H12-721 : HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Exam

H12-721 Dumps
H12-721 Braindumps
H12-721 Real Questions
H12-721 Practice Test
H12-721 Actual Questions


Huawei
H12-721
HCNP-Security-CISN (Huawei Certified Network Professional
- Constructing Infrastructure of Security Network)
https://killexams.com/pass4sure/exam-detail/H12-721
QUESTION: 89
Shown below is an IPSec standby scenario, with main link A and backup link B.
Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we
want to ensure that the primary and redundant backup link via IP-Link is
configured.

Which of the following is the correct cstatic routeonfiguration from the
headquarters to the branch office?
A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2
C. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
D. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2
Answer: C
QUESTION: 90
An enterprise branch firewall is configured for NAT. As shown in the figure,
USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you
need to configure what on USG_B? (Choose two answers)

39


A. Configure a NAT Policy, citing the rule to allow the network segment’s source
and destination IP addresses for the ACL.
B. Configuration the IKE peer, use name authentication, and remote-address of the
interface address on USG_A
C. Configure a NAT Policy, where there is first a deny IPsec rule within the
enterprise network to protect the data flow from within the headquarters of the
network, and then permit the enterprise network to the Internet network data
stream.
D. Configure a IPSec policy template, citing the IKE peer.
Answer: B, C
QUESTION: 91
In the Enterprise netowrk shown below, Server A and Server B can not access Web
services. Troubleshooting has found that there is firewall routing module and that
there is a problem with the routing table in USG_A An enterprise network follows,
then Server A Server B can not access Web services, administrators troubleshoot
and found no firewall routing module A problem has been to establish the
appropriate routing table, but Firewall A firewall module is provided with wrong.

40
What troubleshooting method should be used?
A. stratification
B. Break Law
C. substitution method
D. Block Method
Answer: D
QUESTION: 92
An SSL VPN user authenticates, has enabled network expansion on the PC, and
has been assigned an IP addresses. However, the user can not access resources
within theintermal network server. Which of the following are possible reasons for
this? (Choose three)
A. Configuration error in the "Routing Client mode" configuration.
B. User access is limited
C. The network server is unreachable.
D. The PC's physical interface and assigned VPN addresses overlap.
Answer: A, B, C
QUESTION: 93
SSL VPN authentication is successful, and with the use of the file-sharing feature,
you can view the directories and files, but you can not upload, delete, or rename
files. What are possible reasons? (Choose two answers)
A. If the file server for NFS, the user's UID and GID attribute does not allow users
to upload, delete or rename the file operation.
B. If the type of file server for SMB, the user currently logged on to the file share
resource has only read permission and no write access.
C. The SSL firewall configuration file sharing feature allows only viewing.
D. Some TCP connections between the gateway and the virtual file server are
blocked by the firewall.
Answer: A, B
41
QUESTION: 94
A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to
PC2, and the USG processes fragmented packets, which modes can be used to do
this? (Choose three answers)
A. fragment cache
B. slice discarded
C. fragmentation direct forwarding
D. slicing defense
Answer: A, B, C
QUESTION: 95
In IP-link, how many successive packets must not be recived for it to be considered
a failure, by default?
A. 1 times
B. 2 times
C. 3 times
D. 5 times
Answer: C
QUESTION: 96
With Blacklist, which part of the packets are examined to determine there is an
attack?
A. The source address
B. destination address
C. Source Port
D. destination port
Answer: A
QUESTION: 97
Which statement about IP-link features are correct? (Choose three answers)
42
A. IP-link is a link connectivity detection function
B. ARP detection methods only support direct link
C. Firewalls will send ICMP or ARP packets to determine if the destination address
is reachable to the destination address of a probe
D. With IP-link and associated VGMP, when the IP-Link status becomes down,
VGMP lowers the default priority management group by 3.
Answer: A, B, C
QUESTION: 98
Refer to the following load balancing configuration:
[USG] slb enable
[USG] slb
[USG-slb] rserver 1 rip 10.1.1.3 weight 32
[USG-slb] rserver 2 rip 14.1.1.4 weight 16
[USG-slb] rserver 3 rip 10.1.1.5 weight 32
[USG-slb] group test
[USG-slb-group-test] metric srchash
[USG-slb-group-test] add rserver 1
[USG-slb-group-test] add rserver 2
[USG-slb-group-test] add rserver 3
Which of the following statements is correct? (Choose two answers)
A. The load balancing algorithm is the polling algorithm.
B. The configuration is a complete load balancing configuration.
C. Values of weight determine which data stream path should be used, the smaller
weight values should correspond to the real server that has less processing
capacity.
D. Weight is the weight of a real weight.
Answer: C, D
QUESTION: 99
About BFD detection mechanism, the following statement is correct? (Choose two
answers)
A. BFD control packets are encapsulated in TCP packets
B. BFD provides two detection modes: asynchronous and synchronous mode
43
C. After the establishment of a BFD session, both systems periodically send BFD
control packets
D. At the beginning of the session, the two sides negotiate through the control
system carried in the packet parameters
Answer: C, D
QUESTION: 100
An attacker sends a large number of SIP INVITE messages to the server, leading to
a denial of service attack on the SIP server.
This attack occurs on which layer of the seven layer OSI model?
A. Application Layer
B. Network Layer
C. Transport Layer
D. Data Link Layer
Answer: A



44

User: Mack***** Although it is believed that a student must possess sharp thoughts to excel in the H12-721 exam, it is not entirely true. The educator or teacher must also be well-qualified and informed. I feel blessed that I met such wonderful educators at Killexams.com who taught me how to pass my H12-721 exam and helped me breeze through it. I thank them from the bottom of my heart.

User: Mishaye***** As I walked down the street, I noticed that I was getting more attention than usual. The reason for my unexpected popularity was that I had scored first-class marks on my Cisco test, and everyone was amazed by it. I was astonished too, but I knew that such success was possible for me because of the preparatory instructions I received from Killexams.com. They were ideal enough to make me perform so well.

User: Natasha***** After a long search, I found the precise source I needed. Everyone on the team at killexams.com was cooperative and able. They provided me with excellent materials for H12-721 preparation.

User: Henry***** I chose killexams.com because I did not just want to pass the H12-721 exam; I wanted to pass it with good marks to make a good impression. The H12-721 questions and preparation materials provided by killexams.com were instrumental in helping me achieve this goal, and I ended up scoring the highest marks in the class.

User: Elaine***** I highly recommend the questions and answers provided by Killexams.com to anyone preparing for the H12-721 exam. The materials helped me understand the basics and succeed in the exam. Even though I scored 85%, I am grateful for the question bank and ultimate day revision set provided by Killexams.com.

---