a large number of air connections.
• B. An attacker can target where to send a UDP packet in the network. The source address of the packet is being attacked. Host address, destination address are in the subnet broadcast address where the attack host the subnet network address using destination port number 7 or 19.
• C. Attacker sends ping requests to a subnet (broadcast), requesting that devices on that subnet send ping replies to a target system. Once the host or network is detected, it is then brought down.
• D. An attacker using a network or host receives an ICMP unreachable packets, the packets destined for the follow-up of this destination address directly considered unreachable, thereby cutting off the connection to the host destination.

Answer: C

 

NEW QUESTION 68
L2TP is used between the user and the enterprise server and it transparently transmits packets and sets up the PPP tunneling protocol, which includes which of the following characteristics? (Choose three answers)

• A. L2TP protocol uses TCP protocol
• B. After combining with IPsec support for encrypted packets
• C. It supports PPP authentication with RADIUS support with flexible local and remote AAA
• D. Support private address assignment; do not take the public IP address

Answer: B,C,D

 

NEW QUESTION 69
Which of the following statement about IKE is the correct? (Multiple choice)

• A. IKE security mechanisms include DH Diffie-Hellman exchange and key distribution, Perfect Forward Secrecy PFS, and SHA1 encryption algorithms.
• B. IPSec has two negotiation modes to establish security associations. One is manual and the other is automatic IKE negotiation (isakmp).
• C. The aggressive mode of IKE v1 can choose to find the corresponding authentication key and finally complete the negotiation according to the IP address or Name of the negotiation initiator.
• D. The NA7 traversal function deletes the UDP port number verification process during IKE negotiation and implements the discovery function of the NAT gateway device in the VPN tunnel. If the NAT gateway device is found, UDP encapsulation will be used in the subsequent IPSec data transmission.

Answer: B,C,D

 

NEW QUESTION 70
Which of the following statements is correct about the IKE main mode and the aggressive mode?

• A. barbarian mode uses DH algorithm
• B. All negotiation packets in the first phase of the aggressive mode are encrypted.
• C. All the negotiation packets of the first phase in the main mode are encrypted.
• D. will enter the fast mode regardless of whether the negotiation is successful or not.

Answer: A

 

NEW QUESTION 71
The IP address of the USG firewall GE0/0/0 is 192.168.0.1/24, and the firewall functions as the FTP server.
The IP address of the PC host is 192.168.0.2/24. The GE0/0/0 interface of the firewall and the PC host are connected through the network cable. Connected, as shown below: PC (192.168.0.2/24)--GE0/0/0 USG.
Which of the following commands can be used to complete the backup of the system configuration file vrpcfg.cfg?

• A. Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>get VRPcfg.cfg
• B. Complete the following command on the firewall: <USG>ftp 192.168.0.2 Trying 192.168.0.2 ...Press CTRL+K to abort Connected to 192.168.0.2 220 FTP Server ready User(192.168.0.2):(none) ftpuser 331 Password Required for ftpuser Password: 230 User logged in ftp>get vrpcfg.cfg
• C. Complete the following command on the firewall: [USG] ftp server enable info:Start FTP server
  [USG-aaa] local-user ftpuser password simple Ftppass# [USG-aaa] local-user ftpuser service-type ftp
  [USG-aaa] Local-user ftpuser ftp-directory hda1
• D. Complete the following command on the PC: C:\Documents and Settings\Administrator>ftp 192.168.0.1 Connectd to 192.168.0.1 220 FTP service ready User(192.168.0.1 (none)) ftpuser 331 Password required for ftpuser Password:230 user logged In ftp>put VRPcfg.cfg

Answer: A,C

 

NEW QUESTION 72
Corporate network administrator for a large data flow, when the USG is out of memory or CPU processing capacity limit is reached, in order to ensure that forwards packets do not carry a threat, USG dropped over the device throughput traffic.
Which of the following commands can achieve this kind of functionality?

• A. undo ips bypass enable
• B. undo utm bypass enable
• C. utm bypass enable
• D. ips bypass enable

Answer: B

 

NEW QUESTION 73
The SSL VPN authentication login is unsuccessful and the message "Bad username or password" is displayed.
Which one is wrong?

• A. username and password are entered incorrectly
• B. user or group filter field configuration error
• C. certificate filter field configuration error
• D. administrator configured a policy to limit the source IP address of the terminal

Answer: D

 

NEW QUESTION 74
When the performance difference between servers is large, which of the following algorithms can be used for load balancing?

• A. Weighted polling algorithm
• B. Source IP hash algorithm
• C. The minimum connection algorithm
• D. Simple polling algorithm

Answer: A

 

NEW QUESTION 75
Which of the following options is correct for the configuration of a VPN interface bound to a VPN instance?

• A. ip binding vpn-instance vpn-instance-name
• B. ip binding vpn-id
• C. ip binding vpn-instance vpn-id
• D. ip binding vpn-id vpn-instance-name

Answer: A

 

NEW QUESTION 76
About the configuration command in the smart routing, which statement of the following is correct? (Multiple Choice)
#
multi-interface
mode priority-of-link-quality
priority-of-link-quality parameter delay jitter loss
priority-of-link-quality protocol tcp-simple
add interface GigabitEthernet1/0/1
add interface GigabitEthernet1/0/2

• A. Use the way of bandwidth-based load sharing
• B. Selected 3 links for sharing
• C. Parameter of link quality detection has the delay, jitter, and packet loss rate
• D. Use the TCP protocol to detect

Answer: C,D

 

NEW QUESTION 77
With IP address scanning attack prevention, not only can it be used to prevent the ICMP packet destination address detection, it can also prevent the use of TCP / UDP scanning probe target addresses.

• A. FALSE
• B. TRUE

Answer: B

 

NEW QUESTION 78
USG5000A has an IPSEC connection to USG5000B and the "display ike sa" command was performed on USG5000A:

Based on the output shown, which of the following is correct?

• A. The SA has been successfully established between the firewalls
• B. USG5000A Firewall is a secure channel initiator IKE negotiation
• C. The SA has not been established between the firewalls successfully.
• D. USG5000B is the initiator of IKE negotiation of safe passage

Answer: A,B

 

NEW QUESTION 79
A user using L2TP over IPsec vpn client appropriated by the company's LNS gets dialing failure.
But in the LNS through debug ike all, and debug L2TP all did not show any information.
Both phases have failed in establishing IKE. What could be the reason for failure? (Choose two answers)

• A. Firewall (LNS) connected to the public network interface does not apply IPsec policies.
• B. IPsec data flow does not reach the firewall.
• C. Traffic interested acl configuration error.
• D. The LNS is not LZTP enabled.

Answer: A,B

 

NEW QUESTION 80
When users use port forwarding, they cannot access intranet resources. Which of the following is not a possible cause of the failure?

• A. Whether the virtual IP address is obtained on the virtual network card of the user PC.
• B. Port forwarding is not enabled.
• C. The security policy did not release traffic.
• D. The user connection has timed out.

Answer: A

 

NEW QUESTION 81
......

H12-721 Dumps Real Exam Questions Test Engine Dumps Training: https://www.exam4docs.com/H12-721-study-questions.html