1. Home
  2. Huawei
  3. H12-721

HCIP-Security-CISN V3.0

Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certification
  • Vendor
    :Huawei
  • Total Questions
    :65 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei Huawei Certification H12-721 Questions & Answers

  • Question 11:

    Refer to the following NIP firewall intrusion detection actions: 1 records the invasion process, alarm logging

    2. NIP attack detection 3 reconfigure the firewall 4 Termination invasion Which of the following is the correct sequence of events?

    A. 1 -> 2 -> 3 -> 4

    B. 2 -> 1 -> 3 -> 4

    C. 3 -> 1 -> 2 -> 4

    D. 1 -> 2 -> 4 -> 3

  • Question 12:

    With Blacklist, which part of the packets are examined to determine there is an attack?

    A. The source address

    B. destination address

    C. Source Port

    D. destination port

  • Question 13:

    Administrators can create a vfw1 and vfw2 with multiple instances to provide security services for firms A and B on the root firewall. It can be configured between vfw1 regional security and safety vfw2 forwarding policy.

    A. TRUE

    B. FALSE

  • Question 14:

    The USG limited flow policy configuration is as follows: [USG] car-class class1 type shared [USG-shared-car-class-class1] car 1000 [USG-shared-car-class-class1] quit [USG-traffic-policy-interzone-trust-untrust-outbound-shared [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy 1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy car-class class1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy source 192.168.1.0.0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy destination 192.168.2.0 0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] action car Based on this information, which

    of the following statements is correct?

    A. Class1 limits the definition of the overall car-class, and limits to 1000bps

    B. Policy1 traffic will match without limiting the direct release

    C. The 192.168.1.0/24 hosts tthat access the data flow will be limited

    D. Matching Policy1 traffic will be flow controlled for each source IP

  • Question 15:

    Which of the following is a correct desrcription of IKE? (Choose three answers)

    A. IKE is UDP bearer protocol used in IPSEC

    B. IKE negotiates for the IPSEC security protocol, and establishes the parameters and security association for IPSEC

    C. IPSEC SA using IKE negotiation packets for the encryption or authentication process

    D. IPSEC must use the IKE key exchange

  • Question 16:

    A network is shown below.

    A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn. What are valid reasons for this failure? (Choose three answers)

    A. LNS tunnel tunnel name change is inconsistent with the client name.

    B. L2TP tunnel authentication failed.

    C. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.

    D. Client PC can not obtain an IP address assigned to it from the LNS.

  • Question 17:

    For a virtual service technology, which of the following statements is correct?

    A. For multiple real servers, real servers need to be in the same network and the same security zone

    B. For multiple real servers, real servers may not be in the same segment, but must be in the same security zone

    C. For multiple real servers, real servers may not be in the same security zone, but must be in the same segment

    D. For multiple real servers, network and security zone where the real server load balancing does not affect

  • Question 18:

    According to the network diagram regarding hot standby, which of the following are correct? (Choose three answers)

    A. VRRP backup group itself has preemption. As shown, when USG_A failurs and is restored, USG_A reuse preemption becomes it has master status.

    B. With VGMP management group preemption and VRRP backup groups, when the management group fails and recovers, the priority management group will also be restored.

    C. By default, the preemption delay is 0.

    D. If a VRRP group is added to the VGMP management group, preemption will fail. The VGMP unified management group decides this behavior.

  • Question 19:

    With IP address scanning attack prevention, not only can it be used to prevent the ICMP packet destination address detection, it can also prevent the use of TCP / UDP scanning probe target addresses.

    A. TRUE

    B. FALSE

  • Question 20:

    To establish IPsec VPN Security, ACL rules should mirror each other. This is the general requirement at both ends in Huawei firewall environment.

    A. TRUE

    B. FALSE

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.