H12-721 : HCNP-Security-CISN (Huawei Certified Network Professional - Constructing Infrastructure of Security Network) Exam

H12-721 Dumps
H12-721 Braindumps
H12-721 Real Questions
H12-721 Practice Test
H12-721 Actual Questions


Huawei
H12-721
HCNP-Security-CISN (Huawei Certified Network Professional
- Constructing Infrastructure of Security Network)
https://killexams.com/pass4sure/exam-detail/H12-721
QUESTION: 89
Shown below is an IPSec standby scenario, with main link A and backup link B.
Assuming that on link B the next-hop IP address is 10.10.1.2 and 10.10.1.3, and we
want to ensure that the primary and redundant backup link via IP-Link is
configured.

Which of the following is the correct cstatic routeonfiguration from the
headquarters to the branch office?
A. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3
B. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 ip-link 2
C. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 preference 70 track ip-link 2
D. [USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.2 preference 70 track ip-link 1
[USG] ip route-static 0.0.0.0 0.0.0.0 10.10.1.3 track ip-link 2
Answer: C
QUESTION: 90
An enterprise branch firewall is configured for NAT. As shown in the figure,
USG_B is the NAT gateway. In order to extablish an IPSec VPN to USG_B, you
need to configure what on USG_B? (Choose two answers)

39


A. Configure a NAT Policy, citing the rule to allow the network segment’s source
and destination IP addresses for the ACL.
B. Configuration the IKE peer, use name authentication, and remote-address of the
interface address on USG_A
C. Configure a NAT Policy, where there is first a deny IPsec rule within the
enterprise network to protect the data flow from within the headquarters of the
network, and then permit the enterprise network to the Internet network data
stream.
D. Configure a IPSec policy template, citing the IKE peer.
Answer: B, C
QUESTION: 91
In the Enterprise netowrk shown below, Server A and Server B can not access Web
services. Troubleshooting has found that there is firewall routing module and that
there is a problem with the routing table in USG_A An enterprise network follows,
then Server A Server B can not access Web services, administrators troubleshoot
and found no firewall routing module A problem has been to establish the
appropriate routing table, but Firewall A firewall module is provided with wrong.

40
What troubleshooting method should be used?
A. stratification
B. Break Law
C. substitution method
D. Block Method
Answer: D
QUESTION: 92
An SSL VPN user authenticates, has enabled network expansion on the PC, and
has been assigned an IP addresses. However, the user can not access resources
within theintermal network server. Which of the following are possible reasons for
this? (Choose three)
A. Configuration error in the "Routing Client mode" configuration.
B. User access is limited
C. The network server is unreachable.
D. The PC's physical interface and assigned VPN addresses overlap.
Answer: A, B, C
QUESTION: 93
SSL VPN authentication is successful, and with the use of the file-sharing feature,
you can view the directories and files, but you can not upload, delete, or rename
files. What are possible reasons? (Choose two answers)
A. If the file server for NFS, the user's UID and GID attribute does not allow users
to upload, delete or rename the file operation.
B. If the type of file server for SMB, the user currently logged on to the file share
resource has only read permission and no write access.
C. The SSL firewall configuration file sharing feature allows only viewing.
D. Some TCP connections between the gateway and the virtual file server are
blocked by the firewall.
Answer: A, B
41
QUESTION: 94
A simple network is connected PC1-USG-Router-PC2. If PC1 sends packets to
PC2, and the USG processes fragmented packets, which modes can be used to do
this? (Choose three answers)
A. fragment cache
B. slice discarded
C. fragmentation direct forwarding
D. slicing defense
Answer: A, B, C
QUESTION: 95
In IP-link, how many successive packets must not be recived for it to be considered
a failure, by default?
A. 1 times
B. 2 times
C. 3 times
D. 5 times
Answer: C
QUESTION: 96
With Blacklist, which part of the packets are examined to determine there is an
attack?
A. The source address
B. destination address
C. Source Port
D. destination port
Answer: A
QUESTION: 97
Which statement about IP-link features are correct? (Choose three answers)
42
A. IP-link is a link connectivity detection function
B. ARP detection methods only support direct link
C. Firewalls will send ICMP or ARP packets to determine if the destination address
is reachable to the destination address of a probe
D. With IP-link and associated VGMP, when the IP-Link status becomes down,
VGMP lowers the default priority management group by 3.
Answer: A, B, C
QUESTION: 98
Refer to the following load balancing configuration:
[USG] slb enable
[USG] slb
[USG-slb] rserver 1 rip 10.1.1.3 weight 32
[USG-slb] rserver 2 rip 14.1.1.4 weight 16
[USG-slb] rserver 3 rip 10.1.1.5 weight 32
[USG-slb] group test
[USG-slb-group-test] metric srchash
[USG-slb-group-test] add rserver 1
[USG-slb-group-test] add rserver 2
[USG-slb-group-test] add rserver 3
Which of the following statements is correct? (Choose two answers)
A. The load balancing algorithm is the polling algorithm.
B. The configuration is a complete load balancing configuration.
C. Values of weight determine which data stream path should be used, the smaller
weight values should correspond to the real server that has less processing
capacity.
D. Weight is the weight of a real weight.
Answer: C, D
QUESTION: 99
About BFD detection mechanism, the following statement is correct? (Choose two
answers)
A. BFD control packets are encapsulated in TCP packets
B. BFD provides two detection modes: asynchronous and synchronous mode
43
C. After the establishment of a BFD session, both systems periodically send BFD
control packets
D. At the beginning of the session, the two sides negotiate through the control
system carried in the packet parameters
Answer: C, D
QUESTION: 100
An attacker sends a large number of SIP INVITE messages to the server, leading to
a denial of service attack on the SIP server.
This attack occurs on which layer of the seven layer OSI model?
A. Application Layer
B. Network Layer
C. Transport Layer
D. Data Link Layer
Answer: A



44

User: Gregory***** I initially thought that I wasted money on the hcnp-security-cisn (huawei certified network professional - constructing infrastructure of security network) brain dump test because I was not aware of the exam update. However, after contacting the killexams.com support team, I was reassured that the exam was updated and that their material was up to date. I was impressed by their performance and customer support, and I am looking forward to taking my hcnp-security-cisn (huawei certified network professional - constructing infrastructure of security network) exam in two weeks.

User: Tawnya***** I recently passed the h12-721 exam, and I owe it all to Killexams. Their questions are not only correct but also actual, making their study method strong and reliable. I have already shared my views with colleagues who also passed the exam, and I highly recommend Killexams.com brain dump tests for anyone looking for dependable exam preparation materials.

User: Natesha***** Initially, I was registered for the h12-721 exam simulator and practice tests, but I did not receive the h12-721 practice tests material. There were a few document errors, but they were later corrected. Despite the initial setback, I was able to prepare for the exam using the exam simulator and it turned out to be quite helpful.

User: Marushka***** When I was searching for an internet exam simulator to take my H12-721 exam, Killexams.com came to my rescue. I answered all the questions within just 90 minutes. The study material had all the important practice tests that were required for the exam, which made the exam preparation a lot easier for me. Initially, I was hesitant to use Killexams.com Questions and Answers, but after downloading the demos, I realized that it could provide me with the right help for the H12-721 exam.

User: Valentina***** I am proud to say that I passed my H12-721 exam within just 20 days of preparation, all thanks to the Killexams.com brain dump exam guide. The practice tests completely changed my life as I am now employed in a respectable corporation with an incredible income. Tough subjects were made easy, and I was provided with great references that were beneficial for the test purpose.

---