New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

H12-721 Exam Dumps - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Go to page:
Question # 9

In the hot standby scenario, what is the correct statement about the primary and backup backups?

A.

batch backup is to back up all information in batches after the first negotiation of two devices is completed.

B.

The backup channel must be an interface on the service board and supports GE and Eth-trunk interfaces.

C.

By default, batch backup is turned on.

D.

Real-time backup is a real-time backup of newly created or refreshed data while the device is running.

Full Access
Question # 10

Run the display ike sa command to check the IKE SA information. The following statement is correct?

A.

phase 1 and phase 2 have been established

B.

negotiates through the IKE V2 protocol

C.

VPN instance name is public

D.

IPSec SA status is Ready

Full Access
Question # 11

The console port password can be restored to the factory settings by pressing and holding the USG device Reset button for 1-3 seconds.

A.

TRUE

B.

FALSE

Full Access
Question # 12

The malformed packet attack technology uses some legitimate packets to perform reconnaissance or data detection on the network. These packets are legal application types, but only normal network packets are rarely used.

A.

TRUE

B.

FALSE

Full Access
Question # 13

The ACK flood attack uses a botnet to send a large number of ACK packets, which impacts the network bandwidth and causes network link congestion. If the number of attack packets is large, the server processing performance is exhausted, thus rejecting normal services. Under the Huawei Anti-DDoS device to prevent this attack, compare the two processing methods - strict mode and basic mode, what is correct?

A.

bypass deployment dynamic drainage using strict mode

B.

In strict mode, the cleaning device does not check the established session, that is, the ACK packet does not hit the session, and the device discards the packet directly.

C.

If the cleaning device checks that the ACK packet hits the session, the session creation reason will be checked regardless of the strict mode or the basic mode.

D.

adopts "basic mode". Even if the session is not detected on the cleaning device, the device discards several ACK packets and starts session checking.

Full Access
Question # 14

The enterprise network is as shown in the figure. On the USG_A and USG_B, hot standby is configured, and USG_A is the master device. The administrator wants to configure SSL VPN on the firewall so that branch employees can access the headquarters through SSL VPN. Which virtual gateway address should the SSL VPN be?

A.

202.38.10.2/24

B.

202.38.10.3/24

C.

202.38.10.1/24

D.

10.100.10.2/24

Full Access
Question # 15

In the client-initial mode, the L2TP dialup fails. From the debug information below, it can be seen that the most likely cause is the dialup failure.

A.

username and password are inconsistent with aaa configuration

B.

Ins name configuration error

C.

tunnel password is not configured

D.

is not enabled l2tp

Full Access
Question # 16

The hot standby and IPSec functions are combined. Which of the following statements is correct?

A.

USG supports IPSec hot standby in active/standby mode.

B.

IPSec hot standby is not supported in load balancing mode.

C.

must configure session fast backup

D.

must be configured to preempt

Full Access
Go to page: