H12-721 Exam Details

  • Exam Code
    :H12-721
  • Exam Name
    :HCIP-Security-CISN V3.0
  • Certification
    :Huawei Certifications
  • Vendor
    :Huawei
  • Total Questions
    :245 Q&As
  • Last Updated
    :Nov 05, 2023

Huawei H12-721 Online Questions & Answers

  • Question 41:

    Which of the following statements is wrong regarding IPsec?

    A. Under Transfer Mode, ESP does not validate the IP header
    B. AH can not verify that the data uses encrypted packets
    C. ESP can support NAT traversal
    D. The AH protocol uses the 3DES algorithm for data validation

  • Question 42:

    In the TCP / IP protocol, TCP protocol provides reliable connectivity service using three- way handshake to achieve.

    The first handshake: establish a connection, the client sends a SYN packet (SYN = J) to the server, and enter SYN_SENT state, waiting for the server to confirm.

    Second handshake: the server receives a SYN packet and must issue an ACK packet (ACK = ) to confirm the client's SYN packet, but he is sending a SYN packet (SYN = K), ie, SYN-ACK packets, the server enters SYN_RCVD state.

    Third handshake: the client receives the SYN-ACK packet, the server sends an acknowledgment packet ACK (SYN = ASK = ), this package has been sent, the client and server enter into the ESTABLISHED state, completing the three-way handshake.

    About three-way handshake during the three parameters, which of the following statements is correct?

    A. = J +1 = J +1 = K +1
    B. = J = K +1 = J +1
    C. = J +1 = K +1 = J +1
    D. = J +1 = J = K +1

  • Question 43:

    With regard to the Radius protocol, which of the following statements are correct (choose three answers)

    A. Use the UDP protocol to transmit packets Radius
    B. authentication and authorization port number can be 1812
    C. To account for encryption processing using the Radius protocol to transmit user account and password
    D. authentication and authorization port number can be 1645

  • Question 44:

    Huawei abnormal flow cleaning solution is characterized by relatively straight bypass deployment. Which of the statement is correct?

    A. straight deployment requires separate deployment testing equipment.
    B. bypass deployment requires separate deployment testing equipment.
    C. relatively straight bypass deployment deployment, more flexible, both static and drainage ways, and can use dynamic drainage ways.
    D. Straight deployment Anti-DDoS equipment for all traffic in real-time drainage.

  • Question 45:

    In IPsec standby backup scenarios shown below, the gateway B is using IPsec tunneling technology and gateway A build IPsec VPN.

    A. TRUE
    B. FALSE

  • Question 46:

    BFD static route topology is shown in Figure A. On the firewall, administrator needs to do the following configuration: [USG9000_A] bfd [USG9000_A-bfd] quit [USG9000_A] bfd aa bind peer-ip 1.1.1.2 [USG9000_A-bfd-session-aa] discriminator local 10 [USG9000_A-bfd-session-aa] discriminator remote 20 Which of the following commands should be added to the firewall configuration to achieve BFD for static route? (Choose two answers)

    A. [USG9000_A-bfd-session-aa] commit
    B. [USG9000_A] bfd aa bind local-ip 1.1.1.1
    C. [USG9000_A] ip route-static 0.0.0.0 0 1.1.1.2 track bfd-session aa
    D. [USG9000_A] ip route-static 0.0.0.0 0 1.1.1.2 bind bfd-session aa

  • Question 47:

    With regard to the firewall configuration interface binding VPN instance, which configuration is correct?

    A. ip binding vpn-instance vpn-id
    B. ip binding vpn-instance vpn-instance-name
    C. ip binding vpn-id
    D. ip binding vpn-id vpn-instance-name

  • Question 48:

    The DHCP Snooping binding table function needs to maintain its binding table of contents that include? (Choose three answers)

    A. MAC
    B. Vlan
    C. Interface IP D. DHCP Server's

  • Question 49:

    ACK Flood attacks use botnets to send a large number of ACK packets and impacts the network bandwidth, resulting in network link congestion. If a large number of attack packets are sent, server processing power is exhausted, thereby refusing access to normal service.

    Which statement is correct about the Huawei Anti-DDos equipment to prevent this attack, when the comparison of two treatments are strict mode and basic mode? (Choose two answers)

    A. Bypass deploy dynamic drainage using strict mode.
    B. In strict mode, the cleaning device is not checked already established session, if session ACK packets do not match, the device discards the packet.
    C. If the cleaning equipment checks to hit a session ACK packet, regardless of the strict mode and basic mode will create a reason to check session.
    D. Using the "basic model" even though checks on the cleaning equipment is less than a session, the device will first few ACK packet discard and start checking the session.

  • Question 50:

    If using a policy template and configuring IPsec policy child policy, the firewall will first apply a policy template, and then it will apply the child policy.

    A. TRUE
    B. FALSE

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Huawei exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your H12-721 exam preparations and Huawei certification application, do not hesitate to visit our Vcedump.com to find your solutions here.