HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network)
Last Update Apr 28, 2024
Total Questions : 217
We are offering FREE H12-721 Huawei exam questions. All you do is to just go and sign up. Give your details, prepare H12-721 free exam questions and then go for complete pool of HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) test questions that will help you more.
The main function of URPF is to prevent network attack behavior based on destination address spoofing.
In the active/standby mode of the USG dual-system hot standby, the service interface works at Layer 3, and the upstream and downstream routers are connected to the router. The administrator can view: USG_A status is HRP_M[USG_A], USG_B status is HRP_S[USG_B], current 15000+ session Table, every time a switchover occurs, all traffic is interrupted for a period of time, and seamless switching is impossible.
The USG series firewall is deployed on an enterprise network. You need to log in to the USG through telnet or ssh. Each command entered by the user must be authorized by the server to continue. Which of the following authentication methods can meet the requirements of the enterprise?
Which of the following configurations is mandatory when the IKE peer needs to be referenced to the IPSec policy template in the divquarters-branch-based IPSec VPN network (pre-shared key + traversal NAT)?
An administrator can view the IPSec status information and debugging information as follows. What is the most likely fault?
In the client-initial mode, the L2TP dialup fails. From the debug information below, it can be seen that the most likely cause is the dialup failure.
Two USG firewalls failed to establish an IPSec VPN tunnel through the NAT traversal mode. Run the display ike sa command to view the session without any UDP 500 session. What are the possible reasons?
To ensure the normal forwarding of large traffic, a network administrator of a company uses two firewalls to implement hot standby. As shown in the following figure, when the configuration is complete, it is found that when A of the two firewalls fails, the data stream being transmitted before the fault has been seriously lost, but the newly transmitted data stream can work normally after the fault. What could be the cause of this phenomenon?
Which of the following protocol messages cannot be propagated in an IPSec tunnel by default?
The firewall device defends against the SYN Flood attack by using the technology of source legality verification. The device receives the SYN packet and sends the SYN-ACK probe packet to the source IP address host in the SYN packet. If the host exists, it will Which message is sent?
The ip-link principle is to continuously send ICMP packets or ARP request packets to the specified destination address, and check whether the ICMP echo reply or ARP reply packet of the destination IP response can be received.
When using the optical bypass interface, the Bypass link has two working modes, automatic mode and forced mode.
Which of the following IKE Negotiation Phase 1 main mode negotiation processes is the role of Message 5 and Message 6?
When using the Radius server to authenticate users, (the topology is as shown below), not only must the username and password be stored on the Radius server, but the username and password must also be configured on the firewall.
Which of the following security services can a secure multi-instance provide for a virtual firewall?
What is the correct statement about the binding of local users to VPN instances?
Accessing the headquarters server through the IPSec VPN from the branch computer. The IPSec tunnel can be established normally, but the service is unreachable. What are the possible reasons?
Which of the following is correct about the configuration of the firewall interface bound to the VPN instance?
According to the capture of the victim host, what kind of attack is this attack?
The FTP network diagram is as follows. The FTP server wants to use the 21000 control port to provide external FTP services. The FTP client cannot access the FTP server.
USG A and USG B are configured with a static BFD session. The following is true about the process of establishing and tearing down a BFD session.
Which of the following encryption methods does IPSec VPN use to encrypt communication traffic?
Comparing URPF strict mode and loose mode, which of the following statements is incorrect?
The following figure shows the L2TP over IPSec application scenario. The client uses the pre-shared-key command to perform IPSec authentication. How should the IPSec security policy be configured on the LNS?
Virtual firewall virtualizes multiple logical firewalls on a physical firewall device and implements multiple instances?
What are the drainage schemes that can be used in the scenario of bypass deployment in Huawei's abnormal traffic cleaning solution?