New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

H12-724 Exam Dumps - HCIP-Security (Fast track) V1.0

Go to page:
Question # 9

A network adopts 802. 1X To authenticate access users, the access control equipment is deployed at the convergence layer, and after the deployment is completed, it is used on the access control equipment t-aa The command test is successful, but the user cannot access the network. The failure may be caused by the following reasons? (Multiple choice)

A.

The aggregation layer device is not configured RADIUS Certification template.

B.

Agile Controller-Campus The switch is not added on NAS equipment.

C.

Connect to the terminal on the device to open 802.1X Function.

D.

The Layer 2 link is used between the access device and the aggregation device, and it is not turned on 802 Instrument transparent transmission function

Full Access
Question # 10

Which of the following options is not a challenge brought by mobile office?

A.

The mobile office platform is safe and reliable and goes online quickly.

B.

Users can access the network safely and quickly.

C.

Unified terminal management and fine control.

D.

Network gateway deployment

Full Access
Question # 11

Configure the following commands on the Huawei firewall:

[USG] interface G0/0/1

[USG] ip urpf loose allow-defult-route acl 3000

Which of the following options are correct? (multiple choice)

A.

For loose inspection: if the source address of the packet exists in the FB of the firewall: the packet passes the inspection directly

B.

For the case where the default route is configured, but the parameter allow-defult-route is not configured. As long as the source address of the packet is in the FIB table of the firewall

If it does not exist, the message will be rejected.

C.

For the situation where the default route is configured and the parameter allow-defult-route is matched at the same time, if the source address of the packet is in the FIB table of the firewall

If the packet does not exist in the loose check mode, all packets will pass the URPF check and be forwarded normally.

155955cc-666171a2-20fac832-0c042c0427

D.

For the configuration of the default route, and at the same time matching the parameter allow-defult-route, if the source address of the message is in the FIB table of the firewall

If it does not exist in the l0e check, the packet cannot pass the URPF check.

Full Access
Question # 12

Use BGP protocol to achieve diversion, the configuration command is as follows

[sysname] route-policy 1 permit node 1

[sysname-route-policy] apply community no-advertise

[sysname-route-policy] quit

[sysname]bgp100

155955cc-666171a2-20fac832-0c042c04

29

[sysname-bgp] peer

[sysname-bgp] import-route unr

[sysname- bgpl ipv4-family unicast

[sysname-bgp-af-ipv4] peer 7.7.1.2 route-policy 1 export

[sysname-bgp-af-ipv4] peer 7.7. 1.2 advertise community

[sysname-bgp-af-ipv4] quit

[sysname-bgp]quit

Which of the following options is correct for the description of BGP diversion configuration? (multiple choice)

A.

Use BGP to publish UNR routes to achieve dynamic diversion.

B.

After receiving the UNR route, the peer neighbor will not send it to any BGP neighbor.

C.

You also need to configure the firewall ddos ​​bgp-next-hop fib-filter command to implement back-injection.

D.

The management center does not need to configure protection objects. When an attack is discovered, it automatically issues a traffic diversion task.

Full Access
Question # 13

Which of the following options is not a special message attack?

A.

ICMP redirect message attack) 0l

B.

Oversized ICMP packet attack

C.

Tracert packet attack

D.

IP fragment message item

Full Access
Question # 14

The analysis and processing capabilities of traditional firewalls at the application layer are weak, and they cannot correctly analyze malicious codes that are mixed in the flow of allowed application teaching: many Attacks or malicious behaviors often use the firewall's open application data flow to cause damage, causing application layer threats to penetrate the firewall

A True

B. False

Full Access
Question # 15

Which of the following options is not a cyber security threat caused by weak personal security awareness?

A.

Disclosure of personal information

B.

Threats to the internal network

C.

Leaking corporate information

D.

Increasing the cost of enterprise network operation and maintenance

Full Access
Question # 16

Which of the following statements about IPS is wrong?

A.

The priority of the coverage signature is higher than that of the signature in the signature set.

B.

When the "source security zone" is the same as the "destination security zone", it means that the IPS policy is applied in the domain.

C.

Modifications to the PS policy will not take effect immediately. You need to submit a compilation to update the configuration of the IPS policy.

D.

The signature set can contain either predefined signatures or custom signatures. 832335

Full Access
Go to page: