H12-721 : HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Exam

H12-721 Dumps
H12-721 Braindumps H12-721 Real Questions H12-721 Practice Test
H12-721 Actual Questions
killexams.com
Huawei
H12-721
HCNP-Security-CISN (Huawei Certified Network Professional
- Constructing Infrastructure of Security Network)
https://killexams.com/pass4sure/exam-detail/H12-721
QUESTION: 89
Shown below is an IPSec standby scenario, with main link A and backup link B. Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we want to ensure that the primary and redundant backup link via IP-Link is configured.
Which of the following is the correct cstatic routeonfiguration from the headquarters to the branch office?
A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2
1. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
2. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2
Answer: C
QUESTION: 90
An enterprise branch firewall is configured for NAT. As shown in the figure, USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you need to configure what on USG_B? (Choose two answers)
1. Configure a NAT Policy, citing the rule to allow the network segment’s source and destination IP addresses for the ACL.
2. Configuration the IKE peer, use name authentication, and remote-address of the interface address on USG_A
3. Configure a NAT Policy, where there is first a deny IPsec rule within the enterprise network to protect the data flow from within the headquarters of the network, and then permit the enterprise network to the Internet network data stream.
4. Configure a IPSec policy template, citing the IKE peer.
Answer: B, C
QUESTION: 91
In the Enterprise netowrk shown below, Server A and Server B can not access Web services. Troubleshooting has found that there is firewall routing module and that there is a problem with the routing table in USG_A An enterprise network follows, then Server A Server B can not access Web services, administrators troubleshoot and found no firewall routing module A problem has been to establish the appropriate routing table, but Firewall A firewall module is provided with wrong.
What troubleshooting method should be used?
1. stratification
2. Break Law
3. substitution method
4. Block Method
Answer: D
QUESTION: 92
An SSL VPN user authenticates, has enabled network expansion on the PC, and has been assigned an IP addresses. However, the user can not access resources within theintermal network server. Which of the following are possible reasons for this? (Choose three)
1. Configuration error in the "Routing Client mode" configuration.
2. User access is limited
3. The network server is unreachable.
4. The PC's physical interface and assigned VPN addresses overlap.
Answer: A, B, C
QUESTION: 93
SSL VPN authentication is successful, and with the use of the file-sharing feature, you can view the directories and files, but you can not upload, delete, or rename files. What are possible reasons? (Choose two answers)
1. If the file server for NFS, the user's UID and GID attribute does not allow users to upload, delete or rename the file operation.
2. If the type of file server for SMB, the user currently logged on to the file share resource has only read permission and no write access.
3. The SSL firewall configuration file sharing feature allows only viewing.
4. Some TCP connections between the gateway and the virtual file server are blocked by the firewall.
Answer: A, B
QUESTION: 94
A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to PC2, and the USG processes fragmented packets, which modes can be used to do this? (Choose three answers)
1. fragment cache
2. slice discarded
3. fragmentation direct forwarding
4. slicing defense
Answer: A, B, C
QUESTION: 95
In IP-link, how many successive packets must not be recived for it to be considered a failure, by default?
1. 1 times
2. 2 times
3. 3 times
4. 5 times
Answer: C
QUESTION: 96
With Blacklist, which part of the packets are examined to determine there is an attack?
1. The source address
2. destination address
3. Source Port
4. destination port
Answer: A
QUESTION: 97
Which statement about IP-link features are correct? (Choose three answers)
1. IP-link is a link connectivity detection function
2. ARP detection methods only support direct link
3. Firewalls will send ICMP or ARP packets to determine if the destination address is reachable to the destination address of a probe
4. With IP-link and associated VGMP, when the IP-Link status becomes down, VGMP lowers the default priority management group by 3.
Answer: A, B, C
QUESTION: 98
Refer to the following load balancing configuration: [USG] slb enable
[USG] slb
[USG-slb] rserver 1 rip 10.1.1.3 weight 32
[USG-slb] rserver 2 rip 14.1.1.4 weight 16
[USG-slb] rserver 3 rip 10.1.1.5 weight 32 [USG-slb] group test
[USG-slb-group-test] metric srchash [USG-slb-group-test] add rserver 1 [USG-slb-group-test] add rserver 2 [USG-slb-group-test] add rserver 3
Which of the following statements is correct? (Choose two answers)
1. The load balancing algorithm is the polling algorithm.
2. The configuration is a complete load balancing configuration.
3. Values of weight determine which data stream path should be used, the smaller weight values should correspond to the real server that has less processing capacity.
4. Weight is the weight of a real weight.
Answer: C, D
QUESTION: 99
About BFD detection mechanism, the following statement is correct? (Choose two answers)
1. BFD control packets are encapsulated in TCP packets
2. BFD provides two detection modes: asynchronous and synchronous mode
3. After the establishment of a BFD session, both systems periodically send BFD control packets
4. At the beginning of the session, the two sides negotiate through the control system carried in the packet parameters
Answer: C, D
QUESTION: 100
An attacker sends a large number of SIP INVITE messages to the server, leading to a denial of service attack on the SIP server.
This attack occurs on which layer of the seven layer OSI model?
1. Application Layer
2. Network Layer
3. Transport Layer
4. Data Link Layer
Answer: A

User: Anna***** With just ten days of preparation using Killexams.com’s study materials, I passed the h12-721 exam with flying colors. Their exam simulator closely mimics the real test, reducing my anxiety and ensuring success.

User: Elsie***** Killexams.com proved to be an invaluable resource for my h12-721 exam preparation. Their practice tests mirrored the actual exam format, making it effortless to recall answers during the test. While not every question was identical, the similarity was striking enough to help me navigate the exam with confidence. As an IT professional, I found their materials both practical and highly effective.

User: Puteri***** Huawei test preparation materials were challenging but incredibly helpful for my H12-721 exam. Their comprehensive resources and accurate questions enabled me to pass with confidence. I am grateful for their support and recommend them to anyone tackling this certification.

User: Tatjana***** I passed my h12-721 certification exam with a 91% score, thanks to Killexams.com’s practice tests. They were incredibly similar to the actual exam, giving me the confidence to succeed. I was initially doubtful, but their resources proved to be a game-changer, and I owe them my success.

User: Khrystyn***** The practice tests provided by Killexams.com were fantastic. Even though 76% is enough to pass the exam, I scored 92% marks on the real h12-721 exam. All credit goes to Killexams.com. It is tough to imagine that I could have passed the exam with any other product. This is an excellent product, and I highly recommend it.

---