H12-721 Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certifications
  • Vendor
    :Huawei
  • Total Questions
    :245 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei H12-721 Online Questions & Answers

  • Question 1:

    Malformed packet attack techniques would use some legitimate packet data for network reconnaissance or testing. Tthese packets are legitimate for the application type; while normal network packets are rarely used.

    A. TRUE
    B. FALSE

  • Question 2:

    Refer to the following diagram in regards to Bypass mode.

    Which of the following statements is correct a few? (Choose two answers)

    A. When the interface is operating in a non-Bypass state, the flow from the inflow of USG Router_A interfaces from GE0, GE1 after USG treatment from the interface flow Router_B.
    B. When the Interface works in Bypass state, traffic flow from the interface by the Router_A GE0 USG, USG without any treatment, flows directly Router_B flows from the GE1 interfaces.
    C. When there are firewall requirements to achieve security policies, while working at the interface Bypass state to operate without interruption. Therefore, the device can be maintained in the Bypass state job.
    D. Power Bypass interface can work in bridge mode, and can work with the bypass circuit.

  • Question 3:

    What is the correct order for packet encapsulation with L2TP?

    A. PPP -> UDP -> L2TP -> IPsec
    B. PPP -> L2TP -> UDP -> IPsec
    C. IPsec -> L2TP -> UDP-> PPP
    D. IPsec -> PPP -> L2TP -> UDP

  • Question 4:

    Hot Standby networking environment is shown in Figure 1 and 2 backup group joined VGMP management group, USG_A main equipment, USG_B as a backup device.

    When USG_A is in failed state, such as power failure, this time USG_B state switched from Slave to Master. When USG_A firewall recovers, it switches back to its state Master, and USG_B status remains as Master. What has caused this phenomenon?

    A. Two firewall load balancing mode, both in the same backup set is configured to master, also configure the Slave
    B. USGA after the failure to restore its priority VRRP backup group did not recover in time
    C. After the USGA recover from a failure, malfunction heartbeat
    D. No configuration hrp track

  • Question 5:

    Load balancing has the following configuration: [USG] sIb enable [USG] sIb [USG-slb] rserver 1 rip 10.1.1.3 weight 32 [USG-slb] rserver 2 rip 10.1.1.4 weight 16 [USG-slb] rserver 3 rip 10.1.1.5 weight 32 [USG-slb] group test [USG-slb-group-test] metric srchash [USG-slb-group-test] add rserver 1 [USG-slb-group-test] add rserver 2 [USG-slb-group-test] add rserver 3 Which of the following statements is correct? (Choose two answers)

    A. Load balancing algorithm for the polling algorithm.
    B. The configuration is complete load balancing configuration.
    C. Value judgments based on weight which server data stream should flow, the smaller the weight value, the corresponding real server processing capacity should be more weak.
    D. weight is the weight of a real server weight.

  • Question 6:

    HRP technology can achieve an alternate configuration of the firewall that does not need any kind of information, all the configuration information are synchronized to the primary firewall HRP prepared by a firewall, and configuration information is not lost after restart.

    A. TRUE
    B. FALSE

  • Question 7:

    Which of the following is a drawback of an L2TP VPN?

    A. It cannot be routed in two layers
    B. You must use L2TP Over IPsec
    C. No authentication
    D. No encryption

  • Question 8:

    Which statement is correct regarding the IP address scanning attack prevention principle? (Choose three answers)

    A. IP address scanning attack attacker attacks using ICMP packets (such as Ping and Tracert command) to detect the target address.
    B. In an IP address scanning attack, the attacker attacks using TCP / UDP packets to detect the target address.
    C. In an IP address scanning attack, prevention is done by detecting the address of a host of behavioral scanning rate, if the rate exceeds the threshold value, and add it to the blacklist.
    D. If the USG open blacklist function, and the associated IP address scanning attack prevention, a source when the scan rate exceeds the set value elaborated beyond the threshold will be discarded packets within the follow-up time for this issue as long as the source is less than threshold can also be forwarded.

  • Question 9:

    In defense FIN / RST Flood attack method, conversation is checked. The workflow is when the FIN / RST packet rate exceeds the threshold, discarded packets, and then start the conversation check.

    A. TRUE
    B. FALSE

  • Question 10:

    As shown in Figure, firewall is in stateful failover networking environment, the firewall interfaces are in the business routing mode, and up and down are the router with OSPF configured.

    Assuming the OSPF protocol convergence Recovery time is 30s, following best configuration management is to seize on the HRP?

    A. hrp preempt delay 20
    B. hrp preempt delay 40
    C. hrp preempt delay 30
    D. undo hrp preempt deplay

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.