1. Home
  2. Huawei
  3. H12-721

HCIP-Security-CISN V3.0

Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certification
  • Vendor
    :Huawei
  • Total Questions
    :65 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei Huawei Certification H12-721 Questions & Answers

  • Question 231:

    The mechanism of source authentication defense against HTTPS flood attacks is that the anti-DDoS device, instead of the SSL server, initiates the TCP three-way handshake with the client. If the TCP three-way handshake is complete, the source authentication succeeds.

    A. TRUE

    B. FALSE

  • Question 232:

    USG firewall supports which of the load balancing algorithms? (Choose three answers) A. The source address hashing algorithm (srchash)

    B. Polling simple algorithm (roundrobin)

    C. Weighted Round Robin algorithm (weightrr)

    D. ratio (Ratio)

  • Question 233:

    A user using L2TP over IPsec vpn client appropriated by the company's LNS gets dialing failure.

    But in the LNS through debug ike all, and debug L2TP all did not show any information. Both phases have failed in establishing IKE. What could be the reason for failure? (Choose two answers)

    A. Traffic interested acl configuration error.

    B. Firewall (LNS) connected to the public network interface does not apply IPsec policies.

    C. IPsec data flow does not reach the firewall.

    D. The LNS is not LZTP enabled.

  • Question 234:

    Certain users want to limit the maximum bandwidth for network 192.168.1.0/24 500M, and limit the need for all IP addresses network segment to get 1M bandwidth.

    How should you configure limiting policy to meet this demand?

    A. Configure limiting each IP, set for 192.168.1.0 /24 the maximum bandwidth of network hosts to 500M

    B. Configure the overall limit, limit the maximum bandwidth of the network 192.168.1.0/24 to 1M

    C. Configure overall limiting, limiting the maximum bandwidth of the network 192.168.1.0/24 to 500M

    D. By limiting the overall configuration, the maximum limit 192.168.1.0/24 network bandwidth to 500M, and then limiting the use of IP to ensure that each server bandwidth is 1M

  • Question 235:

    Through the configuration of the Bypass interface, you can avoid network communication interruption caused by equipment failure and improve reliability. The power Bypass function can use any network interfaces to configure the Bypass GE parameters to achieve the Bypass function.

    A. TRUE

    B. FALSE

  • Question 236:

    SSL VPN authentication is successful, but it can not access the Web-link resources. Which statement is correct? (Choose three answers)

    A. The server is not open Web services.

    B. Strategies to limit user access.

    C. The equipment and network server is unreachable.

    D. SSL VPN users have reached the maximum limit.

  • Question 237:

    Which of the following is the role of Message5 and Message6 with the main mode IKE negotiation process?

    A. Runs the DH algorithm

    B. negotiate set of proposals

    C. mutual authentication

    D. negotiate IPsec SA

  • Question 238:

    With regard to the firewall configuration interface binding VPN instance, which configuration is correct?

    A. ip binding vpn-instance vpn-id

    B. ip binding vpn-instance vpn-instance-name

    C. ip binding vpn-id

    D. ip binding vpn-id vpn-instance-name

  • Question 239:

    In the dual-system hot backup networking environment as shown in the standby firewall also need to configure NAT function, assuming that the external address of the VRRP backup group. NAT address pool and NAT Server in the same network segment. Which of the following configuration needs to be on the Server? (choose two answers)

    A. HRP_M [USG_A] nat address-group 1 2.2.2.5 2.2.2.6 vrrp 1

    B. HRP_M [USG_A] nat address-group 1 2.2.2.5 2.2.2.6 vrrp 2

    C. HRP_M [USG_A] nat server global 2.2.2.10 inside 10.100.10.3 vrrp 2

    D. HRP_M [USG_A] nat server global 2.2.2.10 inside 10.100.10.3 vrrp 1

  • Question 240:

    In IP-link, how many successive packets must not be recived for it to be considered a failure, by default?

    A. 1 times

    B. 2 times

    C. 3 times

    D. 5 times

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.