New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

H12-721 Exam Dumps - Huawei Certified ICT Professional - Constructing Infrastructure of Security Network

Go to page:
Question # 17

USG dual-machine hot standby must meet certain conditions and can be used below. What are the following statements correct?

A.

major and backup equipment must have the same product model

B.

The software version of the active and standby devices must be the same.

C.

The interface IP of the active and standby devices must be the same.

D.

The primary device must be configured, and the standby device does not require any configuration.

Full Access
Question # 18

An administrator can view the IPSec status information and Debug information as follows. What is the most likely fault?

A.

local IKE policy does not match the peer IKE policy.

B.

local ike remote name does not match peer ike name

C.

local ipsec proposal does not match the peer ipsec proposal

D.

The local security acl or the peer security acl does not match.

Full Access
Question # 19

Which of the following methods is used to switch between active and standby links in the IPSec backup and backup system?

A.

hot standby

B.

link-group

C.

Eth-trunk

D.

ip-link

Full Access
Question # 20

Which of the following encryption methods does IPSec VPN use to encrypt communication traffic?

A.

public key encryption

B.

private key encryption

C.

symmetric key encryption

D.

pre-shared key encryption

Full Access
Question # 21

71. Which option is incorrect about the HTTP Flood defense principle?

A.

HTTP Flood source authentication

B.

URI detection of destination IP

C.

fingerprint learning

D.

load check

Full Access
Question # 22

Which is the correct packet encapsulation order for L2TP over IPSec?

A.

The order from the first package to the post package is PPP-->UDP-->L2TP-->IPSec

B.

The order from the first package to the back package is PPP--> L2TP-->UDP--> IPSec

C.

The order of C from pre-package to post-encapsulation is IPSec --> L2TP-->UDP--> PPP

D.

The order of D from pre-package to post-encapsulation is IPSec --> PPP --> L2TP-->UDP

Full Access
Question # 23

A user wants to limit the maximum bandwidth of the 192.168.1.0/24 network segment to 500M, and limit all IP addresses in the network segment to maintain a bandwidth of 1M. How should I configure a current limiting policy for this requirement?

A.

Configure per-IP traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

B.

Configure overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 1M.

C.

Configure the overall traffic limiting. The maximum bandwidth of the host on the 192.168.1.0/24 network segment is 500M.

D.

Configure the overall traffic limiting. The maximum bandwidth of the host on the network segment 192.168.1.0/24 is 500M. Then use the per-IP traffic limiting to ensure that the server bandwidth is 1M.

Full Access
Question # 24

The firewall device defends against the SYN Flood attack by using the technology of source legality verification. The device receives the SYN packet and sends the SYN-ACK probe packet to the source IP address host in the SYN packet. If the host exists, it will Which message is sent?

A.

RST message

B.

FIN message

C.

ACK message

D.

SYN message

Full Access
Go to page: