Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Huawei
HCIP-Security
H12-722_V3.0
HCIP-Security-CSSN V3.0 Questions and Answers

Pass the Huawei HCIP-Security H12-722_V3.0 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam H12-722_V3.0 Premium Access

View all detail and faqs for the H12-722_V3.0 exam

Go to Exam

701 Students Passed

88% Average Score

90% Same Questions

Viewing page 2 out of 6 pages

Viewing questions 11-20 out of questions

Questions # 11:

When the Anti DDoS system finds the attack flow, the state will redirect the attack flow to the cleaning device. After the cleaning device is cleaned, it will flow back.

Note to the original link, which of the following options does not belong to the method of re-injection?

Options:

Policy routing back annotation,

GRE back note:

MPLS LSP back injection

BGP back-annotation

Answer

Questions # 12:

What equipment do Policy Center supported servers include? (Choose 3 answers)

Options:

remote control device

mail server

Internet behavior management equipment

log collection server

Answer

A, B, C

Questions # 13:

If a company wants to detect image files, Shellcode code files and PDF files, which of the following types of sandboxes can be used? (More

155955cc-666171a2-20fac832-0c042c0420

select)

Options:

PDF heuristic sandbox

ja$

PE heuristic sandbox

Web heuristic sandbox

Heavyweight sandbox (virtual execution)

Answer

A, C, D

Questions # 14:

Intrusion detection is a network security technology used to detect any damage or attempt to damage the confidentiality, integrity or availability of the system. Which of the following

What is the content of the intrusion detection knowledge base?

Options:

Complete virus sample

Complete Trojan Horse

Specific behavior patterns

Security Policy

Answer

Questions # 15:

The results of the RBL black and white list query on the firewall are as follows:

Question # 15

Based on the above information only, which of the following statements is correct? (multiple choice)

Options:

Mail with source address 10.17.1.0/24 will be blocked

Mail with source address 10.18.1.0/24 will be blocked

Mail with source address 10.17.1.0/24 will be released

Mail with source address 10.18.1.0/24 will be released

Answer

C, D

Questions # 16:

In Huawei USG6000 products, IAE provides an integrated solution, all content security detection functions are integrated in a well-designed

In the high-performance engine. Which of the following is not the content security detection function supported by this product?

Options:

Application recognition and perception

URL classification and filtering

Video content filtering

Intrusion prevention

155955cc-666171a2-20fac832-0c042c048

Answer

Questions # 17:

Use BGP protocol to achieve diversion, the configuration command is as follows

[sysname] route-policy 1 permit node 1

[sysname-route-policy] apply community no-advertise

[sysname-route-policy] quit

[sysname]bgp100

155955cc-666171a2-20fac832-0c042c04

[sysname-bgp] peer

[sysname-bgp] import-route unr

[sysname- bgpl ipv4-family unicast

[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export

[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community

[sysname-bgp-af-ipv4] quit

[sysname-bgp]quit

Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

Options:

Use BGP to publish UNR routes to achieve dynamic diversion.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

You also need to configure the firewall ddos bgp-next-hop fib-filter command to implement back-injection.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

Answer

A, B

Questions # 18:

Configure the following commands on the Huawei firewall:

[USG] interface G0/0/1

[USG] ip urpf loose allow-defult-route acl 3000

Which of the following options are correct? (multiple choice)

Options:

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

Answer

A, B, C

Questions # 19:

Since the sandbox can provide a virtual execution environment to detect files in the network, the sandbox can be substituted when deploying security equipment

Anti-Virus, IPS, spam detection and other equipment.

Options:

True

155955cc-666171a2-20fac832-0c042c0414

False

Answer

Questions # 20:

The administrator has configured file filtering to prohibit internal employees from uploading development files, but internal employees can still upload development files. Which of the following is not allowed Can the reason?