1. Home
  2. Huawei
  3. H12-721

HCIP-Security-CISN V3.0

Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certification
  • Vendor
    :Huawei
  • Total Questions
    :65 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei Huawei Certification H12-721 Questions & Answers

  • Question 211:

    ACK Flood attacks use botnets to send a large number of ACK packets and impacts the network bandwidth, resulting in network link congestion. If a large number of attack packets are sent, server processing power is exhausted, thereby refusing access to normal service.

    Which statement is correct about the Huawei Anti-DDos equipment to prevent this attack, when the comparison of two treatments are strict mode and basic mode? (Choose two answers)

    A. Bypass deploy dynamic drainage using strict mode.

    B. In strict mode, the cleaning device is not checked already established session, if session ACK packets do not match, the device discards the packet.

    C. If the cleaning equipment checks to hit a session ACK packet, regardless of the strict mode and basic mode will create a reason to check session.

    D. Using the "basic model" even though checks on the cleaning equipment is less than a session, the device will first few ACK packet discard and start checking the session.

  • Question 212:

    When using optical Bypass Interface, Bypass link has two operating modes, automatic mode and forced mode.

    A. TRUE

    B. FALSE

  • Question 213:

    With the Huawei abnormal flow cleaning solution, deployed at the scene of a bypass, dynamic routing drainage occurs without human intervention. When an abnormality is detected, the management center will generate a draining task automatically, and the task is done directly after the drainage cleaning equipment is issued if testing equipment.

    A. TRUE

    B. FALSE

  • Question 214:

    With regard to the Radius protocol, which of the following statements are correct (choose three answers)

    A. Use the UDP protocol to transmit packets Radius

    B. authentication and authorization port number can be 1812

    C. To account for encryption processing using the Radius protocol to transmit user account and password

    D. authentication and authorization port number can be 1645

  • Question 215:

    Under standby scene.USG hot standby, the service interface to work in three, down the line connecting the router through an administrator to view, USG_A state has been switched to HRP_M [USG_A], USG_B state has also HRP_M [USG_B] most What are the possible reasons? (choose two answers)

    A. HRP using the wrong channel interface

    B. heartbeat connectivity problems

    C. No configuration session fast backup

    D. no Hrp enable

  • Question 216:

    Which statement is correct regarding the Eth-trunk function? (Choose three answers)

    A. improves communication bandwidth of the link

    B. improves data security

    C. Traffic load balancing

    D. improves the reliability of the link

  • Question 217:

    Which statement is incorrect about IPsec NAT traversal?

    A. AH and ESP supports NAT traversal

    B. IPsec NAT traversal is not supported IKE main mode (pre-shared mode)

    C. IPsec ESP packets using UDP through NAT packet encapsulation

    D. All IKE initiator communication messages exchanged use port 4500 port

  • Question 218:

    Which ofthe following statements is correct about the blacklist? (Choose three answers)

    A. When you log into a device and incorrectly enter the username/password three times, the IP address of the administrator will be added to the blacklist via Web or Telnet.

    B. Blacklist is divided into static and dynamic.

    C. When the device is perceived to have behavioral characteristics of packets to a user's attempt to attack a specific IP address, it will use a dynamic IP address blacklist technology.

    D. When the packet reaches the firewall, the first thing to check for is packet filtering, and then it will match the blacklist.

  • Question 219:

    With regard to virtual gateway type and shared exclusive type, which of the following statement is correct? (Choose three answers)

    A. Exclusive monopoly-type virtual gateway IP address.

    B. When the network IP address of tension, it is recommended to use share-based virtual gateway.

    C. Exclusive domain model can be used to access the virtual gateway.

    D. Multiple Shared Web Gateway, distinguished by its IP address.

  • Question 220:

    A Site to Site IPsec VPN tunnel negotiation has been lost. How can you view the IKE Phase 2 security associations, established connections, and configurations? (Choose two answers)

    A. display ike sa

    B. display ipsec sa brief

    C. display ipsec policy

    D. display interface

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.