Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Huawei
Huawei Certified Network Professional HCNP
H12-721
Huawei Certified ICT Professional - Constructing Infrastructure of Security Network Questions and Answers

Pass the Huawei Certified Network Professional HCNP H12-721 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam H12-721 Premium Access

View all detail and faqs for the H12-721 exam

Go to Exam

746 Students Passed

86% Average Score

95% Same Questions

Viewing page 4 out of 7 pages

Viewing questions 31-40 out of questions

Questions # 31:

As shown in the following figure, the BFD for OSPF network is as follows: 1. OSPF is running between the three devices: FW_A, FW_B, and FW_C. The neighbors are in the FULL state. The association between BFD and OSPF is complete. BFD is complete. To establish a BFD session, the following instructions are correct?

Question # 31

Options:

When link a fails, BFD first senses, and FWA and FWB will converge immediately.

link switching is switched in seconds

FWA processes the neighbor Down event and recalculates the route. The new route is link b.

When link a finds a fault, OSPF automatically converges and notifies BFD.

Answer

A, C

Questions # 32:

Based on the following information analysis on the firewall, which of the following options are correct?

Question # 32

Options:

The first packet of this data flow enters from the Trust zone interface and is sent from the Untrust zone interface.

This data stream has been NAT translated

uses NPAT conversion technology

firewall has virtual firewall function enabled

Answer

A, B, C

Questions # 33:

The main function of URPF is to prevent network attack behavior based on destination address spoofing.

Options:

TRUE

FALSE

Answer

Explanation

Note: The main function of URPF is to prevent network attack behavior based on source address spoofing.

Questions # 34:

The dual-system hot standby networking environment is as shown in the following figure: VRRP group 1 and 2 are added to the VGMP management group, USG_A is the master device, and USG_B is the standby device. When the USG_A has a fault Status, such as power failure, the USG_B status is switched from Slave to Master. After the USG_A is faulty, its status is switched back to Master and the USG_B status is still Master. What is the reason for this now?

Question # 34

Options:

Two firewalls are in load grouping mode. They are configured as master and slave in the same backup group.

After the fault of the USG_A is restored, the priority of the VRRP backup group is not restored in time.

After the USG_A recovers from the fault, the heartbeat line fails.

is not configured hrp track

Answer

Questions # 35:

In the USG firewall, which two commands can be used to view the running status and memory/CPU usage of the device components (main control board, board, fan, power supply, etc.)?

Options:

display device

display environment

display version

dir

Answer

A, B

Questions # 36:

Which of the following statements is correct about the IKE main mode and the aggressive mode?

Options:

All negotiation packets in the first phase of the aggressive mode are encrypted.

All the negotiation packets of the first phase in the main mode are encrypted.

barbarian mode uses DH algorithm

will enter the fast mode regardless of whether the negotiation is successful or not.

Answer

Questions # 37:

A network is as follows: The l2tp vpn is established through the VPN Client and the USG (LNS). What are the reasons for the dialup failure?

Question # 37

Options:

The tunnel name of the A LNS is inconsistent with the tunnel name of the client.

L2TP tunnel verification failed

0PPP authentication failed, the PPP authentication mode set on the client PC and LNS is inconsistent.

The client PC cannot obtain the IP address assigned to it from the LNS.

Answer

B, C, D

Questions # 38:

The following are traffic-type attacks.

Options:

IP Flood attack

HTTP Flood attack

IP address scanning attack

ICMP redirect packet attack

Answer

A, B

Explanation

Note: Traffic-type attack: refers to a flood attack caused by a large number of packets causing link congestion or system processing, that is, flood attacks. Main representatives: SYN Flood, UDP Flood, and ICMP Flood. In recent years, it has developed into a flood attack for common services, mainly including connection flood (connection exhaustion), HTTP flood (the most obvious attack effect such as CC attack), DNS Query Flood, DNS Reply Flood, and SIP Flood (sending a large number of SIP ports). UDP spam).

Questions # 39:

Both AH and ESP protocols of IPSec support NAT traversal

Options:

TRUE

FALSE

Answer

Explanation

Note: AH does not support NAT traversal.

Questions # 40:

IPSec VPN uses digital certificates for authentication. It has the following steps: 1. verify the certificate signature; 2. find the certificate serial number in the CRL; 3. share the entity certificate between the two devices; 4. verify the validity period of the certificate; . Establish a VPN tunnel. Which of the following is correct?