Exam Details
Exam Code
:H12-721Exam Name
:HCIP-Security-CISN V3.0Certification
:Huawei CertificationVendor
:HuaweiTotal Questions
:65 Q&AsLast Updated
:Nov 05, 2023
Huawei Huawei Certification H12-721 Questions & Answers
-
Question 1:
IPSec NAT traversal is not supported in IKE main mode and aggressive mode of IP addresses + preshared key authentication mode, because the pre-shared key authentication requires the extraction of IP packets in order to find the IP address of the source address of the corresponding pre-shared secret key, and the presence of NAT causes a change to make the device unable to find the address of a pre-shared key.
A. TRUE
B. FALSE
-
Question 2:
The picture below shows that the IKE V1 first stage pre-shared key mode. Which of the following statement is correct?
A. D-H exchange public values and various auxiliary data
B. SA recommended strategy
C. Authentication
D. encryption transformation strategy
-
Question 3:
Testing Center is responsible for flow testing, and test results sent to the management center.
A. TRUE
B. FALSE
-
Question 4:
When an attack occurs, the attacked host (1.1.128.4) was fooled. Host found many packets as shown. Based on an analysis what type of attack is this?
A. Smurf attack
B. Land Attack
C. WinNuke
D. TCP packet flag attack
-
Question 5:
When the firewall is working in a hot standby load balancing networking environment, if the behavior of a router and firewall is down while working in routing mode, you need to configure the OSPF cost adjustment value based on HRP.
A. TRUE
B. FALSE
-
Question 6:
Under preemption and the default.VGMP management group is enabled, the preemption delay is 60s.
A. TRUE
B. FALSE
-
Question 7:
USG remote capture device configuration functions in a way that the device can grab packets downloaded to the device. Users can download to a local service via FTP and use Firewall Packetyzer to analyze packet.
A. TRUE
B. FALSE
-
Question 8:
When making hot standby switch, USG Series Firewall service port will send gratuitous ARP scene there. Which deployment mode is used? (Choose two answers)
A. Routing Switch Mode +
B. routing mode + router
C. exchange mode + switch
D. exchange mode + router
-
Question 9:
As shown below, the address pool for domain abc is the L2TP VPN user's address pool.
Based on the information, which of the following statements is wrong?
A. L2TP users can authenticate the domain account.
B. If the value of Used-addr-number field is less than the value of the Pool-length field, the on-line domain does not exceed the maximum number of user access number.
C. From a corporate LAN a PC can obtain an IP address, but not dial L2TP VPN users.
D. The address pool address range is from 100.0.0.2 to 100.0.0.99.
-
Question 10:
About L2TP over IPsec VPN, which of the following statements is correct? (Choose two answers)
A. IPSEC L2TP tunnel packets trigger
B. L2TP packets trigger IPSEC SA
C. L2TP tunnel first establish
D. IPSEC tunnel first establish
Related Exams:
H12-323
HCIP-WLAN V2.0H12-321
HCIP-WLAN-CEWA V1.0H13-961
HCIE-GaussDB-OLTP (Written) V1.0H12-725
HCIP-Security V4.0H35-652
HCIE-5G-Core (Written) V1.0H28-154
HCSA-Development-AppCube Low Code Platform V1.0H20-683
HCSP-Field-Smart PV V2.0H19-383
HCSA-Presales-Smart PV V1.0H19-382
HCS-Pre-sales-IP(Campus) V1.0H14-611
HCIA-MDC Application Developer V1.0
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.