Refer to the following NIP firewall intrusion detection actions: 1 records the invasion process, alarm logging
2. NIP attack detection 3 reconfigure the firewall 4 Termination invasion Which of the following is the correct sequence of events?
A. 1 -> 2 -> 3 -> 4
B. 2 -> 1 -> 3 -> 4
C. 3 -> 1 -> 2 -> 4
D. 1 -> 2 -> 4 -> 3
With Blacklist, which part of the packets are examined to determine there is an attack?
A. The source address
B. destination address
C. Source Port
D. destination port
Administrators can create a vfw1 and vfw2 with multiple instances to provide security services for firms A and B on the root firewall. It can be configured between vfw1 regional security and safety vfw2 forwarding policy.
A. TRUE
B. FALSE
The USG limited flow policy configuration is as follows: [USG] car-class class1 type shared [USG-shared-car-class-class1] car 1000 [USG-shared-car-class-class1] quit [USG-traffic-policy-interzone-trust-untrust-outbound-shared [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy 1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy car-class class1 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy source 192.168.1.0.0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] policy destination 192.168.2.0 0.0.0.255 [USG-traffic-policy-interzone-trust-untrust-outbound-shared-1] action car Based on this information, which
of the following statements is correct?
A. Class1 limits the definition of the overall car-class, and limits to 1000bps
B. Policy1 traffic will match without limiting the direct release
C. The 192.168.1.0/24 hosts tthat access the data flow will be limited
D. Matching Policy1 traffic will be flow controlled for each source IP
Which of the following is a correct desrcription of IKE? (Choose three answers)
A. IKE is UDP bearer protocol used in IPSEC
B. IKE negotiates for the IPSEC security protocol, and establishes the parameters and security association for IPSEC
C. IPSEC SA using IKE negotiation packets for the encryption or authentication process
D. IPSEC must use the IKE key exchange
A network is shown below.
A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn. What are valid reasons for this failure? (Choose three answers)
A. LNS tunnel tunnel name change is inconsistent with the client name.
B. L2TP tunnel authentication failed.
C. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.
D. Client PC can not obtain an IP address assigned to it from the LNS.
For a virtual service technology, which of the following statements is correct?
A. For multiple real servers, real servers need to be in the same network and the same security zone
B. For multiple real servers, real servers may not be in the same segment, but must be in the same security zone
C. For multiple real servers, real servers may not be in the same security zone, but must be in the same segment
D. For multiple real servers, network and security zone where the real server load balancing does not affect
According to the network diagram regarding hot standby, which of the following are correct? (Choose three answers)
A. VRRP backup group itself has preemption. As shown, when USG_A failurs and is restored, USG_A reuse preemption becomes it has master status.
B. With VGMP management group preemption and VRRP backup groups, when the management group fails and recovers, the priority management group will also be restored.
C. By default, the preemption delay is 0.
D. If a VRRP group is added to the VGMP management group, preemption will fail. The VGMP unified management group decides this behavior.
With IP address scanning attack prevention, not only can it be used to prevent the ICMP packet destination address detection, it can also prevent the use of TCP / UDP scanning probe target addresses.
A. TRUE
B. FALSE
To establish IPsec VPN Security, ACL rules should mirror each other. This is the general requirement at both ends in Huawei firewall environment.
A. TRUE
B. FALSE
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.