There are many people searching for free dumps for H12-721 exam, now we will share Huawei HCNP-Security H12-721 exam free questions and answers here for you to practice, you also can contact us to get more free questions. And if we update, we will share update version to you.
New feedback: Just passed H12-721-ENU HCNP-Security-CISN (Constructing Infrastructure of Security) on May.28.2018. number of test questions: 180 Q&As
1. Users cannot access intranet resources when using the network extension function. Which of the following are not possible causes of the failure?
A. Did you obtain a virtual IP address on the virtual network card of the user's PC?
B. The route between the firewall and intranet server is unreachable.
C. User connection is timeout.
D. The virtual IP address conflicts with the FW interface address, intranet server address, and DHCP address pool address.
Answer: C
2. On a hot standby networking, if the peer heartbeat interface address is specified when the HRP heartbeat interface is configured, which of the following types of packets is the VGMP hello packet sent between the firewalls?
A. Unicast packets
B. Broadcast packets
C. Multicast packets
D. UDP packets
Answer: A
3. The hot standby networking shown as the following picture, in the figure, the gateway address of PC1 should be the interface IP address of the master device, that is, 10.100.10.2/24.
A. True
B. False
Answer: B
4. The bandwidth management function only supports limiting the number of connections initiated by a specified IP.
A. True
B. False
Answer: B
5. When using the Radius server to authenticate users, you need to configure the corresponding username and password on both the Radius server and the firewall.
A. True
B. False
Answer: B
6. As shown in the figure is the firewall hot standby networking environment. In this networking environment, which of the following commands can ensure that the device automatically adjusts the priority of the VGMP management group and automatically performs the active/standby switchover?
A. hrp ospf-cost adjust-enable
B. hrp preempt delay 60
C. hrp interface GigabitEthernet 0/0/2
D. hrp auto-sync config
Answer: A
7. About the description of the process of network expansion, which statement is wrong?
A. After the network extension function is triggered, an SSL VPN tunnel needs to be established first between the remote user and the virtual gateway.
B. The remote user's local PC automatically generates a virtual network adapter. The virtual gateway randomly selects an IP address from the address pool and assigns it to the remote user's virtual network adapter.
C. After the remote user virtual network adapter obtained the private IP address, it need to manually configure the route to the intranet server so that the internal network resources can be accessed normally.
D. The remote user sends a business request packet to the Server on the intranet. The packet arrives to the virtual gateway through the SSL VPN tunnel.
Answer: C
8. In the IDC room, a Huawei USG6000 series firewall can be divided into several virtual systems. Then, the root firewall administrator generates virtual system administrators to manage each virtual system separately.
A. True
B. False
Answer: A
9. The two FWs are interconnected by IPSec. The display ike sa is executed in FW_A. The result is shown as following. Which of the following statements are correct? (Multiple Choices)
A. FW_A is the initiator of IKE secure channel negotiation
B. FW_B is the initiator of IKE security channel negotiation
C. SA between firewalls has been successfully established
D. SA between firewalls have not been established successfully
Answer: AC
10. In hot standby, what is the number of cycles does not receive the HRP HELLO packet from the peer end, the Slave peer considers the peer end to be faulty?
A. One
B. Two
C. Three
D. Five
Answer: C
11. Which of the following resource allocation methods are supported by Huawei USG6000 product resource allocation?
A. Quota allocation
B. Automatic allocation
C. Manual allocation
D. Non-quota allocation
Answer: AC
12. An enterprise networking is shown as the following figure, the hot standby is configured on USG_A and USG_B, and USG_A is the master device. The administrator wants to configure SSL VPN on the firewall so that branch office employees can access the headquarters through SSL VPN.
What should the SSL VPN virtual gateway address be?
A. 202.38.10.2/24
B. 202.38.10.3/24
C. 202.38.10.1/24
D. 10.100.10.2/24
Answer: C
13. GRE Over IPSec tunnel can achive the tranform of IPX packets.
A. True
B. False
Answer: A
14. Huawei UMA products can be deployed in a logically concatenated manner. Which of the following statements is true about the logical mode of this deployment?
A. Logical Mode: Person -> Slave Account -> Authorization -> Master Account -> Target system.
B. Logical Mode: Person -> Master Account -> Authorization -> Slave Account -> Target System.
C. Logical Mode: Authorization -> Slave Account -> Person -> Master Account -> Target System.
D. Logical Mode: Target System -> Slave Account -> Authorization -> Master Account -> Person.
Answer: B
15. The global routing means that when there are multiple equal-cost routes to the destination network, the Huawei USG6000 firewall can dynamically select the outbound interface according to the link bandwidth, weight, priority, or automatically detected link quality set by the administrator, to achieve the reasonable use of link resources and improve the user experience.
A. True
B. False
Answer: A
16. When traffic is finally sent from the outgoing interface, it is limited by the bandwidth of the outgoing interface. If the traffic is greater than the outbound interface bandwidth, which of the following will be used to do queue scheduling for traffic to ensure that high-priority packets are sent preferentially?
A. Remark DSCP priority
B. Forwarding priority
C. Bandwidth policy matching order
D. QoS
Answer: B
17. About the server load balancing, which of the following technology can be used to perceive the changes of server state to ensure that user requests are not sent to the failed server?
A. VGMP Hello packets
B. VRRP packets
C. DPD
D. Service Health Check
Answer: D
18. The following figure shows the networking of BFD for OSPF:
1. OSPF is running among the three devices FW_A, FW_B, and FW_C. They are neighbors.
2. When the neighbor status reaches the FULL state, and BFD and OSPF are configured as ganged, BFD completes the establishment of BFD session.
Which of the following statements are correct? (Multiple Choices)
A. When the link a fails, the BFD first percieves, and the FWA and FWB converge immediately.
B. BFD can provide second-level fault detection mechanism
C. After the BFD finds the event of neighbor Down, rerunning the routing calculation between the devices, the new route is link b.
D. When link a fails, OSPF automatically converges and informs BFD
Answer: AC
19. As shown in the figure, BFD is bound to a static route. The administrator configures firewall A as follows:
[USG6000_A] bfd
[USG6000_A-bfd] quit
[USG6000_A] bfd as bind peer-ip 1.1.1.2
[USG6000_A-bfd-session-aa] discriminator local 10
[USG6000_A-bfd-session-aa] discriminator remote 20
[USG6000_A-bfd-session-aa] commit
[USG6000_A-bfd-session-aa] quit
Which of the following statements is correct for this configuration? (Multiple Choices)
A. Use the command of "bfd as bind peer-ip 1.1.1.2" to create a BFD session binding policy for detecting the link status.
B. In this command, [USG6000_A] bfd is incorrectly configured. Change it to [USG6000_A] bfd enable to enable BFD function.
C. [USG6000_A-bfd-session-aa] commit is optional. If you do not configure, the system default submits configuration and generates BFD session log information but does not create a session table.
D. The command to bind the BFD session to the static route is also required on the firewall:
[USG6000_A] ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa
Answer: AD
20. Use a web page to log in to the SSL VPN gateway. After a certain period, the SSL VPN gateway automatically exits. The possible cause is that the session of the VPN gateway times out.
A. True
B. False
Answer: A
21. Which of the following scenarios can achieve bandwidth reuse? (Multiple Choices)
A. Multiple traffic matches to the same bandwidth policy, bandwidth reuse can be implemented between multiple traffic.
B. When multiple bandwidth policies reference bandwidth channels in a policy-sharing manner, bandwidth reuse can be implemented among multiple traffic matching bandwidth policies.
C. Bandwidth reuse can be implemented between multiple traffic matching multiple sub-policies in a parent-child policy.
D. Multiple bandwidth policies reference bandwidth channels in a policy-only manner, bandwidth reuse can be implemented among multiple traffic matching bandwidth policies.
Answer: ABC
22. What is the correct statement about the virtual interface? (Multiple Choices)
A. The virtual interface may have a protocol layer DOWN because no IP address is configured.
B. The virtual interface must join the security zone to work.
C. The virtual interface can be configured without an IP address.
D. The virtual interface is a logical interface and needs to be configured with an IP address.
Answer: BC
23. Ensure that the traffic is not affected by the server or link failure. The administrator has configured the link health check. However, after the configuration is complete, the health check status is still Down. What are the possible causes? (Multiple Choice)
A. The peer device did not release the corresponding protocol and port
B. Security policy did not release traffic
C. The link for the health check has failed
D. Health check is not invoked on the interface
Answer: ABC
24. About the configuration command in the smart routing, which statement of the following is correct? (Multiple Choice)
#
multi-interface
mode priority-of-link-quality
priority-of-link-quality parameter delay jitter loss
priority-of-link-quality protocol tcp-simple
add interface GigabitEthernet1/0/1
add interface GigabitEthernet1/0/2
A. Use the way of bandwidth-based load sharing
B. Parameter of link quality detection has the delay, jitter, and packet loss rate
C. Use the TCP protocol to detect
D. Selected 3 links for sharing
Answer: BC
25. To implement the dual-system hot standby function of the USG6000 firewall, which of the following protocols is not required?
A. HRP
B. VRRP
C. VGMP
D. IGMP
Answer: D