1. Home
  2. Huawei
  3. H12-721

HCIP-Security-CISN V3.0

Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certification
  • Vendor
    :Huawei
  • Total Questions
    :65 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei Huawei Certification H12-721 Questions & Answers

  • Question 221:

    Which of the following VPN protocols do not provide encryption? (Choose three answers)

    A. ESP

    B. AH

    C. L2TP

    D. GRE

  • Question 222:

    The main method of caching servers DNS Request Flood defense is the use of DNS source authentication.

    A. TRUE

    B. FALSE

  • Question 223:

    Which statement is correct regarding load checks and fingerprint learning with UDP Flood defenses.

    A. UDP packet data segments are exactly the same content that can be used to check the load defense.

    B. Fingerprint learning is dynamically generated by cleaning equipment, the attack packets after learning some salient features of the fingerprint, fingerprint matching packets will be dropped.

    C. Load inspection checks all UDP packets of data.

    D. Load checks need to set the offset number of bytes, fingerprint learning does not need to set the offset number of bytes.

  • Question 224:

    As shown below for the L2TP over IPsec scenarios, the client uses pre-shared-key manner IPsec authentication. Which of the statements are correct to implement IPSec Security policy? (Choose two answers)

    A. using IKE main mode negotiation

    B. using IKE aggressive mode negotiation

    C. IPsec security policy

    D. configure IPsec policy template

  • Question 225:

    USG two ways to build a firewall to Site IPsec VPN through the Site, when viewing a USGA state as follows: display ipsec statistics the security packet statistics: input / output security packets: 4/0 input / output security bytes: 400/0 input / output dropped security packets: 0/0 After viewing the state above, what information do you get? (Choose two answers)

    A. USGA encrypted data packets 4; USGA decrypt the packet is set 0.

    B. USGA has decrypted packet is 4, USGA already encrypted data packet is 0.

    C. Site A network device, there is no route, leading to the protection of the data may not be sent to the USGA.

    D. IPsec tunnel is not established.

  • Question 226:

    A USG firewall can be divided into several virtual firewalls, and allows the root firewall administrator to manage the virtual firewall administrators allowed access to each virtual firewall.

    A. TRUE

    B. FALSE

  • Question 227:

    An enterprise network deployed USG series firewalls, and they need to achieve per-user Telnet / SSH login to the USG and only the commands authorized by the server should be allowed.

    Which of the following authentication methods would meet these business requirements?

    A. Radius

    B. LDAP

    C. HWTACACS

    D. AD

  • Question 228:

    In hot standby networking environment, two USG's NAT configuration is consistent. When the virtual IP address is in the address of the VRRP backup group, then NAT address pool in the same network segment. The next two figures show the NAT Server applications with a combination of VRRP ARP response situations.

    Which Combination of the following NAT Server configuration and VRRP shown as options are correct?

    A. Figure 1 will VRRP backup group Interface NAT address pool with connection to the Internet on the binding, in Figure 2 the VRRP backup group Interface NAT address pool with connection to the Internet on the binding.

    B. Figure 1 is not the VRRP backup group Interface NAT address pool with connection to the Internet on the binding, Figure 2 is not the VRRP backup group Interface NAT address pool with connection to the Internet on the binding.

    C. Figure 1 is not the VRRP backup group Interface NAT address pool with connection to the Internet on the binding, in Figure 2 the VRRP backup group Interface NAT address pool with connection to the Internet on the binding.

    D. Figure 1 is not the VRRP backup group Interface NAT address pool with connection to the Internet on the binding, Figure 2 is not the VRRP backup group interfaces with NAT address pool on connection to the Internet unbound.

  • Question 229:

    At headquarters - when configuring branching structure IPsec VPN network (pre-shared key + wells NAT traversal case), IKE Peer needs to be referenced to the ipsec policy templates. Which of the following must be configured with the template? (choose two answers)

    A. ipsec proposal

    B. exchange-mode aggressive

    C. pre-shared-key

    D. remote-address

  • Question 230:

    In the hot standby scenarios, which statement is correct about the standby equipments? (Choose three answers)

    A. batch backup is two devices in the first consultation after completion of the batch backup of all information.

    B. backup channel business must be an interface board to support GE and eth-trunk interface.

    C. default under batch backup is open.

    D. Real-time backup in the device during operation, the new or refreshed real-time data backup.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.