IPSec NAT traversal is not supported in IKE main mode and aggressive mode of IP addresses + preshared key authentication mode, because the pre-shared key authentication requires the extraction of IP packets in order to find the IP address of the source address of the corresponding pre-shared secret key, and the presence of NAT causes a change to make the device unable to find the address of a pre-shared key.
A. TRUE
B. FALSE
The picture below shows that the IKE V1 first stage pre-shared key mode. Which of the following statement is correct?
A. D-H exchange public values and various auxiliary data
B. SA recommended strategy
C. Authentication
D. encryption transformation strategy
Testing Center is responsible for flow testing, and test results sent to the management center.
A. TRUE
B. FALSE
When an attack occurs, the attacked host (1.1.128.4) was fooled. Host found many packets as shown. Based on an analysis what type of attack is this?
A. Smurf attack
B. Land Attack
C. WinNuke
D. TCP packet flag attack
When the firewall is working in a hot standby load balancing networking environment, if the behavior of a router and firewall is down while working in routing mode, you need to configure the OSPF cost adjustment value based on HRP.
A. TRUE
B. FALSE
Under preemption and the default.VGMP management group is enabled, the preemption delay is 60s.
A. TRUE
B. FALSE
USG remote capture device configuration functions in a way that the device can grab packets downloaded to the device. Users can download to a local service via FTP and use Firewall Packetyzer to analyze packet.
A. TRUE
B. FALSE
When making hot standby switch, USG Series Firewall service port will send gratuitous ARP scene there. Which deployment mode is used? (Choose two answers)
A. Routing Switch Mode +
B. routing mode + router
C. exchange mode + switch
D. exchange mode + router
As shown below, the address pool for domain abc is the L2TP VPN user's address pool.
Based on the information, which of the following statements is wrong?
A. L2TP users can authenticate the domain account.
B. If the value of Used-addr-number field is less than the value of the Pool-length field, the on-line domain does not exceed the maximum number of user access number.
C. From a corporate LAN a PC can obtain an IP address, but not dial L2TP VPN users.
D. The address pool address range is from 100.0.0.2 to 100.0.0.99.
About L2TP over IPsec VPN, which of the following statements is correct? (Choose two answers)
A. IPSEC L2TP tunnel packets trigger
B. L2TP packets trigger IPSEC SA
C. L2TP tunnel first establish
D. IPSEC tunnel first establish
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.