Huawei.H12 711.v2019 12 25.q PDF

Preview

Summary

Huawei.H12-711.v2019-12-25.q52 Exam Code: H12-711 Exam Name: HCIA-Security V3.0 Certification Provider: Huawei Free Question Number: 52 Version: v2019-12-25 # of views: 104 # of Questions views: 520 https://www.freecram.com/torrent/Huawei.H12-711.v2019-12-25.q52.html NEW QUESTION: 1 Which of the fol...

Description

Huawei.H12-711.v2019-12-25.q52 Exam Code: H12-711 Exam Name: HCIA-Security V3.0 Certification Provider: Huawei Free Question Number: 52 Version: v2019-12-25 # of views: 104 # of Questions views: 520 https://www.freecram.com/torrent/Huawei.H12-711.v2019-12-25.q52.html NEW QUESTION: 1 Which of the following attacks is not a special packet attack? A. IP address scanning attack B. ICMP unreachable packet attack C. ICMP redirect packet attack D. Large ICMP packet attack Answer: A NEW QUESTION: 2 Electronic evidence preservation is directly related to the legal effect of evidence, in line with the preservation of legal procedures, and its authenticity and reliability are guaranteed. Which of the following is not an evidence preservation technology? A. Encryption technology B. Digital signature technology C. Message tag tracking technology D. Digital certificate technology Answer: C NEW QUESTION: 3 Regarding SSL VPN technology, which of the following options is wrong? A. SSL VPN technology encryption only takes effect on the application layer B. SSL VPN requires a dial-up client C. SSL VPN technology can be perfectly applied to NAT traversal scenarios D. SSL VPN technology extends the network scope of the enterprise Answer: B NEW QUESTION: 4 Which of the following statement about the NAT is wrong? A. NAT technology can effectively hide the hosts of the LAN, it is an effective network security protection technology

B. For some non-TCP, UDP protocols (such as ICMP, PPTP), unable to do the NAT translation C. Address Translation can follow the needs of users, providing FTP, WWW, Telnet and other services outside the LAN D. Some application layer protocols carry IP address information in the data, but also modify the IP address information in the data of the upper layer when they are as NAT Answer: B NEW QUESTION: 5 Some applications, such as Oracle database application, there is no data transfer for a long time, so that firewall session connection is interrupted, thus resulting in service interruption, which of the following technology can solve this problem? A. Configure a long business connection B. Optimization of packet filtering rules C. Turn fragment cache D. Configure default session aging time Answer: A NEW QUESTION: 6 Which of the following attacks can DHCP Snooping prevent? (Multiple Choice) A. Counterfeit DHCP lease renewal packet attack using option82 field B. IP spoofing attack C. Intermediaries and IP/MAC spoofing attacks D. DHCP Server counterfeiter attack Answer: A,B,C,D NEW QUESTION: 7 Digital certificates can be divided into local certificates, CA certificates, root certificates and self-signed certificates according to different usage scenarios. A. True B. False Answer: A NEW QUESTION: 8 After the network intrusion event occurs, according to the plan to obtain the identity of the intrusion, the attack source and other information, and block the intrusion behavior, which links of the above actions are involved in the PDRR network security model? (Multiple Choice) A. Protection link B. Response link C. Testing link

D. Recovery link Answer: B,C NEW QUESTION: 9 Which of the following is true about firewall security policies? A. By default, the security policy only controls unicast packets. B. By default, the security policy can control unicast packets, broadcast packets, and multicast packets. C. By default, the security policy can control unicast packets and broadcast packets. D. By default, the security policy can control multicast. Answer: A NEW QUESTION: 10 When the user single sign-on is configured, the receiving PC message mode is adopted. The authentication process has the following steps: 1 The visitor PC executes the login script and sends the user login information to the AD monitor. 2 The firewall extracts the correspondence between the user and the IP from the login information. Add to the online user table 3 AD monitor connects to the AD server to query the login user information, and forwards the queried user information to the firewall. 4 The visitor logs in to the AD domain. The AD server returns the login success message to the user and delivers the login script. which of the following order is correct? A. 1-4-3-2 B. 3-2-1-4 C. 1-2-3-4 D. 4-1-3-2 Answer: D NEW QUESTION: 11 A company employee account authority expires, but can still use the account to access the company server. What are the security risks of the above scenarios? (Multiple Choice) A. Access security risk B. Physical security risk C. System security risk D. Managing security risk Answer: A,C,D NEW QUESTION: 12 Regarding the HRP master and backup configuration consistency check content, which of the following is not included? A. NAT policy

B. Next hop and outbound interface of static route C. Is the heartbeat interface configured with the same serial number? D. Authentication Policy Answer: B NEW QUESTION: 13 Which of the following does the encryption technology support for data during data transmission? (Multiple choice) A. Source verification B. Integrity C. Controllability D. Confidentiality Answer: A,B,D NEW QUESTION: 14 IPS (Intrusion Prevention System) is a defense system that can block in real time when intrusion is discovered. A. True B. False Answer: A NEW QUESTION: 15 The SIP protocol establishes a session using an SDP message, and the SDP message contains a remote address or a multicast address. A. True B. False Answer: A NEW QUESTION: 16 In the VRRP (Virtual Router Redundancy Protocol) group, the primary firewall periodically sends advertisement packets to the backup firewall. The backup firewall is only responsible for monitoring advertisement packets and will not respond. A. False B. True Answer: B

Valid H12-711 Dumps shared by PrepAwayExam.com for Helping Passing H12-711 Exam! PrepAwayExam.com now offer the newest H12-711 exam dumps, the PrepAwayExam.com H12-711 exam questions have been updated and answers

have been corrected get the newest PrepAwayExam.com H12-711 dumps with Test Engine here: https://www.prepawayexam.com/Huawei/braindumps.H12-711.ete.file.html (290 Q&As Dumps, 40%OFF Special Discount: freecram) NEW QUESTION: 17 When the USG series firewall hard disk is in place, which of the following logs can be viewed? (Multiple Choice) A. Threat log B. Alarm information C. Operation log D. Business log Answer: A,B,C,D NEW QUESTION: 18 In the construction of information security system, the security model is needed to accurately describe the relationship between important aspects of security and system behavior. A. False B. True Answer: A NEW QUESTION: 19 Intrusion Prevention System (IPS) is a defense system that can block in real time when an intrusion is discovered. A. True B. False Answer: A NEW QUESTION: 20 Which of the following is not part of the LINUX operating system? A. CentOS B. Ubuntu C. MAC OS D. RedHat Answer: C NEW QUESTION: 21 Which of the following options does not include the respondents in the questionnaire for safety assessment? A. Technical leader B. Security administrator

C. HR D. Network System Administrator Answer: C NEW QUESTION: 22 Regarding the AH and ESP security protocols, which of the following options is correct? (Multiple Choice) A. The agreement number of ESP is 51. B. ESP can provide encryption and verification functions C. AH can provide encryption and verification functions D. The agreement number of AH is 51. Answer: B,D NEW QUESTION: 23 In the current network it has deployed other authentication system, device registration function by enabling a single point, reducing the user to re-enter the password. What are correct about single sign-on statements? (Multiple choice) A. AD domain single sign-on login can be mirrored data stream synchronized manner to the firewall B. AD domain single sign-on is only one deployment model C. device can identify the user through the authentication of the identity authentication system, user access, the device will not push authentication pages, to avoid further asked to enter a username / password D. Although not require to enter a user password, but the authentication server needs to interact with the user password and devices used to ensure that certification through discussion Answer: A,C NEW QUESTION: 24 Which of the following description is wrong about the intrusion detection system? A. The intrusion detection system can dynamically collect a large amount of key information and materials through the network and computer, and can timely analyze and judge the current state of the entire system environment. B. The flood detection system can be linked with firewalls and switches to become a powerful "helper" of the firewall, which is better and more precise to control traffic access between domains. C. The intrusion detection system can perform blocking operation if it finds that there is a violation of the security policy or the system has traces of being attacked. D. Intrusion detection system includes all hardware and software systems for intrusion detection Answer: D

NEW QUESTION: 25 About the description about the preemption function of VGMP management, which of the following statements is wrong? A. By default, the preemption function of the VGMP management group is enabled. B. After the VRRP backup group is added to the VGMP management group, the original preemption function on the VRRP backup group is invalid. C. By default, the preemption delay of the VGMP management group is 40s. D. Preemption means that when the faulty primary device recovers, its priority will be restored. At this time, it can regain its own state. Answer: C NEW QUESTION: 26 The single-point login function of the online user, the user authenticates directly to the AD server, and the device does not interfere with the user authentication process. The AD monitoring service needs to be deployed on the USG device to monitor the authentication information of the AD server. A. False B. True Answer: A NEW QUESTION: 27 Through display ike sa to see the result as follows, which statements are correct? (Multiple choice)

A. ike is using version v2 B. ike is using version v1 C. The first stage ike sa has been successfully established D. The second stage ipsec sa has been successfully established Answer: B,C NEW QUESTION: 28

Use iptables to write a rule that does not allow the network segment of 172.16.0.0/16 to access the device. Which of the following rules is correct? A. iptables -t filter -A INPUT -s 172.16.0.0/16 -p all -j DROP B. iptables -t filter -P INPUT -d 172.16.0.0/16 -p all -j ACCEPT C. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j DROP D. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j ACCEPT Answer: A NEW QUESTION: 29 During the configuration of NAT, which of the following will the device generate a Servermap entry? (Multiple Choice)? A. After the NAT server is configured successfully, the device automatically generates a server map entry. B. A server-map entry is generated when easy-ip is configured. C. Automatically generate server-map entries when configuring source NAT. D. After configuring NAT No-PAT, the device will create a server-map table for the configured multi-channel protocol data stream. Answer: A,D NEW QUESTION: 30 Which of the following are the versions of the SNMP protocol? (Multiple choice) A. SNMPv1 B. SNMPv2c C. SNMPv3 D. SNMPv2b Answer: A,B,C NEW QUESTION: 31 In the USG series firewall system view, the device configuration will be restored to the default configuration after the reset saved-configuration command is executed. No other operations are required. A. False B. True Answer: A

Valid H12-711 Dumps shared by PrepAwayExam.com for Helping Passing H12-711 Exam! PrepAwayExam.com now offer the newest H12-711 exam dumps, the PrepAwayExam.com H12-711 exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com H12-711 dumps with Test

Engine here: https://www.prepawayexam.com/Huawei/braindumps.H12-711.ete.file.html (290 Q&As Dumps, 40%OFF Special Discount: freecram) NEW QUESTION: 32 Which of the following is true about the description of SSL VPN? A. No authentication required B. There is a NAT traversal problem C. Can be used without a client D. May encrypt to IP layer Answer: C NEW QUESTION: 33 Execute the command on the firewall and display the following information. which of the following description is correct? (Multiple Choice) HRP_A [USG_A] display vrrp interfaceGigabitEthernet 0/0/1 GigabitEthernet0/0/1 | Virtual Router 1 VRRP Group: Active state: Active Virtual IP: 202.38.10.1 Virtual MAC: 0000-5e00-0101 Primary IP: 202.38.10.2 PriorityRun: 100 PriorityConfig: 100 MasterPriority: 100 Preempt: YES Delay Time: 10 A. The status of this firewall VGMP group is Active. B. Will not switch when the primary device fails C. This firewall G1 / 0/1 virtual interface IP address 202.30.10.2 D. This firewall VRID is 1 the VRRP priority to backup group 100 Answer: A,D NEW QUESTION: 34 When the session authentication mode is used to trigger the firewall's built-in Portal authentication, the user does not actively perform identity authentication, advanced service access, and device push "redirect" to the authentication page. A. False B. True Answer: B NEW QUESTION: 35 UDP port scanning means that the attacker sends a zero-byte UDP packet to a specific port of the target host. If the port is open, it will return an ICMP port reachable data packet. A. False B. True Answer: A NEW QUESTION: 36 In the USG series firewall, you can use the ______ function to provide well-known application services for non-known ports.

A. MAC and IP address binding B. Long connection C. Port mapping D. Packet filtering Answer: C NEW QUESTION: 37 The process of electronic forensics includes: protecting the site, obtaining evidence, preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence. A. False B. True Answer: B NEW QUESTION: 38 NAPT technology can implement a public network IP address for multiple private network hosts. A. False B. True Answer: B NEW QUESTION: 39 Which of the following information will be encrypted during the use of digital envelopes? (Multiple Choice) A. Receiver public key B. Symmetric key C. Receiver private key D. User data Answer: B,D NEW QUESTION: 40 In stateful inspection firewall, when opening state detection mechanism, three-way handshake's second packet (SYN + ACK) arrives the firewall. If there is still no corresponding session table on the firewall, then which of the following statement is correct? A. packets must not pass through the firewall B. If the firewall security policy allows packets through, then creating the session table C. If the firewall security policy allows packets through, then the packets can pass through the firewall D. packets must pass through the firewall, and establishes a session table Answer: A

NEW QUESTION: 41 For the description of ARP spoofing attacks, which the following statements is wrong? A. The ARP implementation mechanism only considers the normal interaction of the service and does not verify any abnormal business interactions or malicious behaviors. B. When a host sends a normal ARP request, the attacker will respond preemptively, causing the host to establish an incorrect IP and MAC mapping relationship. C. ARP spoofing attacks can only be implemented through ARP replies and cannot be implemented through ARP requests. D. ARP static binding is a solution to ARP spoofing attacks. It is mainly applied to scenarios where the network size is small. Answer: C NEW QUESTION: 42 Which of the following is an action to be taken during the summary phase of the cybersecurity emergency response? (Multiple Choice) A. Establish a defense system and specify control measures B. Evaluate the implementation of the contingency plan and propose a follow-up improvement plan C. Determine the effectiveness of the isolation measures D. Evaluation of members of the emergency response organization Answer: B,D NEW QUESTION: 43 Which of the following are the status information that can be backed up by the HRP (Huawei Redundancy Protocol) protocol? (Multiple choice) A. Session table B. Routing table C. ServerMap entry D. Dynamic blacklist Answer: A,C,D NEW QUESTION: 44 Which of the following types are included in Huawei firewall user management? (Multiple Choice) A. Internet user management B. Device User Management C. Administrator User Management D. Access user management Answer: A,C,D

NEW QUESTION: 45 HRP (Huawei Redundancy Protocol) Protocol to back up the connection state of data include: (Multiple Choice) A. the dynamic blacklist B. the routing table C. Server Map table D. TCP/UDP sessions table Answer: A,C,D NEW QUESTION: 46 Which of the following is correct about firewall IPSec policy? A. By default, IPSec policy only controls unicast packets. B. By default, IPSec policy can control unicast packets and broadcast packets. C. By default, IPSec policy can control multicast. D. By default, IPSec policy can control unicast packets, broadcast packets, and multicast packets 。 Answer: A

Valid H12-711 Dumps shared by PrepAwayExam.com for Helping Passing H12-711 Exam! PrepAwayExam.com now offer the newest H12-711 exam dumps, the PrepAwayExam.com H12-711 exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com H12-711 dumps with Test Engine here: https://www.prepawayexam.com/Huawei/braindumps.H12-711.ete.file.html (290 Q&As Dumps, 40%OFF Special Discount: freecram) NEW QUESTION: 47 Which of the following are the necessary configurations of IPSec VPN? (Multiple Choice) A. Configure the stream of interest B. Configuring IPSec SA related parameters C. Configure IKE SA related parameters D. Configuring IKE neighbors Answer: A,B,C,D NEW QUESTION: 48 OSPF is more commonly used than RIP because OSPF has device authentication and is more secure. A. False B. True Answer: A

NEW QUESTION: 49 Which of the following is not the identity of the IPSec SA? A. SPI B. Security policy C. Source address D. Destination address Answer: C NEW QUESTION: 50 Which of the following descriptions about the action and security profile of the security policy are correct? (Multiple choice) A. The security profile must be applied to the security policy that is allowed to take effect. B. The security profile may not be applied to the security policy that the action is allowed and take effect. C. If the security policy action is "Allow", the traffic will not match the security profile. D. If the action of the security policy is "prohibited", the device will discard this traffic, and then no content security check will be performed. Answer: A,D NEW QUESTION: 51 Which of the following are correct about configuring the firewall security zone? (Multiple Choice) A. When data flows between different security zones, the device security check is triggered and the corresponding security policy is implemented. B. The firewall can create two security zones of the same priority C. The firewall has four security zones by default, and the four security zone priorities do not support modification. D. Firewall can have 12 security zones at most. Answer: A,C NEW QUESTION: 52 The administrator wants to know the current session table. Which of the following commands is correct? A. display session table B. clear firewall session table C. reset firewall session table D. display firewall session table Answer: C

Valid H12-711 Dumps shared by PrepAwayExam.com for Helping Passing H12-711 Exam! PrepAwayExam.com now offer the newest H12-711 exam dumps, the PrepAwayExam.com H12-711 exam questions have been updated and answers have been corrected get the newest PrepAwayExam.com H12-711 dumps with Test Engine here: https://www.prepawayexam.com/Huawei/braindumps.H12-711.ete.file.html (290 Q&As Dumps, 40%OFF Special Discount: freecram)...