Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Huawei Certified Network Professional HCNP H12-721 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam H12-721 Premium Access

View all detail and faqs for the H12-721 exam

Go to Exam

449 Students Passed

84% Average Score

91% Same Questions
Viewing page 1 out of 7 pages
Viewing questions 1-10 out of questions
Questions # 1:

What are the following attacks that are malformed?

Options:

A.

Smurf attack

B.

Fraggle attack

C.

large ICMP packet attack

D.

IP packet attack with routing entries

Questions # 2:

The load balancing function is configured on the USG firewall for three FTP servers. The IP addresses and weights of the three physical servers are 10.1.13/24 (weight 16); 10.1.1.4/24 (weight 32); 10.1.1.5 /24 (weight 16), and the virtual server address is 202.152.26.123/24. A PC with the host address of 202.152.26.3/24 initiates access to the FTP server. Run the display firewall session table command on the firewall to check the configuration. Which of the following conditions indicates that the load balancing function is successfully implemented?

Options:

A.

display firewall session table Current total sessions: 1 ftp VPN: public-->public 202.152.26.3:3327-->10.1.1.4:21

B.

display firewall session table Current total sessions:3 ftp VPN: public 202.152.26.3:3327--> 202.152.26.123:21[10.1.1.3:21] ftp VPN:public-->public 202.152.26.3:3327 -->202.152.26.123:21[10.1.1.4:21] ftp VPN: public-->public 202.152.26.3:3327-->202.152.26.123:21[10.1.1.5:21]

C.

display firewall session table Current total sessions: 1 ftp VPN: 202.152.26.3:3327-->202.152.26.123:21

D.

display firewall session table Current total sessions: 3 ftp VPN: ftp VPN: public 202.152.26.3:3327--> 202.152.26.123:21[10.1.1.3:21] ftp VPN: public-->public 202.152. 26.3:3327-->10.1.1.4:21 ftp VPN:public-->public 202.152.26.3:3327-->10.1.1.4:21 ftp VPN:public-->public 202.152.26.3:3327-->10.1. 1.5:21

Questions # 3:

What are the correct statements about the IP address scanning attack and prevention principles?

Options:

A.

IP address scanning attack is an attacker that uses an ICMP packet (such as ping and tracert) to detect the target address.

B.

IP address scanning attack is an attack method used by an attacker to detect a target address by using TCP/UDP packets.

C.

IP address scanning attack defense detects the rate of address scanning behavior of a host. If the rate exceeds the threshold, it is blacklisted.

D.

If the USG starts the blacklist function and is associated with IP address scanning attack prevention, when the scanning rate of a certain source exceeds the set threshold, the excess threshold will be discarded, and the packets sent by this source will be less than the subsequent time. Threshold, can also be forwarded

Questions # 4:

Which of the following protocols does the USG firewall hot standby not include?

Options:

A.

HRP

B.

VRRP

C.

VGMP

D.

IGMP

Questions # 5:

Load balancing implements the function of distributing user traffic accessing the same IP address to different servers. What are the main technologies used?

Options:

A.

virtual service technology

B.

server health test

C.

dual hot standby technology

D.

stream-based forwarding

Questions # 6:

What type of message is the VRRP hello message?

Options:

A.

unicast message

B.

broadcast message

C.

multicast packet

D.

UDP packet

Questions # 7:

Two USG firewalls establish an IPSec VPN through the Site to Site mode. When viewing the status of a USG A, the following is displayed: display ipsec statistics the security packet statistics: input/output security paskets: 40 input/output security bytes: 400/0 input /output dropped security packets: 0/0 By status information, what information can be obtained correctly?

Options:

A.

USG A has already encrypted 4 packets, and USG A has decrypted packets.

B.

USG A has decrypted the data packet is 4, USG A has encrypted data packet is 0

C.

Site A device on the intranet, there is no route, so the protection data may not be sent to USG A.

D.

IPSec tunnel is not established

Questions # 8:

Which of the following attacks is a SYN Flood attack?

Options:

A.

attacker sends a large number of SYN packets, which causes a large number of incomplete TCP connections to occupy the resources of the attacker.

B.

means that the attacker and the attacked object normally establish a TCP full connection, but there is no subsequent message.

C.

means that the attacker sends a large number of ICMP packets, such as ping, to the attacker.

D.

means that the attacker occupies the link bandwidth of the server by sending a large number of UDP packets to the attacker.

Questions # 9:

The constraints of the policy in the traffic limiting policy include quintuple, time period, user identity, and application protocol.

Options:

A.

TRUE

B.

FALSE

Questions # 10:

The branch firewall of an enterprise is configured with NAT. As shown in the figure, USG_B is the NAT gateway. The USG_B is used to establish an IPSec VPN with the headquarters. Which parts of the USG_B need to be configured?

Question # 10

Options:

A.

Configure the nat policy. The reference rule is to allow the source and destination of the intranet to be all ACLs.

B.

Configure the IKE peer, use the name authentication, and remote-address is the outbound interface address of the headquarters.

C.

Configure the nat policy. The reference rule is to protect the data flow from the enterprise intranet to the headquarters intranet in the first deny ipsec, and then permit the data flow from the intranet to the internet.

D.

Configure an ipsec policy template and reference ike peer

Viewing page 1 out of 7 pages
Viewing questions 1-10 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA