H12-721 Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certifications
  • Vendor
    :Huawei
  • Total Questions
    :245 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei H12-721 Online Questions & Answers

  • Question 201:

    In the use of virtual firewall technology: The two VPN users can travel over the public network Root VFW, log on to their respective private network VPN and get direct access to the private network resources. According to the characteristics of VPN Firewall that provides multiple instances of business, which of the following statements is correct? (Choose three answers)

    A. safe, VPN user authentication and authorization access through the firewall, after a visit with independent access virtual firewall system for users to manage different resources VPN users are completely isolated.
    B. VPN flexible and reliable access to support from the public network to the VPN, can also support VPN to VPN from two modes.
    C. easy to maintain, the user does not have superuser privileges on the system administrator account can manage the entire firewall (including each virtual firewall service).
    D. strict access control permissions, firewall can control access VPN access permissions based on user name, password, so that employees can make a business trip, the super user (VPN require access to different resources), such as different users with different access rights.

  • Question 202:

    In an IPsec VPN, which statement is incorrect about aggressive mode versus main mode?

    A. In the master mode pre-shared key mode does not support NAT traversal, and brutal mode support.
    B. Main Mode negotiation message was 6, savage mode 3.
    C. In the NAT traversal scenario, the peer ID can not use IP addresses.
    D. Main Mode identity information encrypted exchange of information, while aggressive mode does not encrypt the identity information.

  • Question 203:

    Which ofthe following statements is correct about the blacklist? (Choose three answers)

    A. When you log into a device and incorrectly enter the username/password three times, the IP address of the administrator will be added to the blacklist via Web or Telnet.
    B. Blacklist is divided into static and dynamic.
    C. When the device is perceived to have behavioral characteristics of packets to a user's attempt to attack a specific IP address, it will use a dynamic IP address blacklist technology.
    D. When the packet reaches the firewall, the first thing to check for is packet filtering, and then it will match the blacklist.

  • Question 204:

    A network is shown below.

    A dial customer cannot establish a connection via a VPN client PC and USG (LNS) l2tp vpn. What are valid reasons for this failure? (Choose three answers)

    A. LNS tunnel tunnel name change is inconsistent with the client name.
    B. L2TP tunnel authentication failed.
    C. PPP authentication fails, PPP authentication mode set on the client PC and LNS inconsistent.
    D. Client PC can not obtain an IP address assigned to it from the LNS.

  • Question 205:

    Which of the following are correct regading TCP and TCP proxy on the reverse source detection? (Choose three answers)

    A. TCP and TCP proxy detection can prevent reverse source SYN Flood.
    B. TCP proxy acts as a proxy device. TP is connected between both ends, when one end initiates a connection with the device it must complete the TCP three-way handshake.
    C. With TCP proxy mode attack prevention, detection mechanism must be turned on.
    D. TP reverse source probes to detect the source IP packets by sending a Reset.

  • Question 206:

    Refer to the following hot standby and IP-link linkage networking environment shown below:

    Which configuration will enable hot standby configuration key linkage?

    A. hrp mirror ip-link 1
    B. hrp track ip-link 1 master
    C. hrp track ip-link 1 slave
    D. ip-link check enable

  • Question 207:

    In Client-initial mode, it can be seen from the following debug information that L2TP dial husband is lost. What is most likely cause of failure of dial-up?

    A. username and password aaa configuration inconsistencies.
    B. LNS name configuration error.
    C. tunnel password is not configured.
    D. It is not enabled for l2tp.

  • Question 208:

    Under standby scene.USG hot standby, the service interface to work in three, down the line connecting the router through an administrator to view, USG_A state has been switched to HRP_M [USG_A], USG_B state has also HRP_M [USG_B] most What are the possible reasons? (choose two answers)

    A. HRP using the wrong channel interface
    B. heartbeat connectivity problems
    C. No configuration session fast backup
    D. no Hrp enable

  • Question 209:

    Which of the statement is correct after going through the output of the command "display ike sa" which is shown below?

    A. Phase 1 and Phase 2 has been established
    B. agreements negotiated by IKE V2
    C. VPN instance name is public
    D. IPsec SA status is Ready

  • Question 210:

    Three FTP servers are configured with load balancing on a USG firewall. The address and weights of the three real servers are 10.1.1.3/24 (weight 16), 10.1.1.4/24 (weight 32), 10.1.1.5 / 24 (weight 16), while the virtual server address is 202.152.26.123/24. A host address with the IP address 202.152.26.3/24 initiates access to the FTP server.

    On the firewall running the display firewall session table command detection configuration, which of the following situations illustrate the successful implementation of load balancing?

    A. display firewall session table Current total sessions: 1 ftp VPN: public -> public 202.152.26.3:3327 -> 10.1.1.4:21
    B. display firewall session table Current total sessions: 3 ftp VPN: public -> public 202.152.26.3:3327 -> 202.152.26.123:21 [10.1.1.3:21] ftp VPN: public -> public 202.152.26.3:3327 -> 202.152.26.123:21 [10.1.1.4:21] ftp VPN: public -> public 202.152.26.3:3327 -> 202.152.26.123:21 [10.1.1.5:21]
    C. display firewall session table Current total sessions: 1 ftp VPN: public -> public 202.152.26.3:3327 -> 202.152.26.123:21
    D. display firewall session table Current total sessions: 3 ftp VPN: public -> public 202.152.26.3:3327 -> 10.1.1.3:21 ftp VPN: public -> public 202.152.26.3:3327 -> 10.1.1.4:21 ftp VPN: public -> public 202.152.26.3:3327 -> 10.1.1.5:21

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.